| Email address | private |
|---|---|
| Website | hyp3rlinx.altervista.org |
| First Active | 2015-04-28 |
| Last Active | 2024-02-19 |
NtFileSins.py is a Windows file enumeration intel gathering tool.
f8aac1406e57d94df90e96d6fd328224c8b121eb8ae28317373383dcdea34c3dMicrosoft Windows suffers from an NTFS privileged file access enumeration vulnerability. Attackers possessing user-only rights can gather intelligence or profile other user account activities by brute forcing a correct file name due to inconsistent error messaging.
5e05030a16a75dc42812b10db9f0a4214eabae8a286c1c59d881691722d51c29This python script mints a .ps file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell.
c030abc642a4fc06451a399c9721d06640d3154f8771ff2127c3bd516db33192Microsoft Windows suffers from a PowerShell unsanitized filename command execution vulnerability.
5bf128419e761a002a979be67be908ac183d09b615d51b039f45e8ee8acc4abfTrend Micro Deep Discovery Inspector suffers from a percent encoding IDS bypass vulnerability.
ec40e8e4c37ffcdffc52766b407c3f23886bf51afda9cc17f1e5746fa1ddd54bMAPLE Computer WBT SNMP Administrator version 2.0.195.15 remote buffer overflow exploit with egghunter.
893fde7732f15b12f55e3084296bc66ba46e14f248cded34af92a00bcc8d6150MAPLE Computer WBT SNMP Administrator version 2.0.195.15 suffers from a buffer overflow vulnerability that allows for code execution.
12d0dde4c8e8a643ebd2d49aeade21afb7e3be518b853bea9886a03fd7857698Microsoft compiled HTML Help and uncompiled .chm files can be leveraged for XML external entity injection attacks.
5b366b813a8e6548ff87d56be406a5be2af24d4545f6160220a89f13e26612beMicrosoft File Checksum Verifier version 2.05 suffers from a dll hijacking vulnerability.
17fc362e8e18414dd114c21009fd8fff819c0c7c6e6e529a0ec24d3b4887e2ceThe HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS if attackers can reach the service on port 8794. In addition this can potentially be leveraged for post exploit persistence with SYSTEM privileges, if physical access or malware is involved. If a physical attacker or malware can set its own program for the service failure recovery options, it can be used to maintain persistence. Afterwards, it can be triggered by sending a malicious request to DoS the service, which in turn can start the attackers recovery program. The attackers program can then try restarting the affected service to try an stay unnoticed by calling "sc start HCServerService". Services failure flag recovery options for "enabling actions for stops or errors" and can be set in the services "Recovery" properties tab or on the command line. Authentication is not required to reach the vulnerable service, this was tested successfully on Windows 7/10.
e412776a5d16a5dbc331f537d80d4a3daeb9af8a5003301b054c2cf0df704e15When a Microsoft Word ".docx" File contains a hyperlink to another file, it will run the first file it finds in that directory with a valid extension. But will present to the end user an extension-less file in its Security warning dialog box without showing the extension type. If another "empty" file of the same name as the target executable exists but has no file extension. Because the extension is suppressed it makes the file seem harmless and the file can be masked to appear as just a folder etc. This can potentially trick user into running unexpected code, but will only work when you have an additional file of same name with NO extension on it.
18d464c17f780a09e712727343af4ef6b58086ae39ba369df2476dd841db2172Microsoft Windows PowerShell ISE will execute wrongly supplied code when debugging specially crafted PowerShell scripts that contain array brackets as part of the filename. This can result in ISE executing attacker supplied scripts pointed to by the filename and not the "trusted" PS file currently loaded and being viewed by a user in the host application. This undermines the integrity of PowerShell ISE allowing potential unexpected remote code execution.
0863fc7584b3c4dfd6c34bfc038de0305035af158c7ca97c8d46b0dea4ff2550This Metasploit module allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to processing of contact files.
61fc32618fc4266b946f0130bc44154af701a9c7982e3296bf93f3a548745f3dMicrosoft Internet Explorer 11 suffers from an XML external entity injection vulnerability.
d0d9c0120bc1bc43c93bc8ccd59c86cf132b3cf03c40d7227c89822c693a6e73The Windows registry editor allows specially crafted .reg filenames to spoof the default registry dialog warning box presented to an end user. This can potentially trick unsavvy users into choosing the wrong selection shown on the dialog box. Furthermore, we can deny the registry editor its ability to show the default secondary status dialog box (Win 10), thereby hiding the fact that our attack was successful.
3540f096cd299680245203510c761b4c9ab487884731e55a66d94f65a26f3c66CloudMe Sync version 1.11.2 buffer overflow exploit with DEP bypass for WoW64.
3343c0221cb885f3c36ac1405e8f04a31e4489b88140a1e1b13a5b4a5358cb82Microsoft Windows has a flaw where a contact file can be leveraged with a malicious mailto: link to achieve code execution.
e16184bb657aebad54ac521372498653ef4ce63d19c5b150334e57414d202fdcMicrosoft Windows VCF or Contact file URL manipulation arbitrary code execution proof of concept exploit. Tested on Windows 7 SP1, 8.1, 10 v.1809 with full patches up to January 2019. Both x86 and x64 architectures were tested.
4bab944a0b17daf7f0d90da83593812093fe9831c9e83e778ca90dee2aeb3463This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to the processing of ".contact" files <c:Url> node param which takes an expected website value, however if an attacker references an executable file it will run that instead without warning instead of performing expected web navigation. This is dangerous and would be unexpected to an end user.
52e7fff8b2469f2e46e7461221da6fa33e56fb572f280f549b64f91c087847d7This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of VCard files. Crafted data in a VCard file can cause Windows to display a dangerous hyperlink. The user interface fails to provide any indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of the current user.
cd40c196b081548df5ccd00b20a2f8a7fb1342cbe28f554fa27954ed10eca754NEC Univerge Sv9100 WebPro version 6.00.00 suffers from predictable session identifiers and cleartext password vulnerabilities.
a98260d96973f77023baa2984d22f2c53c26e72d88408163fbadc069bbb33da3D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices will load a trojan horse "quserex.dll" and will create a new thread running with SYSTEM integrity.
52c49a3a7607f161b4168d84b61bd33426cca6070383c6347c351b60ea7cade1Using a web browser or script server-side request forgery (SSRF) can be initiated against internal/external systems to conduct port scans by leveraging D-LINK's MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using Web Browser.
53baa0e6a12bb0ef14fad1c04c6d784940b40d49e5593d74db2b71aa5c26e072The FTP Server component of the D-LINK Central WifiManager can be used as a man-in-the-middle machine allowing PORT Command bounce scan attacks. This vulnerability allows remote attackers to abuse your network and discreetly conduct network port scanning. Victims will then think these scans are originating from the D-LINK network running the afflicted FTP Server and not you. Version 1.03 r0098 is affected.
b4c780a65fbf4c9da691e430cf3ab77157fb42d84886375e480aa0fb88b21444A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. Cisco Immunet versions prior to 6.2.0 and Cisco AMP For Endpoints version 6.2.0 are affected.
5017f9c736285c4def48333e34e95f0cc85a4c481b2df3b3524424ab4b0de654
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed