Microsoft Windows ".contact" File HTML Injection Mailto: Link Remote Code Execution 0day ZDI-CAN-7591 Windows 10, Windows 8, Windows 7, and Windows Vista.
poc:-
Hidden content
LFI via PHP session upload progress
It is possible to exploit LFI by forcibly creating a session (without session_start()!) by sending the PHP_SESSION_UPLOAD_PROGRESS parameter.
The splice also uses a filter combination trick to create the desired prefix in the shellcode, but this is not so...
Expert Larry Cashdollar of Akamai SIRT (Security Intelligence Response Team) has discovered a dangerous issue CVE-2018-9206 in the popular jQuery File Upload plugin created by German developer Sebastian Tschan, better known as Blueimp. Vulnerable are all plugin versions up to version 9.22.1...
Total Commander 8.52 software, a buffer overflow vulnerability was discovered in 2015. This vulnerability could allow an attacker to execute arbitrary code on a target system by exploiting the buffer overflow.
Buffer overflow is a type of software vulnerability where more data is written to a...
CVE-2015-1538 is a remote code execution vulnerability that was found in the Linux kernel in 2015. It affected versions of the kernel up to and including 3.19. The vulnerability was caused by a flaw in the keyring handling code in the kernel.
The vulnerability allowed an attacker to execute...
The Windows NDProxy Privilege Escalation is a security vulnerability that was identified and fixed by Microsoft in their MS14-002 security update. The vulnerability allowed attackers with low privileges to elevate their privileges to gain access to sensitive information and carry out malicious...