The RPCSS Activation Kernel RPC server’s security callback can be bypassed resulting in EoP.
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This module is tested against Windows 10 v1703 x86.
The Siebel CRM application allows its users to upload any file types in most of the available file upload functionalities, later on, the uploaded file can be downloaded by another user with the appropriate privileges as part of the workflow. As such, it was possible to upload file with the “html” extension, (containing html and JavaScript code) thereby allowing to also perform Persistent Cross Site Scripting attack.
SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987. This will overwrite data on the stack/registers and allow for control of the programs execution flow resulting in attacker supplied remote code execution. Authentication is not required for this exploit.
This module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x <= 5.6.29. Remote Command Execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header, due to an insecure unserialize call of the decrypt method in Illuminate/Encryption/Encrypter.php. Authentication is not required, however exploitation requires knowledge of the Laravel APP_KEY. Similar vulnerabilities appear to exist within Laravel cookie tokens based on the code fix. In some cases the APP_KEY is leaked which allows for discovery and exploitation.
The CWP Control Web Panel version 0.9.8.836 to 0.9.8.839 is vulnerable to root privilege escalation. The vulnerability occurs due to the session file being stored in the /tmp directory and the rkey value in the session file not changing when accessed by the same source IP address.
This exploit allows an attacker to bypass DEP/ASLR protections in R 3.4.4 on Windows 10 x64. By pasting a payload into the 'Language for menus...' field in GUI Preferences, the attacker can execute arbitrary code.
This exploit allows an attacker to include arbitrary local files on the server by modifying the 'include_form' parameter in a POST request. By manipulating the 'form_include' parameter, an attacker can traverse directories and access sensitive files on the server, such as /etc/passwd.
This exploit allows for remote file inclusion and permanent cross-site scripting. The vulnerability can be exploited through the sitemap.xml.php and errors.php pages. The permanent XSS can be executed through the input fields gb_mail, gb_name, and textarea gb_text on the index.php?guestbook=v page. Additionally, there is a CSRF exploit for changing passwords on the index.php?admin=changepass page.
Buffer Overflow vulnerability in StreamRipper32 version 2.6 allows remote attackers to execute arbitrary code via a crafted Song Pattern input.