This Metasploit module exploits an elevation of privilege vulnerability that exists in Windows 7 and 2008 R2 when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This Metasploit module is tested against windows 7 x86, windows 7 x64 and windows server 2008 R2 standard x64.
967e04838b302049cc237c549437ccecViprinet VPN Hub Router suffers from a persistent cross site scripting vulnerability.
5a9e2aaf91108203d85e5d8867335380WiFiRanger version 7.0.8rc3 suffers from an incorrect access control that allows for ftp retrieval of an RSA identity that an attacker can use to ssh in as root.
301d05eb6ae49dff97112c3a73c88308libSSH suffers from an authentication bypass vulnerability.
88d03f3ff24b6086e8b4eee16645332cOwnTicket version 1.0 suffers from a remote SQL injection vulnerability.
971c98dc732f76cc5a566f0ad1449e62PHP-SHOP Master version 1.0 suffers from a cross site request forgery vulnerability.
8a78b5651bd99ac517bc63e491f64913Learning with Texts version 1.6.2 suffers from a remote SQL injection vulnerability.
e369d05342f296346bcb78320742e5e8Time and Expense Management System version 3.0 suffers from a remote SQL injection vulnerability.
a86c2de37553ce740ad519f2189592dbZenar Content Management System version 8.3 suffers from a cross site request forgery vulnerability.
1ca21d4ea7dad9557ab0feb02503c410User Management version 1.1 suffers from a cross site scripting vulnerability.
1c7ef1551d6511f2e501320c44b58849WordPress Wordfence plugin version 7.1.12 suffers from bypass, cross site scripting, and path disclosure vulnerabilities.
f85a44d7b6147f2f25a667a27e0309f9Multiple D-Link router models suffer from code execution, plain-text password storage, and directory traversal vulnerabilities.
af2cd1ac0b397da3a62f3d04d972086cTP-Link TL-SC3130 version 1.6.18 suffers from an unauthenticated and unauthorized live RTSP stream disclosure.
e029e95c170246483700a76a5b7644d8Ekushey Project Manager CRM version 3.1 suffers from a persistent cross site scripting vulnerability.
0b81df122dfedd99e1fcc0e7cbc76cadLANGO Codeigniter Multilingual Script version 1.0 suffers from html injection and cross site scripting vulnerabilities.
2964fdd5821fffe13a66f8562db17cfaThis write up provides a proof of concept with technical details for the git submodule arbitrary code execution vulnerability.
8b90c70cc560ce019f65408cbaa40ac8Time and Expense Management System version 3.0 suffers from a cross site request forgery vulnerability.
eebaa3465a55d9a1e3d5e622d97ef868Any Sound Recorder version 2.93 SEH buffer overflow proof of concept exploit.
f5fb77e98de076631c98311e585cfc4bOn Microsoft Windows, the FSCTL_FIND_FILES_BY_SID control code does not check for permissions to list a directory leading to disclosure of file names when a user is not granted FILE_LIST_DIRECTORY access.
1ad1fd11e41df6d259aeb00e3e6cc367GIU Gallery Image Upload version 0.3.1 suffers from a remote SQL injection vulnerability.
b4147b04b6553a51704799585aace41bHighPortal version 12.5 suffers from a cross site scripting vulnerability.
96715aa5c1d78769498c9dadfc961a89MV Video Sharing Software version 1.2 suffers from a remote SQL injection vulnerability.
0ad174012d13e10d8404214629fdd430Rukovoditel Project Management CRM version 2.3 suffers from a remote SQL injection vulnerability.
1f62d6bd79243759ee523b6e54d6e4a8Vishesh Auto Index version 3.1 suffers from a remote SQL injection vulnerability.
5f3ff3098c17830600ee8f4fe611a4a8Kados R10 GreenBee suffers from a remote SQL injection vulnerability.
36a39e7b3ab07b4125f648f2b9242a48
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed