privilege escalation SrClient DLL Hijacking: a Windows Server 2012 0-day that won't be patched This blog discusses a DLL hijacking vulnerability affecting all versions of Windows Server 2012 (but not Server 2012 R2). This 0-day vulnerability can be exploited for privilege escalation by any regular user and does not require a system reboot, yet it will not be patched by Microsoft.
research What’s in a (re)name: RCE Hunting in CMSs via Unrestricted File Upload Earlier this year, our threat researcher found three easily exploitable vulnerabilities in CMS apps, including two that could result in remote code execution (RCE). This article combines write-ups for these vulnerabilities.
