Red Hat Security Advisory 2024-6734-03 - The components for Red Hat OpenShift for Windows Containers 7.2.2 are now available.This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
be505ca2f3802cff25f63ab64134208833ab546ae1e49eddd55ed15bf211b2adBackdoor.Win32.CCInvader.10 malware suffers from a bypass vulnerability.
7f8fbab739d2fc6fb8f975250a5f1be05abc1adfae0b192591971bf6f66b9101Backdoor.Win32.BlackAngel.13 malware suffers from a code execution vulnerability.
717e62131924ca1af11ac62c8dd44bd60d6cffaaf4066df556a537c3442d678eBackdoor.Win32.Delf.yj malware suffers from an information leakage vulnerability.
145f23a8746541655af47b6cc26039a64ce706d01053710c1a2fcdd7dc5aa7a8CVE-2024-30088 is a Windows kernel elevation of privilege vulnerability which affects many recent versions of Windows 10, Windows 11 and Windows Server 2022. The vulnerability exists inside the function called AuthzBasepCopyoutInternalSecurityAttributes specifically when the kernel copies the _AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION of the current token object to user mode. When the kernel performs the copy of the SecurityAttributesList, it sets up the list of the SecurityAttributes structure directly to the user supplied pointed. It then calls RtlCopyUnicodeString and AuthzBasepCopyoutInternalSecurityAttributeValues to copy out the names and values of the SecurityAttribute leading to multiple Time Of Check Time Of Use (TOCTOU) vulnerabilities in the function.
a4e521839032a10c16e91b79eb43b6f9620dcc27482be434b0d2b62d5ac92e66This Python script for Linux can analyze Microsoft Windows .msi Installer files and point out potential vulnerabilities.
5acb6c6d8634611b63c2c7dbe9d099afc2807b183f5f065ed3557bc52c57aa7dThis Metasploit module creates a RAR file that exploits CVE-2022-30333, which is a path-traversal vulnerability in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. UnRAR fixed this vulnerability in version 6.12 (open source version 6.1.7). The core issue is that when a symbolic link is unRARed, Windows symbolic links are not properly validated on Linux systems and can therefore write a symbolic link that points anywhere on the filesystem. If a second file in the archive has the same name, it will be written to the symbolic link path.
2df85540ffe31bd6abf8706295866ebd1d381d12c36e4680836b772ead8e9445Red Hat Security Advisory 2024-6461-03 - The components for Red Hat OpenShift for Windows Containers 8.1.3 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
a94249ed049993a7bc563b3b10bb0d96714766e31214ef508fe10f390b70cbb5Red Hat Security Advisory 2024-6460-03 - The components for Red Hat OpenShift for Windows Containers 9.0.3 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
a23d4b1cfe7359499fbd669db4aaa7f2ebfce5622158e6ecdf9cb51d4d649552Proof of concept code for the Microsoft Windows DWM Core library elevation of privilege vulnerability. The researcher shows how they reversed the patch, how the heap overflow is produced, and overall gives a complete walk through of their process.
ae21b7b798fa9141cefb1411db92e94dfef6796823599323e49ec4cfcc3f7c0dBackdoor.Win32.Symmi.qua malware suffers from a buffer overflow vulnerability.
0bc924461f903a4b4b69a0e094001ae59f6aed7881aa5a2aff5dfa55c34905b6HackTool.Win32.Freezer.br (WinSpy) malware suffers from an insecure credential storage vulnerability.
574e327046bc7ed7b91b795a2eebcc7e87a001021d334845c357d1bc082517f0Backdoor.Win32.Optix.02.b malware suffers from a hardcoded credential vulnerability.
8c8ad33e111ebd91632229baa25c24e2eb3101bf3951d070074c5b4618e78fcfBackdoor.Win32.JustJoke.21 (BackDoor Pro - v2.0b4) malware suffers from a code execution vulnerability.
efd34490081822962a9907289feb284b29b116cd83a6df573fe5cae3f6d09fb1Backdoor.Win32.PoisonIvy.ymw malware suffers from an insecure credential storage vulnerability.
