>> CATEGORY: exploit

PCHelpWare 2 version 1.0.0.5 Group denial of service exploit.

ZyWall 310, ZyWall 110, USG1900, ATP500, and USG40 devices suffer from a cross site scripting vulnerability.

Zoho ManageEngine ADManager Plus version 6.6 builds prior to 6659 suffer from a privilege escalation vulnerability.

Joomla versions 1.5.0 through 3.9.4 suffer from arbitrary file deletion and directory traversal vulnerabilities.

On Microsoft Windows, the SxS manifest cache in CSRSS uses a weak key allowing an attacker to fill a cache entry for a system binary leading to elevation of privilege.

MailCarrier version 2.51 POP3 RETR command remote SEH buffer overflow exploit.

On Microsoft Windows, the LUAFV driver reuses the file’s create request DesiredAccess parameter, which can include MAXIMUM_ACCESS, when virtualizing a file resulting in elevation of privilege.

On Microsoft Windows, the LUAFV driver doesn’t take into account a virtualized handle being duplicated to a more privileged process resulting in elevation of privilege.

On Microsoft Windows, the LUAFV driver bypasses security checks to copy short names during file virtualization which can be tricked into writing an arbitrary short name leading to elevation of…

On Microsoft Windows, the NtSetCachedSigningLevel system call can be tricked by the operation of LUAFV to apply a cached signature to an arbitrary file leading to a bypass of code…