>> CATEGORY: exploit

Sahi Pro versions 7.x and 8.x suffer from a directory traversal vulnerability.

Serv-U FTP Server version 15.1.6 suffers from a local privilege escalation vulnerability.

Sahi Pro version 8.x suffers from a remote SQL injection vulnerability.

Sahi Pro version 8.x suffers from a cross site scripting vulnerability.

BlogEngine.NET versions 3.3.7 and earlier are vulnerable to two separate directory traversal issues that can lead to remote code execution.

Clever Dog Smart Camera types DOG-2W and DOG-2W-V4 suffer from file disclosure, default telnet backdoor credential, and insecure transit vulnerabilities.

RedwoodHQ version 2.5.5 suffers from an authentication bypass vulnerability.

Spring Security OAuth versions 2.3 prior to 2.3.6 suffer from open redirection vulnerabilities.

This script is a proof of concept to bypass the Microsoft Windows User Access Control (UAC) via SluiFileHandlerHijackLPE.

When a Microsoft Word “.docx” File contains a hyperlink to another file, it will run the first file it finds in that directory with a valid extension. But will present…