exacqVision version 9.8 suffers from an unquoted search path issue impacting the services exacqVisionServer, dvrdhcpserver and mdnsresponder for Windows deployed as part of exacqVision software application. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
98a9960106f1cef1cf55ce4666251455This is a short write-up on binary planting along with a few old-school 0-days which may still be helpful for pentesters willing to escalate privileges on Windows.
2610f1f8b017ac3a538d7e379b554592This Metasploit module leverages the remote command execution feature provided by the BMC Patrol Agent software. It can also be used to escalate privileges on Windows hosts as the software runs as SYSTEM but only verifies that the password of the provided user is correct. This also means if the software is running on a domain controller, it can be used to escalate from a normal domain user to domain admin as SYSTEM on a DC is DA. **WARNING** The windows version of this exploit uses powershell to execute the payload. The powershell version tends to timeout on the first run so it may take multiple tries.
07522a05b37456d4fcb66eb0e429685aThe Microsoft Windows MSHTML Engine is prone to a vulnerability that allows attackers to execute arbitrary code on vulnerable systems because of improper validation of specially crafted web documents (html, xhtml, etc).
f319a8657955eabd715a9358f82d0668Debian Linux Security Advisory 4406-1 - Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information disclosure.
17e85027c8b215cf2925edc737d2cdc5The Windows registry editor allows specially crafted .reg filenames to spoof the default registry dialog warning box presented to an end user. This can potentially trick unsavvy users into choosing the wrong selection shown on the dialog box. Furthermore, we can deny the registry editor its ability to show the default secondary status dialog box (Win 10), thereby hiding the fact that our attack was successful.
105ff93a7fefdb9d6ae572f2070820c3A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. Cisco Webex Meetings Desktop App versions 33.6.4.15, 33.6.5.2, 33.7.0.694, 33.7.1.15, 33.7.2.24, 33.7.3.7, 33.8.0.779, 33.8.1.13, and 33.8.2.7 are affected.
61e40633787cc4e53f3c37f19e049211Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
258d62ac7434d126dc497303c8f7961bWireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
6d0545309cace70e51f5555a3a966fbcSolarWinds Serv-U FTP Server version 15.1.6 is vulnerable to privilege escalation from remote authenticated users by leveraging the CSV user import function. This leads to obtaining remote code execution under the context of the Windows SYSTEM account in a default installation.
2d9d1dea8fb44a6520cc80fea10a1f4095 bytes small Microsoft Windows x86 msiexec.exe download and execute shellcode.
d6a5ef36584bc7f03da85c23688df1f2R version 3.4.4 local non-SEH buffer overflow exploit for Windows XP SP3.
db8103189a864d8a8c0b76e3ae669ef3Apple Security Advisory 2019-1-24-1 - iTunes 12.9.3 for Windows is now available and addresses code execution and cross site scripting vulnerabilities.
f89b50f56fffdb5c4ded7a32cf3242c8Microsoft Windows has a flaw where a contact file can be leveraged with a malicious mailto: link to achieve code execution.
8da8aed6efa36cf9b75b407094e89ecdApple Security Advisory 2019-1-22-6 - iCloud for Windows 7.10 is now available and addresses code execution and cross site scripting vulnerabilities.
b0d0f9d052deb479899f3c8c28becb98Microsoft Windows VCF or Contact file URL manipulation arbitrary code execution proof of concept exploit. Tested on Windows 7 SP1, 8.1, 10 v.1809 with full patches up to January 2019. Both x86 and x64 architectures were tested.
094fed868f7fb979125879d67bb9e5a4Whitepaper called Windows Debugging 101. Written in Portuguese.
f6aed0ddc09c84c5c00bbef67d3c2fa6This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to the processing of ".contact" files <c:Url> node param which takes an expected website value, however if an attacker references an executable file it will run that instead without warning instead of performing expected web navigation. This is dangerous and would be unexpected to an end user.
400f7619bf34f3975072761dde4b36b7A number of Partial Trust Windows Runtime classes expose the XmlDocument class across process boundaries to less privileged callers which in its current form can be used to elevate privileges and escape the Edge Content LPAC sandbox.
397ad74317743a7207220aa6b8785b70Microsoft Windows suffers from a COM Desktop Broker privilege escalation vulnerability.
33bec631eeba1af2a94a0e9dbba06bd0Microsoft Windows suffers from a Browser Broker cross session privilege escalation vulnerability.
229198c64a95f918f122595f4ee355a9Microsoft Windows suffers from DSSVC MoveFileInheritSecurity privilege escalation vulnerabilities.
66e30ac5fe6b293e058c5267f533b4efMicrosoft Windows suffers from a DSSVC CanonicalAndValidateFilePath security feature bypass vulnerability.
47b391aa29c8007a02ea421b578013c9Microsoft Windows suffers from a DSSVC DSOpenSharedFile arbitrary file delete privilege escalation vulnerability.
b222cf88f9572d3d9f640ba2ca02e3d4Microsoft Windows suffers from a DSSVC DSOpenSharedFile arbitrary file open privilege escalation vulnerability.
bb2e921fb41ce1f0d91dd85e884db5f2
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed