what you don't know can hurt you
Showing 1 - 25 of 57 RSS Feed

Files from forshaw

First Active2015-08-21
Last Active2017-05-18
Microsoft Windows ROTFLAGS_ALLOWANYCLIENT Privilege Escalation
Posted May 18, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from a running object table register ROTFLAGS_ALLOWANYCLIENT privilege escalation vulnerability.

tags | exploit
systems | windows
advisories | CVE-2017-0214
SHA-256 | 36f03383066ee290d05c378c215e41fa232689f697acdd92d4113874ffffea27
Microsoft Windows COM Aggregate Marshaler/IRemUnknown2 Privilege Escalation
Posted May 18, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from a COM aggregate marshaler/IRemUnknown2 type confusion privilege escalation vulnerability.

tags | exploit
systems | windows
advisories | CVE-2017-0213
SHA-256 | 7d9306b31056624843b7596903b03f2850b51e4cdcc0f3b35afc516f0af1bec5
Microsoft Windows Dolby Audio X2 Service Privilege Escalation
Posted Apr 24, 2017
Authored by Google Security Research, forshaw

The DAX2API service installed as part of the Realtek Audio Driver on Windows 10 is vulnerable to a privilege escalation vulnerability which allows a normal user to get arbitrary system privileges.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2017-7293
SHA-256 | 648ba1e2f3e829a53ac3a224f73958fcb62fd2097a728a0530b0740b66b425dc
VirtualBox 5.0.32 Windows Process COM Injection Privilege Escalation
Posted Apr 20, 2017
Authored by Google Security Research, forshaw

The process hardening implemented by the VirtualBox driver can be circumvented to load arbitrary code inside a VirtualBox process giving access to the VBoxDrv driver which can allow routes to elevation of privilege from a normal user. Version 5.0.32 is affected.

tags | exploit, arbitrary
advisories | CVE-2017-3563
SHA-256 | 354c5c8d7eae3710b64e963597225ed3690fa9c1db8f9c46391d756eae87a99d
Microsoft Windows IEETWCollector Arbitrary Directory / File Deletion Privilege Escalation
Posted Apr 19, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from an IEETWCollector arbitrary directory / file deletion privilege escalation vulnerability.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2017-0165
SHA-256 | 430a53cd94edd4e0e498a42cca519bca58b5345139e6f34fe55a3fac5ac08ac8
Microsoft Windows Runtime Broker ClipboardBroker Privilege Escalation
Posted Apr 18, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from a runtime broker ClipboardBroker privilege escalation vulnerability.

tags | exploit
systems | windows
advisories | CVE-2017-0211
SHA-256 | 7c916e43984e060a2ac3129f24b582d32092c2278a75ff95dfbfab95fd72d2cf
Microsoft Windows ManagementObject Arbitrary .NET Serialization Remote Code Execution
Posted Apr 18, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from a ManagementObject arbitrary .NET serialization remote code execution vulnerability.

tags | exploit, remote, arbitrary, code execution
systems | windows
advisories | CVE-2017-0160
SHA-256 | 2191c2cf58409ae65a711b869567e7f0086659f623a87e56f5ca19199ab839a9
Microsoft Windows CreateProcessAsUser Impersonation Token Bypass
Posted Apr 9, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffered from a CreateProcessAsUser impersonation token bypass vulnerability.

tags | exploit, bypass
systems | windows
advisories | CVE-2015-0062
SHA-256 | 09f6d702f3536cf0e173c3346be71a21c9c9b6fc330fd573ea7a94b7397fe040
Microsoft Windows COM Session Moniker Privilege Escalation
Posted Mar 14, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from a COM session moniker elevation of privilege vulnerability.

tags | exploit
systems | windows
advisories | CVE-2017-0100
SHA-256 | dd8361b04b08bf0bdeff67321f010c8cc76f0542fe2db8f9df10c34ea03bfa2a
Microsoft Windows Limited Bypass Of Traverse Permissions In Kernel Object Manager
Posted Dec 1, 2016
Authored by Google Security Research, forshaw

Microsoft Windows suffers from a limited bypass vulnerability related to traverse permissions in the kernel object manager.

tags | exploit, kernel, bypass
systems | windows
SHA-256 | 32be7de6302ee4b217899cde65689522ab4b525ef091f369b88b8e92da8f7841
Windows VHDMP ZwDeleteFile Arbitrary File Deletion Privilege Escalation
Posted Nov 15, 2016
Authored by Google Security Research, forshaw

The VHDMP driver does not safely delete files leading to arbitrary file deletion which could result in elevation of privilege.

tags | exploit, arbitrary
SHA-256 | 83a9ca054e84e9cb0b4edffe665f32711fdddafa66cced5b63b30ba0907cfc2f
Windows VHDMP Arbitrary Physical Disk Cloning Privilege Escalation
Posted Nov 15, 2016
Authored by Google Security Research, forshaw

The VHDMP driver does not open physical disk drives securely when creating a new VHD leading to information disclosure and elevation of privilege by allowing a user to access data they should not have access to.

tags | exploit, info disclosure
advisories | CVE-2016-7224
SHA-256 | ece66dd4e9a21d845f73e76160ee3d7d4ddb8db78f87bb255a2a71718d6d508c
Windows VHDMP Incorrect Impersonation Handling Privilege Escalation
Posted Nov 15, 2016
Authored by Google Security Research, forshaw

The VHDMP driver does not correctly handle impersonation levels leading to the possibility of impersonating a privileged token when performing certain actions such as creating/modifying a VHD leading to elevation of privilege.

tags | advisory
advisories | CVE-2016-7223
SHA-256 | 2dd3df095b5f804e247c897db2ccee0b7686f6aba635737c00ff269c7dd3eef9
Windows VHDMP Arbitrary File Creation Privilege Escalation
Posted Nov 15, 2016
Authored by Google Security Research, forshaw

