FibeAir IP-10 devices do not properly ensure that a user has authenticated before granting them access to the web interface of the device. The attacker simply needs to add a…
>> CATEGORY: exploit
DDN controllers ship with a set of static entries within the authorized_keys file of several of the user accounts. The corresponding private keys can be obtained from publicly available sources.
Python’s built-in URL library (“urllib2” in 2.x and “urllib” in 3.x) is vulnerable to protocol stream injection attacks (a.k.a. “smuggling” attacks) via the http scheme.
This proof of concept crashes 32-bit Windows 7 with special pool enabled on win32k.sys. It might take several runs in order to reproduce.
This proof of concept triggers a blue screen on Windows 7 with special pool enabled on win32k.sys. A reference to the bitmap object still exists in the device context after…
This Metasploit module simplifies the Regsvr32.exe Application Whitelisting Bypass technique. The module creates a web server that hosts an .sct file. When the user types the provided regsvr32 command on…
Roxy File Manager versions 1.4.4 and below suffer from a remote shell upload vulnerability.
Multiple ATCOM PBX systems suffer from an authentication bypass vulnerability.
Several functions in the GPU command buffer service interact with the GPU mailbox manager (gpu/command_buffer/service/mailbox_manager_impl.cc), passing a reference to shared memory as the mailbox argument. MailboxManagerImpl does not expect this…
Vicidial version 1.4.0.20 suffers from a reflective cross site scripting vulnerability.