This Metasploit module exploits an elevation of privilege vulnerability that exists in Windows 7 and 2008 R2 when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This Metasploit module is tested against windows 7 x86, windows 7 x64 and windows server 2008 R2 standard x64.
79eca834aca76d7c9dcfa923affa9994710ca886d5626b9d0a2674dfb96f1d76This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
6b4b3ba2253d84ed3771c8050728d597c91cfce898713beb7b64a305b6f11aadThis Microsoft bulletin summary lists a new CVE that has been added to the October advisory.
29a8949cb9ba72f136a4c3d52c21fbc74b121f4f5701451e5310ff34caa73a37Viprinet VPN Hub Router suffers from a persistent cross site scripting vulnerability.
52bc57a1b9cf99352f7f193f1e7f5d546ad57fca447fffb65f78855a2d95b210WiFiRanger version 7.0.8rc3 suffers from an incorrect access control that allows for ftp retrieval of an RSA identity that an attacker can use to ssh in as root.
0dac8dc00687d4ade56ce5c6d6ea523fcc5dd99ea0a15c17eee3efc370c56302CA Technologies Support is alerting customers to a low risk issue with CA Identity Governance. In a certain product configuration, an attacker can gain sensitive information. CA published solutions to address the vulnerability. The vulnerability occurs due to how CA Identity Governance responds to login requests. An attacker may exploit the vulnerability to enumerate account names. Affected products include CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 and CA Identity Governance 12.6, 14.0, 14.1, and 14.2.
77fb382be97c445901464a21707cba72f39427d270744ebfe38f59cd2119ab24libSSH suffers from an authentication bypass vulnerability.
6bcffb74a9c2f6e6896ef61d538f794814156c05eda4456a642ba4d74d440fe2Zoho ManageEngine OpManager version 12.3 suffers from an arbitrary file upload vulnerability.
b33e29926189ccf274c11a2f500355455426ce1a4b36d07449efbf681fa210abThe Apple Intel GPU driver suffers from use-after-free and double-delete issues due to bad locking.
4d6791432618061cb975059371e237f9a46d82d2bec01d12172ccd55d321b85diOS and macOS suffers from a sandbox escape due to trusted length field in shared memory used by the HID event subsystem.
9f92e17a4bc90ee3be401ed5757d7b0662a8fcc83025305c4d6a1dcfb6c4d537iOS suffers from a kernel stack memory disclosure due to failure to check copyin return value.
60108b89486cb359363b2d03bb42b7169fee6f244ce5cebe800da43c4e47b46biOS and macOS suffer from a sandbox escape vulnerability due to failure to comply with MIG object lifetime semantics in the iohideventsystem_client subsystem.
ff9f40b9c0d00a8ee0be928d095a2be9b2f36e3eb4f05ff0773213385268c2abiOS and macOS suffer from sandbox escape vulnerabilities due to MIG failing to use correct out-of-line descriptor lengths when parsing reply messages.
5091c4468fab2e2a1470f04489a28ba0db8e5cf1a82d942ae755cb6a186288b4iOS and macOS suffers from a kernel memory corruption vulnerability due to integer overflow in IOHIDResourceQueue::enqueueReport.
0dbe4b20474f95c05693ec94926bd5cf5da65a1cbf559520b14b1deda15e2456iOS and macOS suffers from a sandbox escape vulnerability due to mach message sent from shared memory.
a3d215b3dcbb576bdd541af3b90d6ce149694fdd4b79be4354ec9f8a117ca103The iOS kernel suffers from a use-after-free vulnerability due to bad error handling in personas.
aa2e893e44b3383afac1e9706aeb1eb72350ea667bfc363aae18388d5c8a4888
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed