This Metasploit module exploits CVE-2020-0787, an arbitrary file move vulnerability in outdated versions of the Background Intelligent Transfer Service (BITS), to overwrite C:\Windows\System32\WindowsCoreDeviceInfo.dll with a malicious DLL containing the attacker's payload. To achieve code execution as the SYSTEM user, the Update Session Orchestrator service is then started, which will result in the malicious WindowsCoreDeviceInfo.dll being run with SYSTEM privileges due to a DLL hijacking issue within the Update Session Orchestrator Service. Note that presently this module only works on Windows 10 and Windows Server 2016 and later as the Update Session Orchestrator Service was only introduced in Windows 10. Note that only Windows 10 has been tested, so your mileage may vary on Windows Server 2016 and later.
881389db7516cd93002413a591d878987421d6e664f4be1ea349fe9d3d4000cfhaveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
8ac19e909bfd2ca54430773844f5e728f0d6f15e18091988e75c838b7343ca34This is a proof of concept exploit that demonstrates the SMBleed remote kernel memory read vulnerability.
0af6adccbaa14f46fae84ec9b385edc67b8dfd138dd74de61102046328ddd506This proof of concept exploits a pre-authentication remote code execution vulnerability by combining SMBleed with SMBGhost.
ccd8ef1a4d15dca93a5b578e4d4dbbcff2f63e8252444be08bccf20fe2d7a55d124 bytes small ASLR deactivation polymorphic shellcode.
f35cfa4088dc8782ee00e5aec94711939df5ad8baab85cfcf1521e6a2ed57337The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. This tool checks for the vulnerability.
74417ee5e3a7179a22e86e5d705efe713b327750125d3e74e051f826677f640cRed Hat Security Advisory 2020-2529-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Issues addressed include a deserialization vulnerability.
6ea8239ae1b0f8945b80aa7f592e1eb4821f3bd6dba7f94b7ba6dd99688023c6Red Hat Security Advisory 2020-2530-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Issues addressed include a deserialization vulnerability.
3986f36b9e430d29eba185045adfc2f7f571b61c422bc68975c7ca7df03228f2Red Hat Security Advisory 2020-2512-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass, cross site scripting, out of bounds read, and traversal vulnerabilities.
b48123594743d0a1863f693ce7f2c17d17d4ea017f6917ad39102d94f52cd13cRed Hat Security Advisory 2020-2513-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass, cross site scripting, out of bounds read, and traversal vulnerabilities.
a2668962b6b2e043d309bf5d68dd0c0af147e2d10093c6c0608a0cf5de4d0536Red Hat Security Advisory 2020-2524-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.
fbfa3ba2771ca3d2c3032055cbc5daf2cd75681af6e4354f70742b1030e2f63eRed Hat Security Advisory 2020-2523-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.
5859bd4dc9842ce8ad71eb33e4bacf18fed875d7b192627c580c22fb4c19d266Red Hat Security Advisory 2020-2521-01 - The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Issues addressed include an out of bounds read vulnerability.
1a7416767dac8336e19763430399c62f0935e1519c304477470867dc302004acRed Hat Security Advisory 2020-2522-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, double free, integer overflow, memory leak, null pointer, and use-after-free vulnerabilities.
e4e407d5d11456415fbd17c67e612fad4cfe0d3826d8690e6621a9db97576147Red Hat Security Advisory 2020-2519-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include null pointer and use-after-free vulnerabilities.
6cfc0f58090649f9090185b8c992ea7ea3a4d17ae7494207f5a23d75df1ee10aRed Hat Security Advisory 2020-2520-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an incorrect parsing vulnerability.
d87cfddcf612ac9bf22c26a297c9f8853a61ae1670bca335c161610a7d81e247Red Hat Security Advisory 2020-2516-01 - The libexif packages provide a library for extracting extra information from image files. Issues addressed include buffer over-read, denial of service, and information leakage vulnerabilities.
ee1a32c1d2278327d43303d387c22a1abeab2f85a6e3bf9c19b247078ac3e55fUbuntu Security Notice 4385-2 - USN-4385-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Skylake family from booting successfully. Additionally, on Ubuntu 20.04 LTS, late loading of microcode was enabled, which could lead to system instability. This update reverts the microcode update for the Skylake processor family and disables the late loading option on Ubuntu 20.04 LTS. Please note that the 'dis_ucode_ldr' kernel command line option can be added in the boot menu to disable microcode loading for system recovery. Various other issues were also addressed.
7a5311fd9395be788d4e44d398fc8710567f10630e93a9fd8de402cbc949634bRed Hat Security Advisory 2020-2515-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass, cross site scripting, out of bounds read, and traversal vulnerabilities.
1c85f7b1237e357aa3d0c7411dc4c64d3dd58bc597ba01c3db3c76df802c3decRed Hat Security Advisory 2020-2511-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass, cross site scripting, out of bounds read, and traversal vulnerabilities.
b742dea6ba4231ecf4c41851c05a9bf0158397a8034c4b4a7dd27933da9ab78eRed Hat Security Advisory 2020-2508-01 - Expat is a C library for parsing XML documents. Issues addressed include buffer overflow and integer overflow vulnerabilities.
9a6d17df60036e1782ffc0e0407b2b4f72d76ef26f8cd29c1c5450d1f3a38fa0Red Hat Security Advisory 2020-2505-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a buffer overflow vulnerability.
9af881c5b1f38db9041445864403af20a6329e9e571f98946b21abaa0d85dfa2Red Hat Security Advisory 2020-2509-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.1 serves as a replacement for Red Hat JBoss Web Server 5.3.0, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
ec522dbde4e24e430dfeeda0dd7ff7293535495da966add56394d87e054d2c29Red Hat Security Advisory 2020-2486-01 - The unzip utility is used to list, test, and extract files from zip archives. Issues addressed include a denial of service vulnerability.
67d45e37d3aca729a801c792b4314ef8504285430b33381e55939eaf735e3e70Red Hat Security Advisory 2020-2506-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.1 serves as a replacement for Red Hat JBoss Web Server 5.3.0, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
a8ecd6fa2f10502b15c65a9331f1f580113eb942a43faddf5b1bd51c8f250c6b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed