The Windows Kerberos KDC fails to properly validate PAC signatures, allowing any authenticated domain user to forge Kerberos tickets and gain domain administrator privileges. Known as MS14-068, one of the most critical Active Directory vulnerabilities ever disclosed.
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 80.4%.
The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.