On Microsoft Windows, the FSCTL_FIND_FILES_BY_SID control code does not check for permissions to list a directory leading to disclosure of file names when a user is not granted FILE_LIST_DIRECTORY access.
1ad1fd11e41df6d259aeb00e3e6cc367Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
8aa7b8c8ce0b6ce4256a081493819d6fThis Metasploit module exploits a use-after-free vulnerability in VideoLAN VLC versions 2.2.8 and below. The vulnerability exists in the parsing of MKV files and affects both 32 bits and 64 bits. In order to exploit this, this module will generate two files: The first .mkv file contains the main vulnerability and heap spray, the second .mkv file is required in order to take the vulnerable code path and should be placed under the same directory as the .mkv file. This Metasploit module has been tested against VLC v2.2.8. Tested with payloads windows/exec, windows/x64/exec, windows/shell/reverse_tcp, windows/x64/shell/reverse_tcp. Meterpreter payloads if used can cause the application to crash instead.
8a992cc20fa2660fbd011bbae7fa991cApple Security Advisory 2018-10-08-2 - iCloud for Windows 7.7 is now available and addresses code execution vulnerabilities.
6ea4e06a91c7ab3be1a284ea0c10eab3This Metasploit module exploits a stack based buffer overflow in Delta Electronics Delta Industrial Automation COMMGR 1.08. The vulnerability exists in COMMGR.exe when handling specially crafted packets. This Metasploit module has been tested successfully on Delta Electronics Delta Industrial Automation COMMGR 1.08 over Windows XP SP3, Windows 7 SP1, and Windows 8.1.
6d71ad614ad723a5e3774b3af8fa38d7A flaw was found in Workspace Control that allows a local unprivileged user to retrieve the database or Relay server credentials from the Windows Registry. These credentials are encrypted, however the encryption that is used is reversible. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.
40fda4c2a16f2e00046340df84539054Apple Security Advisory 2018-9-24-2 - iTunes 12.9 for Windows addresses code execution and memory corruption vulnerabilities.
e60ee5bf120f5fe1b7c16631dd116fd8On vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented by the task scheduler service can be used to write arbitrary DACLs to .job files located in c:\windows\tasks because the scheduler does not use impersonation when checking this location. Since users can create files in the c:\windows\tasks folder, a hardlink can be created to a file the user has read access to. After creating a hardlink, the vulnerability can be triggered to set the DACL on the linked file. WARNING: The PrintConfig.dll (%windir%\system32\driverstor\filerepository\prnms003*) on the target host will be overwritten when the exploit runs. This Metasploit module has been tested against Windows 10 Pro x64.
75182edcb972e293d73fef17dd332fccMicrosoft Windows suffers from a double dereference in NtEnumerateKey that leads to elevation of privilege.
4f74d58bd627bf009b466bba6d3ced66Microsoft Windows suffers from a CiSetFileCache TOCTOU CVE-2017-11830 variant WDAC security feature bypass vulnerability.
ec7d5c98907d960bda7e631701207804Microsoft ADFS 4.0 Windows Server 2016 suffers from a server-side request forgery issue.
b9b1736724cd7a4fe104163dea8f32adTor Browser versions prior to 8.0 are affected by an information disclosure vulnerability that allows remote attackers to bypass the intended anonymity feature and discover a client IP address. The vulnerability affects Windows users only and needs user interaction to be exploited.
cf495bd49850c516bb8103c472dcfa4dMicrosoft Windows Explorer suffers from an out-of-bounds read denial of service vulnerability.
763c33cf352ce6e1f99971f4a1863dc9Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
716100be9027e735bba82a40db828abc50 bytes small Windows/x64 (10) WoW64 egghunter shellcode.
2faba3b212b6eb54df90ce13b7ff49ffMicrosoft Windows Advanced Local Procedure Call (ALPC) local privilege escalation exploit.
dd5537a9a63d2a59cbd7132605107e01There is a use-after-free vulnerability in jscript.dll related to how the lastIndex property of a RegExp object is handled. This vulnerability can be exploited through Internet Explorer or potentially through WPAD over local network. The vulnerability has been reproduced on multiple Windows versions with the most recent patches applied.
b2cf3dec9e5bd796bccbeb593fafdabdWindows 10 Diagnostics Hub Standard Collector Service suffers from a privilege escalation vulnerability.
5520736f51585790b67e4af78de7b934Easy RM to MP3 Converter version 2.6 stack buffer overflow exploit for Windows 7.
3e5fc628c09315d1b9ac22be64dc475aVMware Security Advisory 2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability.
b40331424283676a792f9c3b3bfd9373Microsoft Windows suffers from an SCF open file security warning feature bypass vulnerability.
6040e3240487f072def3a3791d8f65ffSMPlayer version 18.6.0 suffers from a dll hijacking vulnerability.
c560ece532c95ec9632fd2dcbade1e00Sidify Music Converter version 1.2.9 suffers from a dll hijacking vulnerability.
bbebec39f6f30063c8482128511ef045Fortinet FortiClient version 5.2.3 (Windows 10 x64 Creators) suffers from a local privilege escalation vulnerability.
c481ba1c8cfdb5ac306d51bfefbf9590VMWare Player version 12.5.9 suffers from denial of service and privilege escalation vulnerabilities.
7c7fe612150cceaf8be1320706d1c05c
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed