A token impersonation vulnerability was discovered within Microsoft Windows. Successful exploitation of this issue might lead to a normal user process easily obtain a LocalSystem or any other user identity level token and further use it for impersonating a thread.
The Asterisk HTTP server currently has a default configuration which allows the BEAST vulnerability to be exploited if the TLS functionality is enabled. This can allow a man-in-the-middle attack to decrypt data passing through it.
An information disclosure vulnerability exists in Internet Explorer and Edge in a way that the Res protocol manages the existence of files on the system. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system.
This module implements Remote Command Execution on Ruby on Rails applications.
Prerequisite is knowledge of the "secret_token" (Rails 2/3) or "secret_key_base"
(Rails 4). The values for those can be usually found in the default location. The module achieves RCE by deserialization of a crafted Ruby Object.