Red Hat Security Advisory 2024-6734-03 - The components for Red Hat OpenShift for Windows Containers 7.2.2 are now available.This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
be505ca2f3802cff25f63ab64134208833ab546ae1e49eddd55ed15bf211b2ad
Backdoor.Win32.CCInvader.10 malware suffers from a bypass vulnerability.
7f8fbab739d2fc6fb8f975250a5f1be05abc1adfae0b192591971bf6f66b9101
Backdoor.Win32.BlackAngel.13 malware suffers from a code execution vulnerability.
717e62131924ca1af11ac62c8dd44bd60d6cffaaf4066df556a537c3442d678e
Backdoor.Win32.Delf.yj malware suffers from an information leakage vulnerability.
145f23a8746541655af47b6cc26039a64ce706d01053710c1a2fcdd7dc5aa7a8
CVE-2024-30088 is a Windows kernel elevation of privilege vulnerability which affects many recent versions of Windows 10, Windows 11 and Windows Server 2022. The vulnerability exists inside the function called AuthzBasepCopyoutInternalSecurityAttributes specifically when the kernel copies the _AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION of the current token object to user mode. When the kernel performs the copy of the SecurityAttributesList, it sets up the list of the SecurityAttributes structure directly to the user supplied pointed. It then calls RtlCopyUnicodeString and AuthzBasepCopyoutInternalSecurityAttributeValues to copy out the names and values of the SecurityAttribute leading to multiple Time Of Check Time Of Use (TOCTOU) vulnerabilities in the function.
a4e521839032a10c16e91b79eb43b6f9620dcc27482be434b0d2b62d5ac92e66
This Python script for Linux can analyze Microsoft Windows .msi Installer files and point out potential vulnerabilities.
5acb6c6d8634611b63c2c7dbe9d099afc2807b183f5f065ed3557bc52c57aa7d
This Metasploit module creates a RAR file that exploits CVE-2022-30333, which is a path-traversal vulnerability in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. UnRAR fixed this vulnerability in version 6.12 (open source version 6.1.7). The core issue is that when a symbolic link is unRARed, Windows symbolic links are not properly validated on Linux systems and can therefore write a symbolic link that points anywhere on the filesystem. If a second file in the archive has the same name, it will be written to the symbolic link path.
2df85540ffe31bd6abf8706295866ebd1d381d12c36e4680836b772ead8e9445
Red Hat Security Advisory 2024-6461-03 - The components for Red Hat OpenShift for Windows Containers 8.1.3 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
a94249ed049993a7bc563b3b10bb0d96714766e31214ef508fe10f390b70cbb5
Red Hat Security Advisory 2024-6460-03 - The components for Red Hat OpenShift for Windows Containers 9.0.3 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
a23d4b1cfe7359499fbd669db4aaa7f2ebfce5622158e6ecdf9cb51d4d649552
Proof of concept code for the Microsoft Windows DWM Core library elevation of privilege vulnerability. The researcher shows how they reversed the patch, how the heap overflow is produced, and overall gives a complete walk through of their process.
ae21b7b798fa9141cefb1411db92e94dfef6796823599323e49ec4cfcc3f7c0d
Backdoor.Win32.Symmi.qua malware suffers from a buffer overflow vulnerability.
0bc924461f903a4b4b69a0e094001ae59f6aed7881aa5a2aff5dfa55c34905b6
HackTool.Win32.Freezer.br (WinSpy) malware suffers from an insecure credential storage vulnerability.
574e327046bc7ed7b91b795a2eebcc7e87a001021d334845c357d1bc082517f0
Backdoor.Win32.Optix.02.b malware suffers from a hardcoded credential vulnerability.
8c8ad33e111ebd91632229baa25c24e2eb3101bf3951d070074c5b4618e78fcf
Backdoor.Win32.JustJoke.21 (BackDoor Pro - v2.0b4) malware suffers from a code execution vulnerability.
efd34490081822962a9907289feb284b29b116cd83a6df573fe5cae3f6d09fb1
Backdoor.Win32.PoisonIvy.ymw malware suffers from an insecure credential storage vulnerability.
