Exploit the possiblities
Showing 1 - 25 of 5,234 RSS Feed

Operating System: Windows

Apple Security Advisory 2017-12-13-4
Posted Dec 16, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-12-13-4 - iTunes 12.7.2 for Windows is now available and addresses code execution and privacy issues.

tags | advisory, code execution
systems | windows, apple
advisories | CVE-2017-13856, CVE-2017-13864, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-7157
MD5 | 954cddeb76ad1d345aff418d5cf66c6d
Apple Security Advisory 2017-12-13-3
Posted Dec 16, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-12-13-3 - iCloud for Windows 7.2 is now available and addresses code execution and privacy issues.

tags | advisory, code execution
systems | windows, apple, 7
advisories | CVE-2017-13856, CVE-2017-13864, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-7157
MD5 | 4a311c787e7cbdff236c940b272c076a
Keeper Privileged UI Injection
Posted Dec 15, 2017
Authored by Tavis Ormandy, Google Security Research

Microsoft Windows 10 is forcibly installing the Keeper password manager which injects privileged UI's into pages.

tags | exploit
systems | windows
MD5 | cffd7bc598b1b7d4cd593b6b402424e4
Fortinet FortiClient VPN Credential Disclosure
Posted Dec 13, 2017
Authored by M. Li | Site sec-consult.com

FortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Above all, the aforementioned storage is world readable, which actually lays the foundation for the credential recovery. Versions prior to 4.4.2335 on Linux, 5.6.1 on Windows, and 5.6.1 on Mac OSX are vulnerable.

tags | exploit, registry
systems | linux, windows, apple
MD5 | 515984bab47162e05e8a7da2b63fa483
PS4 Remote Play 2.5.0.9220 DLL Hijacking
Posted Dec 13, 2017
Authored by Maelstrom Security

PS4 Remote Play version 2.5.0.9220 suffers from a dll hijacking vulnerability.

tags | advisory, remote
systems | windows
MD5 | 75dc08c32f295ed4d0c576c54e2e2294
Wireshark Analyzer 2.4.3
Posted Nov 30, 2017
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Multiple dissector crashes are addressed. Various other updates.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | db15593d518008dd8a870f4f05dbb828
Windows Defender Controlled Folder Bypass
Posted Nov 30, 2017
Authored by James Forshaw, Google Security Research

Windows Defender suffers from a controlled folder bypass through the UNC path. Affected includes Windows 10 1709 and Antimalware client version 4.12.16299.15.

tags | exploit
systems | windows
MD5 | a7c30a5ca5f72bced3e65bfc017e3f47
JTempest Windows ExtIO 32-Bit
Posted Nov 28, 2017
Authored by rtl-sdr, Martin Marinov | Site github.com

TempestSDR is an open source tool that allows you to use any SDR that has a supporting ExtIO (such as RTL-SDR, Airspy, SDRplay, HackRF) to receive the unintentional signal radiation from a screen, and turn that signal back into a live image. This is a pre-compiled version of the project that is built to work on Windows with ExtIO interfaces.

tags | tool
systems | windows
MD5 | 9b499cdf0b7d0e6ff6c9c1e964e83781
TempestSDR RTL-SDR Fork
Posted Nov 28, 2017
Authored by rtl-sdr, Martin Marinov | Site github.com

This project is a software toolkit for remotely eavesdropping video monitors using a Software Defined Radio (SDR) receiver. It exploits compromising emanations from cables carrying video signals. Raster video is usually transmitted one line of pixels at a time, encoded as a varying current. This generates an electromagnetic wave that can be picked up by an SDR receiver. The software maps the received field strength of a pixel to a gray-scale shade in real-time. This forms a false colour estimate of the original video signal. The toolkit uses unmodified off-the-shelf hardware which lowers the costs and increases mobility compared to existing solutions. It allows for additional post-processing which improves the signal-to-noise ratio. The attacker does not need to have prior knowledge about the target video display. All parameters such as resolution and refresh rate are estimated with the aid of the software. The software consists of a library written in C, a collection of plug-ins for various Software Define Radio (SDR) front-ends and a Java based Graphical User Interface (GUI). It is a multi-platform application, with all native libraries pre-compiled and packed into a single Java jar file. This forked variant of the original contains an updated Makefile to support Windows with ExtIO interfaces.

tags | tool, java
systems | windows
MD5 | 7268b9390d5f385f817cf0264ef9b197
Microsoft Windows win32kfull!GreUpdateSpriteInternal Kernel Stack Memory Disclosure
Posted Nov 25, 2017
Authored by Google Security Research, mjurczyk

On Windows 10 32-bit version 1709, a kernel stack memory disclosure was discovered in win32kfull!GreUpdateSpriteInternal.

tags | advisory, kernel
systems | windows
MD5 | bba9e21920f1470c2c04ff12bffe0c98
Microsoft Windows win32kbase!NtQueryCompositionInputQueueAndTransform Kernel Stack Memory Disclosure
Posted Nov 25, 2017
Authored by Google Security Research, mjurczyk

The win32k!NtQueryCompositionInputQueueAndTransform system call may disclose portions of uninitialized kernel stack memory to user-mode clients on Windows 10.

tags | advisory, kernel
systems | windows
MD5 | 0d2ef075cd05432e7108cc59cee1953c
Microsoft Windows win32k!xxxSendMenuSelect Memory Disclosure
Posted Nov 21, 2017
Authored by Google Security Research, mjurczyk

There is a Microsoft Windows kernel stack memory disclosure vulnerability in win32k!xxxSendMenuSelect via fnHkINLPMSG user-mode callback.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11853
MD5 | df47cad4c0563e46c4d01e39c825ee89
Microsoft Windows nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry) Disclosure
Posted Nov 21, 2017
Authored by Google Security Research, mjurczyk

It was discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10, due to uninitialized fields in the output structure being copied to the application.

tags | exploit
systems | windows
advisories | CVE-2017-11831
MD5 | 819fa28825ba821d4b6515b916dd256a
Microsoft Windows NTFS File System Metadata Disclosures
Posted Nov 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows Kernel suffers from multiple stack and pool memory disclosures into NTFS file system metadata.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11880
MD5 | 82f8fc385cb8e1d9907a4dbdb347c2e4
HP Security Bulletin HPESBMU03795 1
Posted Nov 16, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBMU03795 1 - Security vulnerabilities have been identified in HPE Matrix Operating Environment (MOE) on Windows. The vulnerabilities could be exploited remotely resulting in Unauthenticated Disclosure of Information and indirect vulnerabilities. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | windows
advisories | CVE-2017-8970, CVE-2017-8971, CVE-2017-8972, CVE-2017-8973
MD5 | 8648dae01365e70268230cec0d45ef55
Microsoft Windows Kernel Pool Address Derivation
Posted Nov 15, 2017
Authored by Google Security Research, mjurczyk

The OpenType ATMFD.DLL kernel-mode font driver on Windows has an undocumented "escape" interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The interface is very similar to Buffered IOCTL in nature, and handles 13 different operation codes in the numerical range of 0x2502 to 0x2514. It is accessible to user-mode applications through an exported (but not documented) gdi32!NamedEscape function, which internally invokes the NtGdiExtEscape syscall.

tags | exploit, kernel
systems | windows
MD5 | ac8c580a68213846a36f69940bc63b44
Microsoft Windows Kernel Pool GetFontData Address Leak
Posted Nov 15, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool address is leaked via an undocumented GetFontData feature in ATMFD.

tags | exploit, kernel
systems | windows
MD5 | 0fc9e0391632fca8d511a3b229bca0a1
Anti-Virus Privileged File Write
Posted Nov 15, 2017
Authored by Florian Bogner

Anti-Virus solutions are split into several different components (an unprivileged user mode part, a privileged user mode part and a kernel component). Logically the different systems talk to each other. By abusing NTFS directory junctions it is possible from the unprivileged user mode part ("the UI") to restore files from the virus quarantine with the permissions of the privileged user mode part ("Windows service"). This may results in a privileged file write vulnerability.

tags | exploit, kernel, virus
systems | windows
MD5 | 7862227fbd0c9e346e9689c3307fcd0a
PSFTPd Windows FTP Server 10.0.4 Build 729 Use-After-Free / Log Injection
Posted Nov 10, 2017
Authored by Markus Vervier, Eric Sesterhenn

PSFTPd Windows FTP Server version 10.0.4 Build 729 suffers from use-after-free, log injection, and various other vulnerabilities.

tags | exploit, vulnerability
systems | windows
advisories | CVE-2017-15269, CVE-2017-15270, CVE-2017-15271, CVE-2017-15272
MD5 | a6b220a3915564ca47ef1ce14c453651
Datto Windows Agent Remote Code Execution
Posted Nov 9, 2017
Authored by Michael Brumlow, Brian Vincent

Datto Windows Agent suffers from multiple remote code execution vulnerabilities.

tags | advisory, remote, vulnerability, code execution
systems | windows
advisories | CVE-2017-16673, CVE-2017-16674
MD5 | 676d485c422ed3c22a813b3845e1997a
Microsoft Windows LNK File Code Execution
Posted Nov 8, 2017
Authored by Yorick Koster, Spencer McIntyre | Site metasploit.com

This Metasploit module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except an additional SpecialFolderDataBlock is included. The folder ID set in this SpecialFolderDataBlock is set to the Control Panel. This is enough to bypass the CPL whitelist. This bypass can be used to trick Windows into loading an arbitrary DLL file. The PATH option must be an absolute path to a writeable directory which is indexed for searching. If no PATH is specified, the module defaults to %USERPROFILE%.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2015-0095, CVE-2017-8464
MD5 | e8d2e4d615be10d88bf8b20b6b549143
Dialog Mobile Broadband 23.015.11.01.297 DLL Hijacking
Posted Nov 6, 2017
Authored by Himash N

Dialog Mobile Broadband version 23.015.11.01.297 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | d50ba80bd092d2bcf2040522c57ed047
MIMEDefang Email Scanner 2.83
Posted Nov 1, 2017
Authored by Dianne Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: Minor tweaks to the sample filter. Updates to mimedefang-multiplexor. Various other updates.
tags | tool
systems | windows, unix
MD5 | 77b2f2178727dc600a9c1cf075b0ecd8
Apple Security Advisory 2017-10-31-7
Posted Nov 1, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-10-31-7 - iCloud for Windows 7.1 is now available and addresses multiple code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | windows, apple, 7
advisories | CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803
MD5 | 26891f75fd57c0122ac654f4a17c984c
Apple Security Advisory 2017-10-31-6
Posted Nov 1, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-10-31-6 - iTunes 12.7.1 for Windows is now available and addresses multiple code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | windows, apple
advisories | CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803
MD5 | 4a902dbb65b5e5fff878166c822f5799
Page 1 of 210
Back12345Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    13 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close