>> CATEGORY: exploit

SAP EP-RUNTIME version 7.5 suffers from a denial of service vulnerability.

An attacker can send a special request to the SAP Adaptive Server Enterprise and crash the server. Version 16 is affected.

LanSpy version 2.0.0.155 local buffer overflow exploit.

Analysis of Tuleap versions 8.18 and below remote SQL injection, cross site scripting, and insecure direct object reference vulnerabilities.

Windows suffers from an elevation of privilege vulnerability in the User Profile Service.

The fix for CVE-2016-3231 is insufficient to prevent a normal user specifying an insecure agent path leading to arbitrary DLL loading at system privileges.

The Windows DeviceApi CMApi PiCMOpenClassKey IOCTL allows a normal user to create arbitrary registry keys in the system hive leading to elevation of privilege.

This Metasploit module exploits a command injection vulnerability on WiFi Pineapples versions 2.0 and below and pineapple versions prior to 2.4. We use a combination of default credentials with a…

This Metasploit module exploits a login/csrf check bypass vulnerability on WiFi Pineapples versions 2.0 and below and pineapple versions prior to 2.4. These devices may typically be identified by their…

This Metasploit module exploits a vulnerability in the OpenNMS Java object which allows an unauthenticated attacker to run arbitrary code against the system.