Recent vulnerabilities and exploits

The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST request with a...

The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to access all candidates' files in the photo folder on the website by specifying a "user id" parameter and file name, such as in a...

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,...

An information vulnerability exists when Windows improperly discloses file information, aka 'Windows Information Disclosure Vulnerability'....

#BlackHat2019 memo first Sesstion Privilege escalation bugs Restricted user Call -> System Service(RPC) -> Tergetfile CVE-2018-8440 GitHub - sourceincite/CVE-2018-8440: CVE-2018-8440 standalone exploit DACL rewrite call SchRpcSetSecurity win.iniから TOCTOU Read...

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox....

The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended connections between participants in a Data Distribution Service (DDS) network....

The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session), which makes it easier for attackers to discover potentially sensitive...

The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution Service (DDS) partition....

A type confusion vulnerability has been found in Firefox 67.0.3 and Firefox ESR 60.7.1. The vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. It can allow remote code execution....