The VHDMP driver does not safely create files related to Resilient Change Tracking leading to arbitrary file overwrites under user control leading to elevation of privilege.

tags | exploit, arbitrary
advisories | CVE-2016-7226
SHA-256 | 47779f4011b5478d641f7b65e43f21241798700a262c616442aaa6c5144cb4a7
Windows Linux Subsystem Arbitrary File / Direction Creation
Posted Oct 22, 2016
Authored by Google Security Research, forshaw

The Linux subsystem on Windows suffers from a privilege escalation vulnerability that allows for arbitrary file and directory creation.

tags | exploit, arbitrary
systems | linux, windows
SHA-256 | 576672403eb9b021c3d3d7f01650822ca7bdd66497b93e4ba6035db60fe0ad18
Windows Edge/IE Isolated Private Namespace Insecure DACL Privilege Escalation
Posted Oct 19, 2016
Authored by Google Security Research, forshaw

The isolated private namespace created by ierutils has a insecure DACL which allows any appcontainer process to gain elevated permissions on the namespace directory which could lead to elevation of privilege.

tags | exploit
advisories | CVE-2016-3388
SHA-256 | 91dd2dafe62503e1402e801a11454398d381c47becea95deca59b0c271104cab
Windows Edge/IE Isolated Private Namespace Insecure Boundary Descriptor Privilege Escalation
Posted Oct 19, 2016
Authored by Google Security Research, forshaw

The isolated private namespace created by ierutils has an insecure boundary descriptor which allows any non-appcontainer sandbox process (such as chrome) or other users on the same system to gain elevated permissions on the namespace directory which could lead to elevation of privilege.

tags | exploit
advisories | CVE-2016-3387
SHA-256 | 68f3b1ea316257c0328816712b240f725ef353f02ec723df39644a2236351e6b
Windows NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation
Posted Oct 19, 2016
Authored by Google Security Research, forshaw

NtLoadKeyEx takes a flag to open a registry hive read only, if one of the hive files cannot be opened for read access it will revert to write mode and also impersonate the calling process. This can leading to elevation of privilege if a user controlled hive is opened in a system service.

tags | exploit, registry
advisories | CVE-2016-0079
SHA-256 | 1a8fcebf49504f53a251ec53b447f0516cf99661d4e5a20f9ace8c025cf0207b
Windows User Profile Service Privilege Escalation
Posted Oct 17, 2016
Authored by Google Security Research, forshaw

Windows suffers from an elevation of privilege vulnerability in the User Profile Service.

tags | exploit
systems | windows
advisories | CVE-2015-0004
SHA-256 | 97b457125a6643a868963d6ea9692fdd8632b5b0be62f70275a4468c594484f5
Windows Diagnostics Hub DLL Loading Privilege Escalation
Posted Oct 17, 2016
Authored by Google Security Research, forshaw

The fix for CVE-2016-3231 is insufficient to prevent a normal user specifying an insecure agent path leading to arbitrary DLL loading at system privileges.

tags | exploit, arbitrary
advisories | CVE-2016-3231, CVE-2016-7188
SHA-256 | 8e920030b310b6dcf311c06b2b2e41ac897452fca01c6548f5350cbbaaf2d80c
Windows DeviceApi CMApi PiCMOpenClassKey IOCTL Privilege Escalation
Posted Oct 17, 2016
Authored by Google Security Research, forshaw

The Windows DeviceApi CMApi PiCMOpenClassKey IOCTL allows a normal user to create arbitrary registry keys in the system hive leading to elevation of privilege.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2016-0075
SHA-256 | 9ed3cfad5f45a4826c3f4edfa4a900d6907941eae3d340562b9af0050fae92ae
Windows DFS Client Driver Arbitrary Drive Mapping Privilege Escalation
Posted Oct 17, 2016
Authored by Google Security Research, forshaw

The Windows DFS Client driver and running by default insecurely creates and deletes drive letter symbolic links in the current user context leading to elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2016-7185
SHA-256 | 2638bfd1a02a94d1b2488c6813b4f4ecdb4390e08d2e42f584071f01073adce4
Windows DeviceApi CMApi Privilege Escalation
Posted Oct 17, 2016
Authored by Google Security Research, forshaw

The Windows DeviceApi CMApi PnpCtxRegOpenCurrentUserKey function doesn't check the impersonation level of the current effective token allowing a normal user to create arbitrary registry keys in another user's loaded hive leading to elevation of privilege.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2016-0073
SHA-256 | 2e1231f4bf4a445eede4130d674c86c027caab38c9470a664b4e7bdf8a7fe1ea
Windows Object Manager Pathological Lookup EoP
Posted Oct 12, 2016
Authored by Google Security Research, forshaw

When performing an object name lookup it's possible exercise the worst case look up time for the object leading to a single lookup taking multiple minutes. This can prevent a process being terminated on logout which can be used to get access to other user sessions, especially on a terminal server leading to EoP.

tags | exploit
SHA-256 | efafe27080f86d8c27daddca22497099ebc4caecbbe30af4c6f96f0137730c4b
Microsoft Windows NtLoadKeyEx User Hive Attachment Point Privilege Elevation
Posted Sep 23, 2016
Authored by Google Security Research, forshaw

The NtLoadKeyEx system call allows an unprivileged user to load registry hives outside of the \Registry\A hidden attachment point which can be used to elevate privileges.

tags | exploit, registry
advisories | CVE-2016-3371
SHA-256 | 8d30ef721f9061806e06019063b62bba9b734dca044a593c1486cd66752e5a4c
Page 1 of 3
Back123Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close