A use after free vulnerability exists in the NtGdiResetDC() function of Win32k which can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists due to the fact that this function calls hdcOpenDCW(), which performs a user mode callback. During this callback, attackers can call the NtGdiResetDC() function again with the same handle as before, which will result in the PDC object that is referenced by this handle being freed. The attacker can then replace the memory referenced by the handle with their own object, before passing execution back to the original NtGdiResetDC() call, which will now use the attacker's object without appropriate validation. This can then allow the attacker to manipulate the state of the kernel and, together with additional exploitation techniques, gain code execution as NT AUTHORITY\SYSTEM. This Metasploit module has been tested to work on Windows 10 x64 RS1 (build 14393) and RS5 (build 17763), however previous versions of Windows 10 will likely also work.
d461ac15b5e26e34c254c715db3521b7fe5d55e6fa9001b97d36ac89cbec7782This Metasploit module demonstrates that by removing the authentication exchange, an attacker can issue requests to the local OMI management socket that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 (released September 8th 2021).
421ae743686547f1ecd98e3086fa9370482e6a9646a5f30c18b32491b7848309Dolibarr ERP and CRM version 13.0.2 suffer from a remote code execution vulnerability.
0dd7e4e38cc6c0c22d88da8c1315ae0c0f36dd8f9385afa1c3a2edd42c937216Dolibarr ERP and CRM version 13.0.2 suffer from a persistent cross site scripting vulnerability.
6afececee15157d0a85c82e9913e53a3fb7f9193f24e64dca4bef906cb032bebThe call for papers has been announced for the 4th international workshop in Artificial Intelligence and Industrial Internet-of-Things Security (AIoTS). It will be co-located with the ACNS2022 conference June 20 through the 23rd in Rome, Italy.
93e3635739ba0bfd607e2ca07b7aed66f2efbf31ba1d7bb6fb8e6f40b4743083Employee Daily Task Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
7baaedbc35778ecfe82b411690074dbf1c3c87dd3920665632baa5ac4ccdb346Employee and Visitor Gate Pass Logging System version 1.0 suffers from a persistent cross site scripting vulnerability.
5e96f5e3ec024a02debdada181a744c7c12d29a50ae1fe3333a358525b9b0ad2Whitepaper discussing the OWASP top ten and security of APIs. Written in Spanish.
5d6c059cffab55d95f06d12ecf6b042c525b6ac3c50432367d0c388815310a67Red Hat Security Advisory 2021-4593-04 - Annobin provides a compiler plugin to annotate and tools to examine compiled binary files.
f368e0bd409da19d17cad8637fb14018bb40c0e3898954b45527f1a056f85d64Red Hat Security Advisory 2021-4589-03 - Annobin provides a compiler plugin to annotate and tools to examine compiled binary files.
c2da39adbd4bb2a714987bd8e9f26772da5eb3ddf0a880f9d1c2d70199a428dfRed Hat Security Advisory 2021-4586-03 - The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries.
b30206a21a3ebeac43ba09de8fd87c2f8e056fa2e633fe8611e6775a2e6449caRed Hat Security Advisory 2021-4585-03 - The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries.
9a4c6e3a05d5ae4c6671077ad3a63188b2272be1c50b40c72166ab172015c838Red Hat Security Advisory 2021-4595-04 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.
a4b4fd0f40e633268fb238c60a0c3924489f941b1cd591205041aee026c394acRed Hat Security Advisory 2021-4587-04 - The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries.
74ace7ac8e76ac73b5c7eabad1cb7afc039f927e6c4e12cbf552fe694404443fRed Hat Security Advisory 2021-4594-02 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.
184ab5eaf8e6f1d050dbec977a418bf99400fc42dc842e7769c86c530677dec2Red Hat Security Advisory 2021-4601-04 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.
63fdbe020741752e1c2693667bd0beca7df932889a5c13b1fd01a6eb43efed37Red Hat Security Advisory 2021-4605-03 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.3.0 ESR. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.
7174623cd74de4d39aeedcadd0784ebb899d5e656741ac9329db468ebc0aadddRed Hat Security Advisory 2021-4590-04 - Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.
7372af80f5f83fb57080da5e41339fbf09b4cf247874d918c9ec84ed156e1b23Red Hat Security Advisory 2021-4607-03 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.3.0 ESR. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.
512060d650183ad9b499ca29fbbaae75872ff7b6386cb9a233685645b36f2964Red Hat Security Advisory 2021-4596-02 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.
4c6f414ba04b8f4b7af932aaa2ce4d2695c6fc113cc42e03562194496b49cef6Red Hat Security Advisory 2021-4591-04 - Annobin provides a compiler plugin to annotate and tools to examine compiled binary files.
c0fe566b0f9279e86fa7cd35b8359ceb98ccdaec64f718e4e549eefa3f48d401Red Hat Security Advisory 2021-4592-04 - Annobin provides a compiler plugin to annotate and tools to examine compiled binary files.
8d3dd15983e5a0819a4745ca5ab7d18d288c94c7f4ff63b97d8959aadde6b20dRed Hat Security Advisory 2021-4597-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
260c11e7543d7f81b7e423491849ee1d8105268c7058936606d067d77da9f430Red Hat Security Advisory 2021-4599-04 - Annobin provides a compiler plugin to annotate and tools to examine compiled binary files.
b9eafaff6370d3dedc40f37ef1c3b1390ee8f3b28cf06dc78e736edffee93273Red Hat Security Advisory 2021-4582-02 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring. Security fixes: golang: crypto/tls: certificate of wrong type is causing TLS client to panic.
f28cc76ddb412145654050664da26602d7c4d62da2e36475367e140177eb756a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed