Complaint Management System version 4.2 suffers from a persistent cross site scripting vulnerability.

Grub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu 10.04 (x86_64) with kernel version 2.6.32-21-generic.

Jolla Phone with Sailfish OS versions 1.1.1.27 and below suffer from a telephone URI spoofing vulnerability.

Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed.

This whitepaper is a study that gives an overview about what methodology a hacker uses to hack into a system, discusses a theft of millions from the central bank of Bangladesh, and more.

This whitepaper is a quick tutorial on pentesting the Zen load balancer.

Whitepaper called Exploiting CAN-Bus using Instrument Cluster Simulator.

Whitepaper called Blind CreateRemoteThread Privilege Escalation.

Triologic Media Player version 8 suffers from a .m3l local buffer overflow vulnerability.

ALLPlayer version 7.6 unicode SEH local buffer overflow exploit.

Druva inSync Windows Client version 6.5.2 suffers from a local privilege escalation vulnerability.

Microsoft Windows suffers from a Desktop Bridge Virtual Registry arbitrary file read / write privilege escalation vulnerability.

Microsoft Windows suffers from a Desktop Bridge Virtual Registry NtLoadKey arbitrary file read / write privilege escalation vulnerability.

The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user which results in the elevated process sharing resources such as COM registrations with the normal user who can modify the registry to force an arbitrary DLL to be loaded into the VMX process. Affects VMware Workstation Windows version 14.1.5 (on Windows 10). Also tested on VMware Player version 15.

This Metasploit module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when Windows backup and restore is launched. It will spawn a second shell that has the UAC flag turned off. This module modifies a registry key, but cleans up the key once the payload has been invoked.

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tracing functionality used by the Routing and Remote Access service. The issue results from the lack of proper permissions on registry keys that control this functionality. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.

This Metasploit module exploits a buffer overflow in Xinfire TV Player Pro and Standard version 6.0.1.2. When the application is used to import a specially crafted plf file, a buffer overflow occurs allowing arbitrary code execution. Tested successfully on Win7, Win10. This software is similar as Aviosoft Digital TV Player and BlazeVideo HDTV Player.

This Metasploit module exploits a buffer overflow in Xinfire DVD Player Pro and Standard version 5.5.0.0. When the application is used to import a specially crafted plf file, a buffer overflow occurs allowing arbitrary code execution. Tested successfully on Win7, Win10. This software is similar as DVD X Player and BlazeDVD.

This Metasploit module attempts to exploit a race condition in mail.local with the SUID bit set on: NetBSD 7.0 - 7.0.1 (verified on 7.0.1), NetBSD 6.1 - 6.1.5, and NetBSD 6.0 - 6.0.6. Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to execute.

NetBSD stack clash proof of concept exploit.