the original cloud security
Showing 1 - 25 of 57 RSS Feed

Files from forshaw

First Active2015-08-21
Last Active2017-05-18
Microsoft Windows ROTFLAGS_ALLOWANYCLIENT Privilege Escalation
Posted May 18, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from a running object table register ROTFLAGS_ALLOWANYCLIENT privilege escalation vulnerability.

tags | exploit
systems | windows
advisories | CVE-2017-0214
MD5 | 7824d2ba33b19311032329f4e36f8dea
Microsoft Windows COM Aggregate Marshaler/IRemUnknown2 Privilege Escalation
Posted May 18, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from a COM aggregate marshaler/IRemUnknown2 type confusion privilege escalation vulnerability.

tags | exploit
systems | windows
advisories | CVE-2017-0213
MD5 | 77406ac2d1bdd9f30ebc46435d3c30c1
Microsoft Windows Dolby Audio X2 Service Privilege Escalation
Posted Apr 24, 2017
Authored by Google Security Research, forshaw

The DAX2API service installed as part of the Realtek Audio Driver on Windows 10 is vulnerable to a privilege escalation vulnerability which allows a normal user to get arbitrary system privileges.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2017-7293
MD5 | 335be82ee5239bb58196243435177028
VirtualBox 5.0.32 Windows Process COM Injection Privilege Escalation
Posted Apr 20, 2017
Authored by Google Security Research, forshaw

The process hardening implemented by the VirtualBox driver can be circumvented to load arbitrary code inside a VirtualBox process giving access to the VBoxDrv driver which can allow routes to elevation of privilege from a normal user. Version 5.0.32 is affected.

tags | exploit, arbitrary
advisories | CVE-2017-3563
MD5 | 827e5e747d1adace7588fea8541830f2
Microsoft Windows IEETWCollector Arbitrary Directory / File Deletion Privilege Escalation
Posted Apr 19, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from an IEETWCollector arbitrary directory / file deletion privilege escalation vulnerability.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2017-0165
MD5 | 53897bcfcd358cb90680438311e7af9f
Microsoft Windows Runtime Broker ClipboardBroker Privilege Escalation
Posted Apr 18, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from a runtime broker ClipboardBroker privilege escalation vulnerability.

tags | exploit
systems | windows
advisories | CVE-2017-0211
MD5 | dd02594e7a493c6e99c615dcd3d00362
Microsoft Windows ManagementObject Arbitrary .NET Serialization Remote Code Execution
Posted Apr 18, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from a ManagementObject arbitrary .NET serialization remote code execution vulnerability.

tags | exploit, remote, arbitrary, code execution
systems | windows
advisories | CVE-2017-0160
MD5 | b802a922b61e418d924ea6774ca4bc38
Microsoft Windows CreateProcessAsUser Impersonation Token Bypass
Posted Apr 9, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffered from a CreateProcessAsUser impersonation token bypass vulnerability.

tags | exploit, bypass
systems | windows
advisories | CVE-2015-0062
MD5 | 67e8190e6dfce495fb12b9be530a5f0f
Microsoft Windows COM Session Moniker Privilege Escalation
Posted Mar 14, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from a COM session moniker elevation of privilege vulnerability.

tags | exploit
systems | windows
advisories | CVE-2017-0100
MD5 | 874f8adf85cf59c05d6c51147b5640ff
Microsoft Windows Limited Bypass Of Traverse Permissions In Kernel Object Manager
Posted Dec 1, 2016
Authored by Google Security Research, forshaw

Microsoft Windows suffers from a limited bypass vulnerability related to traverse permissions in the kernel object manager.

tags | exploit, kernel, bypass
systems | windows
MD5 | 1cf598749090c0ba990679adca1f5b3a
Windows VHDMP ZwDeleteFile Arbitrary File Deletion Privilege Escalation
Posted Nov 15, 2016
Authored by Google Security Research, forshaw

The VHDMP driver does not safely delete files leading to arbitrary file deletion which could result in elevation of privilege.

tags | exploit, arbitrary
MD5 | cf4781183ffb73a29c60d739b40269ef
Windows VHDMP Arbitrary Physical Disk Cloning Privilege Escalation
Posted Nov 15, 2016
Authored by Google Security Research, forshaw

The VHDMP driver does not open physical disk drives securely when creating a new VHD leading to information disclosure and elevation of privilege by allowing a user to access data they should not have access to.

tags | exploit, info disclosure
advisories | CVE-2016-7224
MD5 | a811b9e9fd1f114f692f1e2497c401f9
Windows VHDMP Incorrect Impersonation Handling Privilege Escalation
Posted Nov 15, 2016
Authored by Google Security Research, forshaw

The VHDMP driver does not correctly handle impersonation levels leading to the possibility of impersonating a privileged token when performing certain actions such as creating/modifying a VHD leading to elevation of privilege.

tags | advisory
advisories | CVE-2016-7223
MD5 | aa7026f26462d80ce8c2c8e8aec38ed0
Windows VHDMP Arbitrary File Creation Privilege Escalation
Posted Nov 15, 2016
Authored by Google Security Research, forshaw

The VHDMP driver does not safely create files related to Resilient Change Tracking leading to arbitrary file overwrites under user control leading to elevation of privilege.

tags | exploit, arbitrary
advisories | CVE-2016-7226
MD5 | ffa87b52eeaf7af18b7cf72474d60fef
Windows Linux Subsystem Arbitrary File / Direction Creation
Posted Oct 22, 2016
Authored by Google Security Research, forshaw

The Linux subsystem on Windows suffers from a privilege escalation vulnerability that allows for arbitrary file and directory creation.

tags | exploit, arbitrary
systems | linux, windows
MD5 | 89ef94a56b1eee79bce2ee22bfdea4c5
Windows Edge/IE Isolated Private Namespace Insecure DACL Privilege Escalation
Posted Oct 19, 2016
Authored by Google Security Research, forshaw

The isolated private namespace created by ierutils has a insecure DACL which allows any appcontainer process to gain elevated permissions on the namespace directory which could lead to elevation of privilege.

tags | exploit
advisories | CVE-2016-3388
MD5 | 3a58a4a032f194f64df76ef97f1864dd
Windows Edge/IE Isolated Private Namespace Insecure Boundary Descriptor Privilege Escalation
Posted Oct 19, 2016
Authored by Google Security Research, forshaw

The isolated private namespace created by ierutils has an insecure boundary descriptor which allows any non-appcontainer sandbox process (such as chrome) or other users on the same system to gain elevated permissions on the namespace directory which could lead to elevation of privilege.

tags | exploit
advisories | CVE-2016-3387
MD5 | 04ae222ed5d576af27590135025693ee
Windows NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation
Posted Oct 19, 2016
Authored by Google Security Research, forshaw

NtLoadKeyEx takes a flag to open a registry hive read only, if one of the hive files cannot be opened for read access it will revert to write mode and also impersonate the calling process. This can leading to elevation of privilege if a user controlled hive is opened in a system service.

tags | exploit, registry
advisories | CVE-2016-0079
MD5 | 1df9217976f58a92f0a890a61a8508f2
Windows User Profile Service Privilege Escalation
Posted Oct 17, 2016
Authored by Google Security Research, forshaw

Windows suffers from an elevation of privilege vulnerability in the User Profile Service.

tags | exploit
systems | windows
advisories | CVE-2015-0004
MD5 | 6d809c061e7b0de9c103632a0f395ecd
Windows Diagnostics Hub DLL Loading Privilege Escalation
Posted Oct 17, 2016
Authored by Google Security Research, forshaw

The fix for CVE-2016-3231 is insufficient to prevent a normal user specifying an insecure agent path leading to arbitrary DLL loading at system privileges.

tags | exploit, arbitrary
advisories | CVE-2016-3231, CVE-2016-7188
MD5 | c4ff8d0dc654ac405a128ddd41d0c703
Windows DeviceApi CMApi PiCMOpenClassKey IOCTL Privilege Escalation
Posted Oct 17, 2016
Authored by Google Security Research, forshaw

The Windows DeviceApi CMApi PiCMOpenClassKey IOCTL allows a normal user to create arbitrary registry keys in the system hive leading to elevation of privilege.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2016-0075
MD5 | 911d8189dbd28b3831aea3acd9cf75ab
Windows DFS Client Driver Arbitrary Drive Mapping Privilege Escalation
Posted Oct 17, 2016
Authored by Google Security Research, forshaw

The Windows DFS Client driver and running by default insecurely creates and deletes drive letter symbolic links in the current user context leading to elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2016-7185
MD5 | 6067edffeec1116597601eefb3a08a30
Windows DeviceApi CMApi Privilege Escalation
Posted Oct 17, 2016
Authored by Google Security Research, forshaw

The Windows DeviceApi CMApi PnpCtxRegOpenCurrentUserKey function doesn't check the impersonation level of the current effective token allowing a normal user to create arbitrary registry keys in another user's loaded hive leading to elevation of privilege.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2016-0073
MD5 | e4cb23364b93db7f73f47786db17ed0b
Windows Object Manager Pathological Lookup EoP
Posted Oct 12, 2016
Authored by Google Security Research, forshaw

When performing an object name lookup it's possible exercise the worst case look up time for the object leading to a single lookup taking multiple minutes. This can prevent a process being terminated on logout which can be used to get access to other user sessions, especially on a terminal server leading to EoP.

tags | exploit
MD5 | 402e271cbf31e9ffa53abd2f90b43f8b
Microsoft Windows NtLoadKeyEx User Hive Attachment Point Privilege Elevation
Posted Sep 23, 2016
Authored by Google Security Research, forshaw

The NtLoadKeyEx system call allows an unprivileged user to load registry hives outside of the \Registry\A hidden attachment point which can be used to elevate privileges.

tags | exploit, registry
advisories | CVE-2016-3371
MD5 | c98bf881446f8ad002f5877c3b3523e7
Page 1 of 3
Back123Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close