Microsoft Windows 10 Build 17134 local privilege escalation exploit with UAC bypass.
e3dd973532e4f2d060b4d0b153971e8ddc2cc77a366635af649f3f1227c276e5This Metasploit module exploits a file upload vulnerability found in Symantec Web Gateway's HTTP service. Due to the incorrect use of file extensions in the upload_file() function, this allows us to abuse the spywall/blocked_file.php file in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution.
cf93b4b95c23f5407ba012edff8b93021d9cf2a529de505d5f968bbc6cf64f26This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service due to the insecure usage of the exec() function. This Metasploit module abuses the spywall/ipchange.php file to execute arbitrary OS commands without authentication.
b0b67649c40ca029b22826b4a8885851ba50ca7ed212e036f2e5e4e0db93816fA vulnerability allows an attacker to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists in the functionality exposed by the Storage Foundation for Windows Scheduler Service, VxSchedService.exe, which listens by default on TCP port 4888. The management console allows NULL NTLMSSP authentication thereby enabling a remote attacker to add, modify, or delete snapshots schedules and consequently run arbitrary code under the context of the SYSTEM user.
3652171caf78ee8bd5e8d4dffd1352e18b45cce0e160d428be5706660113a647A vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express. Authentication is not required to exploit this vulnerability. The specific flaw resides in the TSM Express Backup Server service, dsmsvc.exe, which listens by default on TCP port 1500. The process trusts a user-supplied length value. By supplying a large number, an attacker can overflow a static heap buffer leading to arbitrary code execution in the context of the SYSTEM user. Tivoli Storage Manager Express version 5.3 is affected.
d3505a1cd6fd799ea1c25183890de56f606ba71453077a7b318259b08b71a0a0A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard HP-UX operating system. Authentication is not required to exploit this vulnerability. The specific flaw exists within the function sw_rpc_agent_init (opcode 0x04) defined in swagentd. Specific malformed arguments can cause function pointers to be overwritten and thereby result in arbitrary code execution. HP-UX version 11.11 is affected.
1abafcb5cb1fcc5bbd807612d35e37e220db81abb0400e3292c7281a2cc6fb90A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows with the Message Queuing Service enabled. Authentication is not required to exploit this vulnerability. The specific flaw exists in the RPC interface defined on port 2103 with UUID fdb3a030-065f-11d1-bb9b-00a024ea5525. During the processing of opnum 0x06 the service copies user-supplied information into a fixed length stack buffer. Sending at least 300 bytes will trigger a stack based buffer overflow due to a vulnerable wcscat() call. Exploitation of this issue can result in arbitrary code execution. Affected versions are Windows 2000 SP4 and Windows XP SP2.
7ad73b80c43474accf67595197f54a090063d04177565333581b8946b1c2a6f3Vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Novell NetMail. User interaction is not required to exploit this vulnerability. The specific flaws exist in the AntiVirus agent which listens on a random high TCP port. The avirus.exe service protocol reads a user-supplied ASCII integer value as an argument to a memory allocation routine. The specified size is added to without any integer overflow checks and can therefore result in an under allocation. A subsequent memory copy operation can then corrupt the heap and eventually result in arbitrary code execution. Novell NetMail version 3.5.2 is affected.
2ef213b576dde799161a7dca2bb9007bbc157e7e6026f89a655e0f020974aebdCA Security Advisory - Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action.
eeb6c53417ccc26b912aa3b7ee71b7c4d770d635ec4f613ec8a5036d63014596Vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard (HP) OpenView Network Node Manager (NNM). Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the CGI applications that handle the management of the NNM server. Due to lack of bounds checking during a call to sprintf(), sending overly long arguments to the various CGI variables result in a classic stack overflow leading to compromise of the remote server. Exploitation leads to code execution running under the credentials of the web server. Further techniques can be leveraged to gain full SYSTEM access. OpenView Network Node Manager versions 7.51 and below are affected.
af2e7b4fea5306f492b6105526815249c897430e2fe51c525fc855c05e67e2abA vulnerability allows attackers to arbitrarily access and modify the file system and registry of vulnerable installations of Computer Associates BrightStor ARCserve Backup. Authentication is not required to exploit this vulnerability.
89357d202a32023d98793264bbd1c28ee69a7876f29b486362f1a58bd9882ed5A vulnerability allows remote attackers to crash systems with vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RPC runtime library rpcrt4.dll during the parsing of RPC-level authentication messages. When parsing packets with the authentication type of NTLMSSP and the authentication level of PACKET, an invalid memory dereference can occur if the verification trailer signature is initialized to 0 as opposed to the standard NTLM signature. Successful exploitation crashes the RPC service and subsequently the entire operating system.
81c3eb66a83ea337ccd5a2db389db399942be188bee24be99a592d845a95a2b3A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MIT Kerberos. Authentication is not required to exploit this vulnerability. The specific flaw exists in the svcauth_gss_validate() function. By sending a large authentication context over RPC, a stack based buffer overflow occurs, resulting in a situation allowing for remote code execution.
4f27736766dd291c21626e29d205e6321ce49701a70947701679ef544a592165Multiple vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability.
4fabf17e8a6037fcebff9801b177d7995d77e164d24c51c3be60700274a2dd29A vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of BakBone NetVault Reporter. User interaction is not required to exploit this vulnerability. BakBone NetVault Reporter version 3.5 prior to Update4 is susceptible.
c3eba9e3a239ceea1a75f4975440e4f47f2979ceeb1fcddc729b4d6201491bbcA vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Media Server. User interaction is not required to exploit this vulnerability.
5f051d451b1cb655c302560bb76e182d99aa01278266b8298e9a10f46856cb50
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed