Multiple Microsoft Windows 98/ME/2000/XP/2003 HTML Help file loading hijack vulnerabilities exist. Proof of concept included.

Microsoft Windows WizardOpium local privilege escalation exploit.

CoronaBlue aka SMBGhost proof of concept exploit for Microsoft Windows 10 (1903/1909) SMB version 3.1.1. This script connects to the target host, and compresses the authentication request with a bad offset field set in the transformation header, causing the decompresser to buffer overflow and crash the target.

Microsoft Windows SMB version 3.1.1 suffers from a code execution vulnerability.

Microsoft Windows 10 SMB version 3.1.1 SMBGhost local privilege escalation exploit.

The Windows "net use" network logon type-3 command does not prompt for authentication when the built-in Administrator account is enabled and both remote and originating systems suffer from password reuse. This also works as "standard" user but unfortunately we do not gain high integrity privileges. However, it opens the door and increases the attack surface if the box we laterally move to has other vulnerabilities present.

Microsoft Windows suffers from an NtFilterToken ParentTokenId incorrect setting that allows for elevation of privileges.

In Microsoft Windows, by using the poorly documented SE_SERVER_SECURITY Control flag it is possible to set an owner different to the caller, bypassing security checks.

This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:program fileshello.exe; The Windows API will try to interpret this as two possible paths: C:program.exe, and C:program fileshello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some software such as OpenVPN 2.1.1, OpenSSH Server 5, and others have the same problem.

ASP Dynamika version 2.5 suffers from a cross site scripting vulnerability.

SuperBackup version 2.0.5 for iOS suffers from a persistent cross site scripting vulnerability.

AirDisk Pro version 5.5.3 for iOS suffers from multiple persistent cross site scripting vulnerabilities.

Folder Lock version 3.4.5 for iOS suffers from multiple cross site scripting vulnerabilities.

Sky File version 2.1.0 for iOS suffers from cross site scripting and directory traversal vulnerabilities.

RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition suffer from resource exhaustion, integer overflow, improper clearing of heap memory, covert timing channel, and buffer over-read vulnerabilities.

Ac4p.com Gallery version 1.0 suffers from cross site scripting, phpinfo disclosure, shell upload, and insecure cookie handling vulnerabilities.

An elevation of privilege vulnerability exists in Microsoft Windows when the Win32k component fails to properly handle objects in memory. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This Metasploit module is tested against Windows 10 v1703 x86.

Microsoft Windows 7 Build 7601 (x86) local privilege escalation exploit.

Microsoft Windows suffers from an Internet Settings misconfiguration security feature bypass vulnerability. Versions affected include Windows 7 SP1, 8.0, 8.1 x86 and x64 with full patches up to July 2019.

Microsoft Windows 7 (x86) BlueKeep remote desktop protocol windows kernel use-after-free exploit.

Microsoft Teams Instant Messenger application on Windows 7 SP1 fully patched is vulnerable to remote DLL hijacking.

9 bytes small Microsoft Windows 7 screen locking shellcode.

School ERP System version 1.0 suffers from a cross site request forgery vulnerability.

AVideo Platform version 8.1 suffers from a cross site request forgery vulnerability.

Online Job Portal version 1.0 suffers from a cross site request forgery vulnerability.

SOPlanning version 1.45 suffers from a cross site request forgery vulnerability.

Ice HRM version 26.2.0 suffers from a cross site request forgery vulnerability.