All Vulnerabilities

A privilege escalation vulnerability exists when Microsoft Internet Explorer or Edge fails to properly secure private namespace. An attacker who successfully exploited this vulnerability could gain elevated permissions on the namespace directory of a vulnerable system and gain elevated privileges.
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode.
A local privilege escalation vulnerability was discovered within Microsoft Windows. It abuses the issue that a registry hive file will be opened in write mode if opening it in read mode fails. This, combined with the fact that the log files created when opening a hive in write mode are effectively owned by the system yet can also be modified by a user, allows normal users to overwrite critical system files. Successful exploitation of this issue may lead to local privilege escalation.
A vulnerability was discovered within Microsoft Windows 10 that could lead to an arbitrary registry key access. The root cause of this vulnerability comes from kernel not checking for user while creating hardware profile subkeys in HKLM, which are created with full permission to the owner which is the user and also inherits the parent ACLs. A successfully exploitation of this issue could allow an attacker to elevate privileges when used for SymLink.
A token impersonation vulnerability was discovered within Microsoft Windows. Successful exploitation of this issue might lead to a normal user process easily obtain a LocalSystem or any other user identity level token and further use it for impersonating a thread.
Microsoft Internet Explorer and Edge are prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Joomla Huge-IT Video Gallery SQL Injection Vulnerability (CVE-2016-1000123)
 Severity:    
 Date Published:  26 Oct 2016
SQL injection vulnerability in Joomla! allows attackers to execute arbitrary SQL commands via unspecified vectors.
Asterisk HTTP Server BEAST Vulnerability
 Severity:    
 Date Published:  26 Oct 2016
The Asterisk HTTP server currently has a default configuration which allows the BEAST vulnerability to be exploited if the TLS functionality is enabled. This can allow a man-in-the-middle attack to decrypt data passing through it.
An information disclosure vulnerability exists in Internet Explorer and Edge in a way that the Res protocol manages the existence of files on the system. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system.
Microsoft Windows Kernel Driver Local Elevation Of Privilege (CVE-2016-7185)
 Severity:    
 Date Published:  26 Oct 2016
A privileges and access control vulnerability was discovered within Microsoft Windows. Successful exploitation of this issue might lead to an elevation of privileges.

Featured Stories