| Email address | private |
|---|---|
| Website | hyp3rlinx.altervista.org |
| First Active | 2015-04-28 |
| Last Active | 2020-02-12 |
The HP System Event service "HPMSGSVC.exe" will load an arbitrary EXE and execute it with SYSTEM integrity. HPMSGSVC.exe runs a background process that delivers push notifications. The problem is that the HP Message Service will load and execute any arbitrary executable named "Program.exe" if it is found in the user's c:\ drive.
f834d687f26c92b81b101ce2b5ee2732NTCrackPipe is a basic local Windows account cracking tool.
b1b672393c20d81e400b6bcc390614e2Neowise CarbonFTP version 1.4 suffers from an insecure proprietary password encryption implementation.
aecef434c516d728f44dde372d426274Trend Micro Security can potentially allow an attacker to use a malicious program to escalate privileges to SYSTEM integrity and obtain persistence on a vulnerable system.
d94d6061aaad9782bb11838c46318d2cTrend Micro Maximum Security is vulnerable to arbitrary code execution as it allows for creation of registry key to target a process running as SYSTEM. This can allow a malware to gain elevated privileges to take over and shutdown services that require SYSTEM privileges like Trend Micros "Asmp" service "coreServiceShell.exe" which does not allow Administrators to tamper with them. This could allow an attacker or malware to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. Note administrator privileges are required to exploit this vulnerability.
8141cd4c6867deb8b0509555a9e089dfMicrosoft Windows VCF cards do not properly sanitize email addresses allowing for HTML injection. A corrupt VCF card can cause all the users currently opened files and applications to be closed and their session to be terminated without requiring any accompanying attacker supplied code.
a8bf3c22b7586fb9aed156a323afff1cMicrosoft Windows suffers from a .group file code execution vulnerability that leverages the URL field.
c14d7dd530c485214547e0c84c47d3fdMicrosoft Windows Media Center suffers from an XML external entity injection vulnerability. This vulnerability was originally released back on December 4, 2016, yet remains unfixed.
08852a95d58030559d7cf597ca2a27deMicrosoft Visual Studio 2008 Express IDE suffers from an XML external entity injection vulnerability.
789e0a22b8214672e24e1c11ee00b829Microsoft Excel 2016 version 1901 suffers from an XML external entity injection vulnerability.
38a897cf183daf4eab6b217fc70232f7Max Secure Anti Virus Plus version 19.0.4.020 suffers from an insecure permission vulnerability.
e33ab8412cbe5fbdb15a2935c0f48058NAPC Xinet (interface) Elegant 6 Asset Library version 6.1.655 allows pre-authentication error-based SQL injection via the /elegant6/login LoginForm[username] field when double quotes are used.
19c74256613bc29f10c94c6dd8532054Scanguard versions through 2019-11-12 on Windows has insecure permissions for the installation directory, leading to privilege escalation via a trojan horse executable file.
395b36711cd21e23af1e2c01cdd5e128Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below suffer from a remote code execution vulnerability.
efda6406cb80c26ebe21b6449a6d1caeNtFileSins.py is a Windows file enumeration intel gathering tool.
df854b2ff767838ad9ede940d9a2edeeMicrosoft Windows suffers from an NTFS privileged file access enumeration vulnerability. Attackers possessing user-only rights can gather intelligence or profile other user account activities by brute forcing a correct file name due to inconsistent error messaging.
8f8a5a6cf1cf40cfec6b841ca09e2618This python script mints a .ps file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell.
9592257d1332e2c7094af04e4b98bda7Microsoft Windows suffers from a PowerShell unsanitized filename command execution vulnerability.
4059533a64c2c0436da56ba2b23fecdcTrend Micro Deep Discovery Inspector suffers from a percent encoding IDS bypass vulnerability.
edccc27accadec979aa2288aff49d66cMAPLE Computer WBT SNMP Administrator version 2.0.195.15 remote buffer overflow exploit with egghunter.
264d4bba8bff62a4e99bb6090af82f9bMAPLE Computer WBT SNMP Administrator version 2.0.195.15 suffers from a buffer overflow vulnerability that allows for code execution.
a6d1442ffd46e1f782c5c9c9d20d026eMicrosoft compiled HTML Help and uncompiled .chm files can be leveraged for XML external entity injection attacks.
58644216083e140438ff9e4523e0bb5bMicrosoft File Checksum Verifier version 2.05 suffers from a dll hijacking vulnerability.
d2cee35ac2dbc3bc9ea6be0bce939d6eThe HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS if attackers can reach the service on port 8794. In addition this can potentially be leveraged for post exploit persistence with SYSTEM privileges, if physical access or malware is involved. If a physical attacker or malware can set its own program for the service failure recovery options, it can be used to maintain persistence. Afterwards, it can be triggered by sending a malicious request to DoS the service, which in turn can start the attackers recovery program. The attackers program can then try restarting the affected service to try an stay unnoticed by calling "sc start HCServerService". Services failure flag recovery options for "enabling actions for stops or errors" and can be set in the services "Recovery" properties tab or on the command line. Authentication is not required to reach the vulnerable service, this was tested successfully on Windows 7/10.
d00190d41a9f1c0ea2c4f92ee9779c0dWhen a Microsoft Word ".docx" File contains a hyperlink to another file, it will run the first file it finds in that directory with a valid extension. But will present to the end user an extension-less file in its Security warning dialog box without showing the extension type. If another "empty" file of the same name as the target executable exists but has no file extension. Because the extension is suppressed it makes the file seem harmless and the file can be masked to appear as just a folder etc. This can potentially trick user into running unexpected code, but will only work when you have an additional file of same name with NO extension on it.
c758f8435e2134b135cb043389ffe683
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed