exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2015-09-18

Windows Task Scheduler DeleteExpiredTaskAfter File Deletion Privilege Escalation
Posted Sep 18, 2015
Authored by Google Security Research, forshaw

The Task Scheduler can be made to delete a task after it's trigger has expired. No check is made to ensure the task file is not a junction which allows arbitrary files to be deleted by the system user leading to EoP.

tags | exploit, arbitrary
systems | linux
advisories | CVE-2015-2525
SHA-256 | c30785bf661d0d66daa78abe61a94c360587d6e66ae875cfc5a81dc4ec54b02e
Windows NtUserGetClipboardAccessToken Token Leak Redux
Posted Sep 18, 2015
Authored by Google Security Research, forshaw

The NtUserGetClipboardAccessToken win32k system call exposes the access token of the last user to lower-privileged users. It can also be used to open an anonymous impersonation thread token which normally OpenThreadToken shouldn't be able to do. This is a bypass of the fix for CVE-2015-0078.

tags | exploit
systems | linux
advisories | CVE-2015-2527
SHA-256 | 9bcf7274e363f1dc579d9ed68048a01019d56cc2f841f1a4a04c182389196296
Microsoft Office 2007 OGL.dll ValidateBitmapInfo Bounds Check Failure
Posted Sep 18, 2015
Authored by Google Security Research, scvitti

A bounds check crash was observed in Microsoft Office 2007 Excel with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.

tags | exploit
systems | linux
advisories | CVE-2015-2510
SHA-256 | 05a60e7019067851141f1787a5bbda75454773b40b9acf97e8b754f2fad758fd
Microsoft Office Excel 2007, 2010, 2013 Use-After-Free With BIFFRecord
Posted Sep 18, 2015
Authored by Google Security Research, scvitti

Microsoft Excel 2007 running on Windows 2003 suffers from a use-after-free vulnerability.

tags | exploit
systems | linux, windows
advisories | CVE-2015-2523
SHA-256 | 460bd27af88f7165a795d698b85d2e4cd8c83732200f70dc5c84e7b8e4818f79
Windows User Mode Font Driver Thread Permissions EoP
Posted Sep 18, 2015
Authored by Google Security Research, forshaw

The host process for the UMFD runs as a normal user but with a heavily restrictive process DACL. It's possible execute arbitrary code within the context of the process because it's possible to access the processes threads leading to local EoP.

tags | exploit, arbitrary, local
systems | linux
advisories | CVE-2015-2508
SHA-256 | f0ec77ee8811de8feb9edad30b69fae9734672773f9e5a37d08fdba2317cebd5
Microsoft Office 2007 BIFFRecord Length Use-After-Free
Posted Sep 18, 2015
Authored by Google Security Research, scvitti

A use-after-free crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.

tags | exploit
systems | linux
advisories | CVE-2015-2520
SHA-256 | 3b2e620089c3777eb2d36942713f33cf68f9865e894dbaee83bdbdb3af57385c
Microsoft Office 2007 OLESSDirectyEntry.CreateTime Type Confusion
Posted Sep 18, 2015
Authored by Google Security Research, scvitti

A type confusion crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.

tags | exploit
systems | linux
advisories | CVE-2015-2521
SHA-256 | 247823ed9395d266e8674965a149848a04a5b7380aa2bf3723839d71d6ca65a6
Farol SQL Injection
Posted Sep 18, 2015
Authored by Thierry Fernandes Faria

Farol suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-6962
SHA-256 | df6cc2ad04df2605a64ef148d68abc88d2f8585d578b3fc546581b6423ee7f3e
Microsoft Security Bulletin Revision Increment For September, 2015
Posted Sep 18, 2015
Site microsoft.com

This bulletin summary lists one bulletin that has undergone a major revision increment for September, 2015.

tags | advisory
SHA-256 | 5f6f682ba4880eb8f48a1278d89725dd322fec002101dc9129c07563b29930a9
Windows CreateObjectTask TileUserBroker Privlege Escalation
Posted Sep 18, 2015
Authored by Google Security Research, forshaw

The Microsoft\Windows\Shell\CreateObjectTask initializes a shell32 based ICreateObject COM server as local system. This is marked as being accessible from a normal user account so once created we can attach to it. The server only has one method, CreateObject which checks the CLSID against a list of known safe classes before allowing it to be instantiated. One of these classes is allows a user to set their account picture for the logon screen.

tags | exploit, shell, local
systems | linux, windows
advisories | CVE-2015-2528
SHA-256 | 6a43091589e97afa78001dc6e8f0c4e88aed1de975f8578e7b0706c3c45901f3
Windows CreateObjectTask SettingsSyncDiagnostics Privilege Escalation
Posted Sep 18, 2015
Authored by Google Security Research, forshaw

The Microsoft\Windows\Shell\CreateObjectTask initializes a shell32 based ICreateObject COM server as local system. This is marked as being accessible from a normal user account so once created we can attach to it. The server only has one method, CreateObject which checks the CLSID against a list of known safe classes before allowing it to be instantiated. One of these classes is a diagnostic class for setting synchronization implemented in SettingSync.dll.

tags | exploit, shell, local
systems | linux, windows
advisories | CVE-2015-2524
SHA-256 | 6aef4dd16b7085d61fe94cd118f3ece652f9cd33df0722b63a4bf31f53557554
Microsoft Exchange Outlook Web 2013 Information Disclosure
Posted Sep 18, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Outlook Web Access (OWA) does not properly handle web requests. A remote user can send a specially crafted request to the target web application to view potentially sensitive stack trace information on the target system.

tags | advisory, remote, web
advisories | CVE-2015-2505
SHA-256 | 9bdf7b9f1342306a29ba881af9aafb71cc796dc11f06d569ced59e02889dbd3f
OS X IOKit Kernel Memory Corruption
Posted Sep 18, 2015
Authored by Google Security Research, Ian Beer

An OS X IOKit kernel memory corruption issue occurs due to a bad bzero in IOBluetoothDevice.

tags | exploit, kernel
systems | linux, apple, osx
advisories | CVE-2014-8836
SHA-256 | f3d2f3b8051f90b86f0cfd263f09f98a7e0e04c1e1fcff20c13e3ca8f318052c
iBooking CMS SQL Injection
Posted Sep 18, 2015
Authored by Cleiton Pinheiro

iBooking CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f940a1514994a822f9b19f66067c704407e5484e1dded2db9cec7600be48e779
Pentaho 5.2.x BA Suite / PDI Information Disclosure
Posted Sep 18, 2015
Authored by Gregory Draperi

Pentaho version 5.2.x GA BA Suite and PDI allow unauthenticated access to configuration files. The GetResource servlet, a vestige of the old platform UI, allows unauthenticated access to resources in the pentaho-solutions/system folder. Specifically vulnerable are properties files that may reveal passwords.

tags | exploit, info disclosure
advisories | CVE-2015-6940
SHA-256 | 0888853ff4779b5907a0ff21cd8ea09daabbccf2686a3c59adcb64e634280c5e
Adobe Reader X And XI For Windows Out-of-bounds Write In CoolType.dll
Posted Sep 18, 2015
Authored by Google Security Research, mjurczyk

Adobe Reader X and XI for windows suffers from an out-of-bounds write in CoolType.dll.

tags | exploit
systems | linux, windows
advisories | CVE-2014-9160
SHA-256 | 94d511f0b5c52532ba8c4998f0ae71bb9ef6d1788cd193c33ea257be138b259f
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close