2a0b97e3b01f0c3a9c85e1a96ede18240c61b21ee538261305346eec34828cd5
Vivavis HIGH-LEIT versions 4 and 5 allow attackers to execute arbitrary code as local system on systems where the "HL-InstallService-hlxw" or "HL-InstallService-hlnt" Windows service is running. Authentication is necessary for successful exploitation. The execution of the exploit is trivial and might affect other systems if the applications folder is shared between multiple systems in which case the vulnerability can be used for lateral movement.
71cbb32e8ea719c5b85e740cf97e165e4dd92083376eab16d2fff22074ac5216
This Metasploit module exploits a directory traversal in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted PROXY_CMD_FTP_FILE (opcode 0x21) packet to the 998/TCP port. This Metasploit module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and SP3 over Windows.
c8558ecefbfe751f2fc66900fb57a9cf3f672074e3a5a9c539be4d79127c10fb
This Metasploit module exploits a file retrieval vulnerability in EasyCafe Server. The vulnerability can be triggered by sending a specially crafted packet (opcode 0x43) to the 831/TCP port. This Metasploit module has been successfully tested on EasyCafe Server version 2.2.14 (Trial mode and Demo mode) on Windows XP SP3 and Windows 7 SP1. Note that the server will throw a popup messagebox if the specified file does not exist.
33d40a2aa040357554a8308847a479cb0f61d14ed8afe5d9bd0a74c18bb67185
This Metasploit module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the ReportImgServlt, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.
fc011d457e4acf956275035f4b8a0451d41e2e13f19438085bac537923b7fe5d
This Metasploit module exploits a directory traversal vulnerability in Apache ActiveMQ 5.3.1 and 5.3.2 on Windows systems. The vulnerability exists in the Jettys ResourceHandler installed with the affected versions. This Metasploit module has been tested successfully on ActiveMQ 5.3.1 and 5.3.2 over Windows 2003 SP2.
e4fc1de226b239cc42c11119b2ecd2130fccf09146aabb316d9690fa9c3b4d15
This Metasploit module exploits a directory traversal vulnerability found in ManageEngine Support Center Plus build 7916 and lower. The module will create a support ticket as a normal user, attaching a link to a file on the server. By requesting our own attachment, its possible to retrieve any file on the filesystem with the same privileges as Support Center Plus is running. On Windows this is always with SYSTEM privileges.
35b8dac6ec6fd06ffaa3710cabb29f95752a8d44def4cc96ddba9c8ac1b115e9
This Metasploit module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the FaultDownloadServlet, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.
4afa0137a506369a61e2db708c38b69ad4ed8789d747da63b132480ec19c7b07
This Metasploit module exploits an unauthenticated path traversal vulnerability found in ManageEngine ServiceDesk Plus build 9110 and lower. The module will retrieve any file on the filesystem with the same privileges as Support Center Plus is running. On Windows, files can be retrieved with SYSTEM privileges. The issue has been resolved in ServiceDesk Plus build 91111 (issue SD-60283).
8fad34674f4012b03f791e1ba3e184199e99b0489423de032233027145143f6c
This Metasploit module dumps memory contents using a crafted Range header and affects only Windows 8.1, Server 2012, and Server 2012R2. Note that if the target is running in VMware Workstation, this module has a high likelihood of resulting in BSOD; however, VMware ESX and non-virtualized hosts seem stable. Using a larger target file should result in more memory being dumped, and SSL seems to produce more data as well.
4a0a7232721b04275d17b16891f2475537a84cfaad2597bb4398fc1c09c5c025
This Metasploit module exploits an authentication bypass vulnerability in HP SiteScope which allows to retrieve the HP SiteScope configuration, including administrative credentials. It is accomplished by calling the getSiteScopeConfiguration operation available through the APISiteScopeImpl AXIS service. The HP SiteScope Configuration is retrieved as file containing Java serialization data. This Metasploit module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2 and Linux Centos 6.3.
49a6293f49b3d88908408822f05f60de61f16258c0921f50adecb84a90811493