what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 6,639 RSS Feed

Operating System: Windows

Hunting Down The HVCI Bug In UEFI
Posted Mar 14, 2024
Authored by Satoshi TANDA, Andrea Allievi | Site tandasat.github.io

This post details the story and technical details of the non-secure Hypervisor-Protected Code Integrity (HVCI) configuration vulnerability disclosed and fixed with the January 9th update on Windows. This vulnerability, CVE-2024-21305, allowed arbitrary kernel-mode code execution, effectively bypassing HVCI within the root partition.

tags | advisory, arbitrary, kernel, root, code execution
systems | windows
advisories | CVE-2024-21305
SHA-256 | 9d64188a47060dad96a12b2b5fc06e5f3f52c1141722943d26696fa195cc355b
Backdoor.Win32.Emegrab.b MVID-2024-0675 Buffer Overflow
Posted Mar 14, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Emegrab.b malware suffers from a buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
SHA-256 | c0d8137645859e14608a0b7a84c3cadd70d3be3e7d59a937b20c600dbcc88162
Backdoor.Win32.Beastdoor.oq MVID-2024-0674 Remote Command Execution
Posted Mar 11, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Beastdoor.oq malware suffers from a remote command execution vulnerability.

tags | exploit, remote
systems | windows
SHA-256 | 72378386669ae9759edcef742e72bbceb8bebb4fef342a5fb8f58cf8290dd75a
Red Hat Security Advisory 2024-1203-03
Posted Mar 7, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1203-03 - The components for Red Hat OpenShift for Windows Containers 9.0.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat, windows
advisories | CVE-2023-5528
SHA-256 | 949fbe611112995312a21e905528d00484f0a440915ad36ba225e2cb84799929
SumatraPDF 3.5.2 DLL Hijacking
Posted Mar 4, 2024
Authored by Krishna Vamshi Katta Rokkaiah

SumatraPDF version 3.5.2 suffers from a DLL hijacking vulnerability using CRYPTBASE.DLL. DLL hijacking in this version was already discovered by Ravishanka Silva in February of 2024 but the findings did not include this DLL.

tags | exploit
systems | windows
advisories | CVE-2024-25884
SHA-256 | b54fc4aa8aa9cd1b68c0fee0e8f8f071f44a503ec283e0947fb0c29cce53475a
Qognify VMS Client Viewer 7.1 DLL Hijacking
Posted Mar 4, 2024
Authored by Sandro Einfeldt | Site sec-consult.com

Qognify VMS Client Viewer version 7.1 suffers from a local privilege escalation vulnerability via DLL hijacking.

tags | exploit, local
systems | windows
advisories | CVE-2023-49114
SHA-256 | fdb1bbc1d16c28cae32902f7d1fe190a3d993b678a937d26c6c7a57c07f09736
Backdoor.Win32.Agent.amt MVID-2024-0673 Authentication Bypass / Code Execution
Posted Feb 29, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Agent.amt malware suffers from bypass and code execution vulnerabilities.

tags | exploit, vulnerability, code execution
systems | windows
SHA-256 | b6b18194f2e689d34f31467983fac3c6ef3ca487f56d307bb7a3aba5b961cffd
Backdoor.Win32.Jeemp.c MVID-2024-0672 Hardcoded Credential
Posted Feb 29, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Jeemp.c malware suffers from a hardcoded credential vulnerability.

tags | exploit
systems | windows
SHA-256 | 5e4ddaa4fb20fd54762a11e5e3b4f3336161f26cd683100a9b9009e19ba332e0
Red Hat Security Advisory 2024-0954-03
Posted Feb 28, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0954-03 - The components for Red Hat OpenShift for Windows Containers 10.15.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat, windows
advisories | CVE-2023-5528
SHA-256 | b30c62396fd2061eed0ac23a59b4a56c6bf20a79bab17aaa66538177c1f1e0e8
Backdoor.Win32.AutoSpy.10 MVID-2024-0671 Remote Command Execution
Posted Feb 26, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.AutoSpy.10 malware suffers from a remote command execution vulnerability.

tags | exploit, remote
systems | windows
SHA-256 | 01433d0ad222e5da0927202b151b19c29afd6ce5f59f4e0b3302a97ed91a29bb
Tosibox Key Service 3.3.0 Local Privilege Escalation / Unquoted Service Path
Posted Feb 24, 2024
Authored by LiquidWorm | Site zeroscience.mk

Tosibox Key Service versions 3.3.0 and below suffer from an unquoted search path issue impacting the service Tosibox Key Service for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.

tags | exploit, arbitrary, local
systems | windows
SHA-256 | 7820f9f7d9af81913956c26707d4acc215ad499c129864227adf8ac1f2345e47
Backdoor.Win32.Armageddon.r MVID-2024-0670 Hardcoded Credential
Posted Feb 24, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Armageddon.r malware suffers from a hardcoded credential vulnerability.

tags | exploit
systems | windows
SHA-256 | a63aee2a17b2de0fd0b66bd203d4a2c97938d4d3f44312228c88c11909ae9131
Microsoft Windows Defender / Backdoor_JS.Relvelshe.A Detection / Mitigation Bypass
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this post.

tags | exploit, javascript, proof of concept
systems | windows
SHA-256 | 7ab1d57cbbb29f8168521971a747af06eab9ef184d9f61ee316413db3f71e0c9
Microsoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.

tags | exploit, javascript, activex
systems | windows
SHA-256 | 59fee3164e2fd340144dd80b39280328ebce07f8d7f86686261fc6d4a98c71eb
Microsoft Windows Defender / Detection Bypass Part 3
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher has found yet another third trivial bypass.

tags | exploit
systems | windows
SHA-256 | 09eed6afe6c6a0d197c6fce088deb76b497d50bef2a85bdfb38c66cb355c03b0
Wireshark Analyzer 4.2.3
Posted Feb 15, 2024
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: 20 bug fixes along with updated protocol support for ASAM CMP, CAN, CFLOW, CMIP, CMP, DAP, DICOM, DISP, E2AP, GLOW, GOOSE, GTP, GTPv2, H.225, H.245, H.248, HTTP2, IEEE 1609.2, IEEE 1722, IPv4, IPv6, ISO 15765, ISUP, ITS, Kerberos, LDAP, MMS, NBT, NRUP, openSAFETY, P22, P7, PARLAY, RTMPT, RTP, SCSI, SOME/IP, T.38, TCP, TECMP, TFTP, WOW, X.509if, X.509sat, X.75, X11, Z39.50, and ZigBee Green Power.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | 958bd5996f543d91779b1a4e7e952dcd7b0245fe82194202c3333a8f78795811
Windows Defender Detection Mitigation Bypass
Posted Feb 12, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass.

tags | exploit
systems | windows
SHA-256 | e971dc3b534b295048fd3f54dd5db062074da676f542175f826bc2b31edb7eb1
Sumatra PDF 3.5.2 DLL Hijacking
Posted Feb 5, 2024
Authored by Ravishanka Silva

Sumatra PDF version 3.5.2 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2024-24528
SHA-256 | 260431c4bf718f16940d65c7a74690e935f1132e5750593158b7961d93c3e061
Trojan.Win32 BankShot MVID-2024-0669 Buffer Overflow
Posted Jan 31, 2024
Authored by malvuln | Site malvuln.com

Trojan.Win32 BankShot malware suffers from a buffer overflow vulnerability.

tags | exploit, overflow, trojan
systems | windows
SHA-256 | 2b3c4192b5308c166c2374b9f23ce4208ceaa4819ae053e8b33695622996db4a
TrojanSpy Win32 Nivdort MVID-2024-0668 Insecure Permissions
Posted Jan 22, 2024
Authored by malvuln | Site malvuln.com

TrojanSpy Win32 Nivdort malware suffers from an insecure permissions vulnerability.

tags | exploit
systems | windows
SHA-256 | 07b40fbb6021397864a451ae058f9ce4a25bc6a349ce285a033ab5429f0d1070
Microsoft Windows Registry Predefined Keys Privilege Escalation
Posted Jan 11, 2024
Authored by Google Security Research, mjurczyk

Predefined keys in the Microsoft Windows Registry may lead to confused deputy problems and local privilege escalation.

tags | exploit, local, registry
systems | windows
advisories | CVE-2023-35356, CVE-2023-35633
SHA-256 | a4c3435d9c5e52f576c70ff4db3da2de108e219bbd349f1ce79de1a81c042945
Backdoor.Win32 Carbanak (Anunak) MVID-2024-0667 Named Pipe NULL DACL
Posted Jan 10, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32 Carbanak (Anunak) malware creates 8 named pipes used for C2 and interprocess communications and grants RW access to the Everyone user group.

tags | exploit
systems | windows
SHA-256 | 025b315fe5e6131bdb0582d4066dabd2e50db6a7fe60aaa367ddf178890a85fb
Gom Player 2.3.92.5362 DLL Hijacking
Posted Jan 8, 2024
Authored by Yehia Elghaly

Gom Player version 2.3.92.5362 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 3b86a83865a5eabbeaa6e7374d0b4994c1e422270e96ab7244267a22d93adcaf
Wireshark Analyzer 4.2.2
Posted Jan 5, 2024
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: 5 vulnerabilities and 23 bugs have been fixed.
tags | tool, sniffer, protocol
systems | windows, unix
advisories | CVE-2024-0207, CVE-2024-0208, CVE-2024-0209, CVE-2024-0210, CVE-2024-0211
SHA-256 | 9e3672be8c6caf9279a5a13582d6711ab699ae2a79323e92a99409c1ead98521
Themebleed Windows 11 Themes Arbitrary Code Execution
Posted Jan 5, 2024
Authored by Spencer McIntyre, bwatters-r7, gabe_k | Site metasploit.com

When an unpatched Windows 11 host loads a theme file referencing an msstyles file, Windows loads the msstyles file, and if that file's PACKME_VERSION is 999, it then attempts to load an accompanying dll file ending in _vrf.dll. Before loading that file, it verifies that the file is signed. It does this by opening the file for reading and verifying the signature before opening the file for execution. Because this action is performed in two discrete operations, it opens the procedure for a time of check to time of use vulnerability. By embedding a UNC file path to an SMB server we control, the SMB server can serve a legitimate, signed dll when queried for the read, but then serve a different file of the same name when the host intends to load/execute the dll.

tags | exploit
systems | windows
advisories | CVE-2023-38146
SHA-256 | 44f044cbc901c8010a0b6712cedc87c1cc39134506044dd22466b8aac564f4b8
Page 1 of 266
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close