This Metasploit module exploits CVE-2020-0787, an arbitrary file move vulnerability in outdated versions of the Background Intelligent Transfer Service (BITS), to overwrite C:\Windows\System32\WindowsCoreDeviceInfo.dll with a malicious DLL containing the attacker's payload. To achieve code execution as the SYSTEM user, the Update Session Orchestrator service is then started, which will result in the malicious WindowsCoreDeviceInfo.dll being run with SYSTEM privileges due to a DLL hijacking issue within the Update Session Orchestrator Service. Note that presently this module only works on Windows 10 and Windows Server 2016 and later as the Update Session Orchestrator Service was only introduced in Windows 10. Note that only Windows 10 has been tested, so your mileage may vary on Windows Server 2016 and later.
0804ff3bfe957376a4af71aa3919154f
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
c20eeab4dd860ac9257465f8be814d6a
This is a proof of concept exploit that demonstrates the SMBleed remote kernel memory read vulnerability.
158c02865ebd54cc54aad47af76b281d
This proof of concept exploits a pre-authentication remote code execution vulnerability by combining SMBleed with SMBGhost.
3dbbc830a0e476d380e1321d4b64dca0
124 bytes small ASLR deactivation polymorphic shellcode.
68fed31edbc95b6538cd08d866de9910
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. This tool checks for the vulnerability.
a036cedcc6cedbeb209a55f7ef24a4c3
Red Hat Security Advisory 2020-2529-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Issues addressed include a deserialization vulnerability.
a32a97559b64920d377db643262fdf70
Red Hat Security Advisory 2020-2530-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Issues addressed include a deserialization vulnerability.
a6f286fafa9de857d49c1b1ce56dde14
Red Hat Security Advisory 2020-2512-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass, cross site scripting, out of bounds read, and traversal vulnerabilities.
6ae3684792ea5e46310d164cff36afb4
Red Hat Security Advisory 2020-2513-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass, cross site scripting, out of bounds read, and traversal vulnerabilities.
f60382f39d2b3da9f6462cf5e18acbbe
Red Hat Security Advisory 2020-2524-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.
7ac0e9043d310fdbb32125b0375259d7
Red Hat Security Advisory 2020-2523-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.
a7f3ca4fe0a622005fd6907f881ebb08
Red Hat Security Advisory 2020-2521-01 - The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Issues addressed include an out of bounds read vulnerability.
040f1f81ae925b2a5f760184934d1f4d
Red Hat Security Advisory 2020-2522-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, double free, integer overflow, memory leak, null pointer, and use-after-free vulnerabilities.
89f1f9cf40446f2816ba9234dd52e3de
Red Hat Security Advisory 2020-2519-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include null pointer and use-after-free vulnerabilities.
7a27e5e90084fb32e8c414affd1f5227
Red Hat Security Advisory 2020-2520-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an incorrect parsing vulnerability.
4f2043d89624a3b0bc6068bdd58603db
Red Hat Security Advisory 2020-2516-01 - The libexif packages provide a library for extracting extra information from image files. Issues addressed include buffer over-read, denial of service, and information leakage vulnerabilities.
28d7fb38204009a6b3abbe3c9f4b7e79
Ubuntu Security Notice 4385-2 - USN-4385-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Skylake family from booting successfully. Additionally, on Ubuntu 20.04 LTS, late loading of microcode was enabled, which could lead to system instability. This update reverts the microcode update for the Skylake processor family and disables the late loading option on Ubuntu 20.04 LTS. Please note that the 'dis_ucode_ldr' kernel command line option can be added in the boot menu to disable microcode loading for system recovery. Various other issues were also addressed.
e73d5f6c4c88bce23e85bfb3e434f4f6
Red Hat Security Advisory 2020-2515-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass, cross site scripting, out of bounds read, and traversal vulnerabilities.
a92136b97024b3e83053fdba24cb5e05
Red Hat Security Advisory 2020-2511-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass, cross site scripting, out of bounds read, and traversal vulnerabilities.
147754d9b2c0090148b168053a4b7b5a
Red Hat Security Advisory 2020-2508-01 - Expat is a C library for parsing XML documents. Issues addressed include buffer overflow and integer overflow vulnerabilities.
92dedaaa3704e44c025fd64608fe4705
Red Hat Security Advisory 2020-2505-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a buffer overflow vulnerability.
04882ecd26e1dc285ccb37c592f2143d
Red Hat Security Advisory 2020-2509-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.1 serves as a replacement for Red Hat JBoss Web Server 5.3.0, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
43813be586c96e18b321c591e23a1f8f
Red Hat Security Advisory 2020-2486-01 - The unzip utility is used to list, test, and extract files from zip archives. Issues addressed include a denial of service vulnerability.
0227ea11f7ba1503afedb28192d2657c
Red Hat Security Advisory 2020-2506-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.1 serves as a replacement for Red Hat JBoss Web Server 5.3.0, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
cc3576a7c5117d92cf57a7b8dcbb21bd