Citrix SD-WAN Appliance version 10.2.2 suffers from authentication bypass and remote command execution vulnerabilities.
>> CATEGORY: exploit
This Metasploit module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x up to 5.6.29. Remote command execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header,…
Microsoft Windows suffers from an HTTP to SMB NTLM reflection that leads to a privilege escalation.
There exists a privilege escalation vulnerability for Windows 10 builds prior to build 17763. Due to the AppXSvc’s improper handling of hard links, a user can gain full privileges over…
Microsoft DirectWrite / AFDKO suffers from a NULL pointer dereferences vulnerability in OpenType font handling while accessing empty dynarrays.
Microsoft DirectWrite / AFDKO suffers from multiple bugs in OpenType font handling related to the “post” table.
Microsoft DirectWrite / AFDKO suffers from an out-of-bounds read vulnerability in OpenType font handling due to undefined FontName index.
Microsoft DirectWrite / AFDKO suffers from a heap-baeed out-of-bounds read/write vulnerability in OpenType font handling due to empty ROS strings.
Microsoft DirectWrite / AFDKO suffers from a stack corruption vulnerability in OpenType font handling while processing CFF blend DICT operator.
There is a Microsoft Font Subsetting DLL heap corruption vulnerability in ComputeFormat4CmapData.