2a0b97e3b01f0c3a9c85e1a96ede18240c61b21ee538261305346eec34828cd5Vivavis HIGH-LEIT versions 4 and 5 allow attackers to execute arbitrary code as local system on systems where the "HL-InstallService-hlxw" or "HL-InstallService-hlnt" Windows service is running. Authentication is necessary for successful exploitation. The execution of the exploit is trivial and might affect other systems if the applications folder is shared between multiple systems in which case the vulnerability can be used for lateral movement.
71cbb32e8ea719c5b85e740cf97e165e4dd92083376eab16d2fff22074ac5216This Metasploit module exploits a directory traversal in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted PROXY_CMD_FTP_FILE (opcode 0x21) packet to the 998/TCP port. This Metasploit module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and SP3 over Windows.
c8558ecefbfe751f2fc66900fb57a9cf3f672074e3a5a9c539be4d79127c10fbThis Metasploit module exploits a file retrieval vulnerability in EasyCafe Server. The vulnerability can be triggered by sending a specially crafted packet (opcode 0x43) to the 831/TCP port. This Metasploit module has been successfully tested on EasyCafe Server version 2.2.14 (Trial mode and Demo mode) on Windows XP SP3 and Windows 7 SP1. Note that the server will throw a popup messagebox if the specified file does not exist.
33d40a2aa040357554a8308847a479cb0f61d14ed8afe5d9bd0a74c18bb67185This Metasploit module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the ReportImgServlt, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.
fc011d457e4acf956275035f4b8a0451d41e2e13f19438085bac537923b7fe5dThis Metasploit module exploits a directory traversal vulnerability in Apache ActiveMQ 5.3.1 and 5.3.2 on Windows systems. The vulnerability exists in the Jettys ResourceHandler installed with the affected versions. This Metasploit module has been tested successfully on ActiveMQ 5.3.1 and 5.3.2 over Windows 2003 SP2.
e4fc1de226b239cc42c11119b2ecd2130fccf09146aabb316d9690fa9c3b4d15This Metasploit module exploits a directory traversal vulnerability found in ManageEngine Support Center Plus build 7916 and lower. The module will create a support ticket as a normal user, attaching a link to a file on the server. By requesting our own attachment, its possible to retrieve any file on the filesystem with the same privileges as Support Center Plus is running. On Windows this is always with SYSTEM privileges.
35b8dac6ec6fd06ffaa3710cabb29f95752a8d44def4cc96ddba9c8ac1b115e9This Metasploit module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the FaultDownloadServlet, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.
4afa0137a506369a61e2db708c38b69ad4ed8789d747da63b132480ec19c7b07This Metasploit module exploits an unauthenticated path traversal vulnerability found in ManageEngine ServiceDesk Plus build 9110 and lower. The module will retrieve any file on the filesystem with the same privileges as Support Center Plus is running. On Windows, files can be retrieved with SYSTEM privileges. The issue has been resolved in ServiceDesk Plus build 91111 (issue SD-60283).
8fad34674f4012b03f791e1ba3e184199e99b0489423de032233027145143f6cThis Metasploit module dumps memory contents using a crafted Range header and affects only Windows 8.1, Server 2012, and Server 2012R2. Note that if the target is running in VMware Workstation, this module has a high likelihood of resulting in BSOD; however, VMware ESX and non-virtualized hosts seem stable. Using a larger target file should result in more memory being dumped, and SSL seems to produce more data as well.
4a0a7232721b04275d17b16891f2475537a84cfaad2597bb4398fc1c09c5c025This Metasploit module exploits an authentication bypass vulnerability in HP SiteScope which allows to retrieve the HP SiteScope configuration, including administrative credentials. It is accomplished by calling the getSiteScopeConfiguration operation available through the APISiteScopeImpl AXIS service. The HP SiteScope Configuration is retrieved as file containing Java serialization data. This Metasploit module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2 and Linux Centos 6.3.
49a6293f49b3d88908408822f05f60de61f16258c0921f50adecb84a90811493
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed