exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2020-12-09

Microsoft Windows WOF FSCTL_SET_REPARSE_POINT_EX Cached Signing Level Bypass
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows WOF filter driver does not correctly handle the reparse point setting which allows for an arbitrary file to be cached signed leading to a bypass of UMCI.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2020-17139
SHA-256 | f7187a580ed5ddc20b2b930a86832d7b24cd31f5db3e5cf9d99b3c13774e00ee
Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess Registry Key Creation / Privilege Escalation
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess function allows a user to create arbitrary registry keys in the .DEFAULT users hive leading to elevation of privilege.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2020-17103
SHA-256 | 74dc9ea6b122383e9da88cbc95551409a14569942eda9298a95b7107c556d891
Microsoft Windows Cloud Filter HsmpAccessCheck Bypass / Privilege Escalation
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows Cloud Filter access check does not take into account restrictions such as Mandatory Labels allowing a user to bypass security checks.

tags | exploit
systems | windows
advisories | CVE-2020-17134
SHA-256 | ab13f889be67421c34dededae4d0f04228ed04132587c76532ade86b69862f9a
Microsoft Windows Cloud Filter Arbitrary File Creation / Privilege Escalation
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows Cloud Filter driver can be abused to create arbitrary files and directories leading to elevation of privilege.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2020-17136
SHA-256 | 9a3290c879be49aca14a16284ca357134f4661368bf483256ce8149957daef11
Ubuntu Security Notice USN-4666-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4666-1 - It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting attacks.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2020-27783
SHA-256 | ca307b3cc7daa751ba08483ab5e7378fedd25111458b26668ab00e31deed2094
Ubuntu Security Notice USN-4665-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4665-1 - Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. This issue only affected Ubuntu 20.10. Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286
SHA-256 | f42cebdc9249a10007d5ed4497b419dfe126d209b753fc8f3f5fab08098f9e05
Tibco ObfuscationEngine 5.11 Fixed Key Password Decryption
Posted Dec 9, 2020
Authored by Tess Sluijter

Tibco ObfuscationEngine version 5.11 uses a fixed key for decryption operations, making it pointless.

tags | exploit
SHA-256 | 66a9bf20848c877ae45bd91ca0f25382c067fd4643bd9854dba825cb879670bc
Ubuntu Security Notice USN-4664-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4664-1 - Kevin Backhouse discovered that Aptdaemon incorrectly handled certain properties. A local attacker could use this issue to test for the presence of local files. Kevin Backhouse discovered that Aptdaemon incorrectly handled permission checks. A local attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2020-16128, CVE-2020-27349
SHA-256 | 8fb25a4190ab9202f679adaca9e52aadb288fa34516bb30382c77935da9ea6a8
Task Management System 1.0 Cross Site Scripting
Posted Dec 9, 2020
Authored by Saeed Bala Ahmed

Task Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 73cc366f8b928915f63caf49118ce3855d1be06c3d5ac9aae4ce828535f32214
Task Management System 1.0 Shell Upload
Posted Dec 9, 2020
Authored by Saeed Bala Ahmed

Task Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 8269463dc2bcbd5a12d4e0eb1384cb71bd0220bfe436281562d73633822bc167
Task Management System 1.0 SQL Injection
Posted Dec 9, 2020
Authored by Saeed Bala Ahmed

Task Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9cbde0eed9c9ff2185f4ff9a1b40b984378ba5de3a8ea38f2f042a18c5ed5f39
Ubuntu Security Notice USN-4663-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4663-1 - Melvin Kool discovered that the GDK-PixBuf library did not properly handle certain GIF images. If an user or automated system were tricked into opening a specially crafted GIF file, a remote attacker could use this flaw to cause GDK-PixBuf to hang, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-29385
SHA-256 | f07e2a7fe1a40f36edcf1e4be14bb23b4328ddb93f5876cd4a3a978e7031d1df
SmarterMail 6985 Remote Code Execution
Posted Dec 9, 2020
Authored by Soroush Dalili, 1F98D

SmarterMail build version 6985 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2019-7214
SHA-256 | 03a34ec5b65f814667108d5769e315ba381562b01bceb44b9f6931123cc94443
Employee Performance Evaluation System 1.0 Insecure Direct Object Reference
Posted Dec 9, 2020
Authored by Manish Solanki

Employee Performance Evaluation System version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit
SHA-256 | d7feffe6b7df4745ecce3ee15eecee5fc99d74a154cfa8859c6376490c477665
Ubuntu Security Notice USN-4662-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4662-1 - David Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-1971
SHA-256 | ad69a5c289631b5ea671af75ccefd8d00c743c1eb3e64a5f603b7886482c735e
Dup Scout Enterprise 10.0.18 Buffer Overflow
Posted Dec 9, 2020
Authored by Andres Roldan

Dup Scout Enterprise version 10.0.18 SEH remote buffer overflow exploit.

tags | exploit, remote, overflow
SHA-256 | c4d6fee64413a3c7a642d337cf095b6abb35c0da47f5a6f92a8d2a8a946292dd
Mobile App Security
Posted Dec 9, 2020
Authored by SunCSR, Nghia Van Le

This is a brief whitepaper discussing best practices in mobile application security.

tags | paper
SHA-256 | b1918abbd608009a0920e4a9bc031809a5b57b44c3c36e87343ee875c3173748
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close