The Microsoft Windows kernel's Registry Virtualization does not safely open the real key for a virtualization location leading to enumerating arbitrary keys resulting in privilege escalation.

This Metasploit module exploits a flaw in the WSReset.exe file associated with the Windows Store. This binary has autoelevate privs, and it will run a binary file contained in a low-privilege registry location. By placing a link to the binary in the registry location, WSReset.exe will launch the binary as a privileged user.

This Metasploit module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when Windows backup and restore is launched. It will spawn a second shell that has the UAC flag turned off. This module modifies a registry key, but cleans up the key once the payload has been invoked.

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tracing functionality used by the Routing and Remote Access service. The issue results from the lack of proper permissions on registry keys that control this functionality. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.

IQrouter firmware version 3.3.1 suffers from a remote code execution vulnerability.

NSClient++ version 0.5.2.35 suffers from an authenticated remote code execution vulnerability.

Edimax EW-7438RPn version 1.13 suffers from a remote code execution vulnerability.

Furukawa Electric ConsciusMAP version 2.8.1 java deserialization remote code execution exploit.

Source Engine CS:GO BuildID: 4937372 arbitrary code execution exploit.

School ERP Pro version 1.0 suffers from a remote code execution vulnerability.

Open-AudIT Professional version 3.3.1 suffers from a remote code execution vulnerability.

SimplePHPGal version 0.7 suffers from a remote file inclusion vulnerability.

Saltstack version 3000.1 suffers from a remote code execution vulnerability.

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution.

The ManageEngine Asset Explorer windows agent suffers form a remote code execution vulnerability. All versions prior to 1.0.29 are affected.

This Metasploit module attempts to exploit a race condition in mail.local with the SUID bit set on: NetBSD 7.0 - 7.0.1 (verified on 7.0.1), NetBSD 6.1 - 6.1.5, and NetBSD 6.0 - 6.0.6. Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to execute.

Realtek SDK based routers suffer from information disclosure, incorrect access control, insecure password storage, code execution, and incorrectly implemented CAPTCHA vulnerabilities.

Jira version 8.3.4 suffers from a username enumeration information disclosure vulnerability.

AVideo Platform version 8.1 suffers from an information disclosure vulnerability that allows for user enumeration.

LabVantage version 8.3 suffers from an information disclosure vulnerability.

SmartClient version 120 suffers from information disclosure, local file inclusion, remote file upload, and XML external entity injection vulnerabilities.

ManageEngine EventLog Analyzer version 10.0 suffers from an information disclosure vulnerability.

Citrix Gateway versions 11.1, 12.0, and 12.1 suffer from an information disclosure vulnerability.

HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a local physical access information disclosure vulnerability.

MicroStrategy Intelligence Server and Web version 10.4 suffers from remote code execution, cross site scripting, server-side request forgery, and information disclosure vulnerabilities.

The Swift File Transfer mobile application for ios, blackberry and android suffers from cross site scripting and information disclosure vulnerabilities.

Edimax EW-7438RPn suffers from an information disclosure vulnerability.

File Explorer version 1.4 for iOS suffers from an information disclosure vulnerability.

The Cisco UCS Director virtual appliance contains two flaws that can be combined and abused by an attacker to achieve remote code execution as root. The first one, CVE-2019-1937, is an authentication bypass, that allows the attacker to authenticate as an administrator. The second one, CVE-2019-1936, is a command injection in a password change form, that allows the attacker to inject commands that will execute as root. This module combines both vulnerabilities to achieve the unauthenticated command injection as root. It has been tested with Cisco UCS Director virtual machines 6.6.0 and 6.7.0. Note that Cisco also mentions in their advisory that their IMC Supervisor and UCS Director Express are also affected by these vulnerabilities, but this module was not tested with those products.

Cisco M1070 Content Security Management Appliance IronPort remote host header injection exploit.

Cisco C170 Email Security Appliance version 10.0.3-003 IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C100V IronPort remote host header injection exploit.

Cisco C690 Email Security Appliance version 11.0.2-044 IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C600V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C370 IronPort remote host header injection exploit.

Cisco IronPort C350 remote host header injection exploit.

Cisco Content Security Management Virtual Appliance M600V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C300V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C380 IronPort remote host header injection exploit.

Cisco Content Security Virtual Appliance M380 IronPort remote cross site host modification demo exploit.

Cisco Data Center Network Manager version 11.2 remote code execution exploit.

Cisco Data Center Network Manager version 11.2.1 suffers from a remote SQL injection vulnerability.

Cisco Data Center Network Manager version 11.2.1 remote command injection exploit.

Cisco Unified Contact Center Express suffers from a privilege escalation vulnerability.

Cisco AnyConnect Secure Mobility Client for Windows version 4.8.01090 suffer from a privilege escalation vulnerability due to insecure handling of path names.

This Metasploit module exploits an arbitrary command execution flaw in the in.lpd service shipped with all versions of Irix.

Sites designed by IRIX suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.