This Metasploit module leverages a UAC bypass (TokenMagic) in order to spawn a process/conduct a DLL hijacking attack to gain SYSTEM-level privileges. Windows 7 through Windows 10 1803 are affected.
3d550555fdb7911177d802cb18251bb90d83981e45b93f363dcca79c2f431810The DBUtil_2_3.sys driver distributed by Dell exposes an unprotected IOCTL interface that can be abused by an attacker to read and write kernel-mode memory.
60c28ef1ac35891f12da2b7098fca05a34362d8c69f7050055509277585d70abWapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.
ee7d76549f3f237ce19d78280de108c705b1b1ecf62710a3a514ccacd508a5e8Ubuntu Security Notice 4956-1 - It was discovered that Eventlet incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service.
cb5fb373169c8ba0b611b9138b1e83c585bf8948ce087b4e6cf1f5d4b0dddb29IPFire version 2.25 suffers from a remote code execution vulnerability.
93e5a0e715df1370e5ef4b121ef5e88d3d1b2edd883f84f7d0c7a2acf956835dBackdoor.Win32.Antilam.14.d malware suffers from a code execution vulnerability.
ed20b71c46922a7fe5b216bfa7ac95e8524f7861a42ff525a99c9cdc84d52739Advanced Guestbook version 2.4.4 suffers from a persistent cross site scripting vulnerability.
abcecfa3706e739e9dfa06925965c56bdd64b612b78ad0b986317b7a65f452deUbuntu Security Notice 4955-1 - Matthias Gerstner discovered that Please contained multiple security issues. A local attacker could use these issues to cause Please to crash, resulting in a denial of service, or possibly escalate privileges.
c4dfad9391ee0a0f2fe3f6460d83e8a37b6f4368b05a464dce6bf256a0465d2eBackdoor.Win32.Agent.oda malware suffers from a buffer overflow vulnerability.
2c4a87ebd37e38d6ce8d228456cbbd252884f58cf41201a434b65b93f4c14650Backdoor.Win32.Danton.43 malware suffers from a man-in-the-middle vulnerability.
8ac600863e3f0fed2d5e51c9c026d779161eb1ea2cde43d0dd3dfe1cfda32919Dental Clinic Appointment Reservation System version 1.0 suffers from a cross site request forgery vulnerability.
18b92b16f9fc2a2009ab2e07d54b79f587f2259d0799f322589b2f15ee7bc7cdDental Clinic Appointment Reservation System version 1.0 suffers from a persistent cross site scripting vulnerability.
42e6fa4b9631e3e8ab217a87ad9975e8879ef0b318f20311c97176acbd85687eBackdoor.Win32.Danton.43 malware suffers from code execution and hardcoded credential vulnerabilities.
a6a99a600dfd0c6c9a069739459b3bc70c977421ec10cf8475e82741b8eeb3ebBackdoor.Win32.Agent.lyw malware suffers from a buffer overflow vulnerability.
6a30bd465d1512513932889a1a804ab0201d681769b354c4c260b7dca71be471Subrion CMS version 4.2.1 file upload bypass exploit that uploads a shell.
a8dc69971c84f2d358d2043b54d854b585028b195fc8de3cc1b57d75eb01c988Printable Staff ID Card Creator System version 1.0 suffers from remote shell upload and remote SQL injection vulnerabilities.
0288a0ade6b292dcfaf2ed1475d9e81f48704f79276c587e97795e05a3fd85cfBilling Management System version 2.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Pintu Solanki in February of 2021.
25b099897c38e0ddaff2308cfd1337fd34b11049beb099e604bd657696024b66Ubuntu Security Notice 4628-3 - USN-4628-1 provided updated Intel Processor Microcode for various processor types. This update provides the corresponding updates for some additional processor types. Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel Processors did not properly isolate shared resources in some situations. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.
9c7da2b2470de60b7a8d8d7efe50799848d6dbcea7454d96ae03812a657b6ddfBackdoor.Win32.Agent.cy malware suffers from denial of service and null pointer vulnerabilities.
8fa96d7ab7fa1faf3502cf442762cce78eb78154a1656244f619704bab4dc1c1Backdoor.Win32.Agent.cy malware suffers from insecure transit issues.
9b3875f23908e791ce3aa8338237d21541fa943bbd4bc7feebe8807b4135e93eMicrosoft Internet Explorer version 8 SetMouseCapture use-after-free exploit.
dc036f7561a91f3ec1de1adb5c4d23b74d6d6af8f98e8f05554baa77eae7a593
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed