Exploit the possiblities
Showing 26 - 50 of 5,266 RSS Feed

Operating System: Windows

Fortinet Installer Client 5.6 DLL Hijacking
Posted Jan 3, 2018
Authored by Souhardya Sardar, Rohit Bankoti

Fortinet Installer Client 5.6 for Windows PC suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | ad19e95dcf9ca5912fd831d8d424966d
Fortinet FortiClient Windows Privilege Escalation
Posted Jan 2, 2018
Authored by Clement Notin

Fortinet FortiClient Windows suffers from a privilege escalation vulnerability at logon.

tags | exploit
systems | windows
advisories | CVE-2017-7344
MD5 | 49e9d7cb46c445ca6b452ed7604c6ff0
Windows Media Player Information Disclosure
Posted Dec 26, 2017
Authored by James Lee

Windows Media Player suffers from an information disclosure vulnerability that lets an attacker know if a file exists.

tags | exploit, info disclosure
systems | windows
advisories | CVE-2017-11768
MD5 | 90ec3cbec78508be086c6e10403ca97a
Ubiquiti UniFi Video 3.7.3 (Windows) Local Privilege Escalation
Posted Dec 24, 2017
Authored by Julien Ahrens | Site rcesecurity.com

Ubiquiti UniFi Video version 3.7.3 (Windows) suffers from a local privilege escalation vulnerability due to insecure directory permissions.

tags | exploit, local
systems | windows
advisories | CVE-2016-6914
MD5 | a82e1d218ea5e2d055d53ff0277ba737
Oracle MySQL UDF Payload Execution
Posted Dec 22, 2017
Authored by Tod Beardsley, Bernardo Damele, h00die | Site metasploit.com

This Metasploit module creates and enables a custom UDF (user defined function) on the target host via the SELECT ... into DUMPFILE method of binary injection. On default Microsoft Windows installations of MySQL versions 5.5.9 and below, directory write permissions not enforced, and the MySQL service runs as LocalSystem. NOTE: This Metasploit module will leave a payload executable on the target system when the attack is finished, as well as the UDF DLL, and will define or redefine sys_eval() and sys_exec() functions.

tags | exploit
systems | windows
MD5 | bcf3d2156b2ec4dfa9eb9e73784fb039
Microsoft Windows Kernel Ring-0 Address Leak
Posted Dec 20, 2017
Authored by Google Security Research, mjurczyk

It was discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory system call (information class 2, MemoryMappedFilenameInformation). The vulnerability affects Windows 7 to 10, 32-bit and 64-bit.

tags | exploit, kernel
systems | windows, 7
MD5 | 4bb20d0c4e7b2208fd33f054d9383332
Microsoft Windows Hello Face Authentication Bypass
Posted Dec 19, 2017
Authored by Matthias Deeg, Philipp Buchegger

Microsoft Windows 10 offers a biometric authentication mechanism using "near infrared" face recognition technology with specific Windows Hello compatible cameras. Due to an insecure implementation of the biometric face recognition in some Windows 10 versions, it is possible to bypass the Windows Hello face authentication via a simple spoofing attack using a modified printed photo of an authorized person.

tags | advisory, spoof
systems | windows
MD5 | 27d01277917e11c6b9cd575274f17600
Apple Security Advisory 2017-12-13-4
Posted Dec 16, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-12-13-4 - iTunes 12.7.2 for Windows is now available and addresses code execution and privacy issues.

tags | advisory, code execution
systems | windows, apple
advisories | CVE-2017-13856, CVE-2017-13864, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-7157
MD5 | 954cddeb76ad1d345aff418d5cf66c6d
Apple Security Advisory 2017-12-13-3
Posted Dec 16, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-12-13-3 - iCloud for Windows 7.2 is now available and addresses code execution and privacy issues.

tags | advisory, code execution
systems | windows, apple, 7
advisories | CVE-2017-13856, CVE-2017-13864, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-7157
MD5 | 4a311c787e7cbdff236c940b272c076a
Keeper Privileged UI Injection
Posted Dec 15, 2017
Authored by Tavis Ormandy, Google Security Research

Microsoft Windows 10 is forcibly installing the Keeper password manager which injects privileged UI's into pages.

tags | exploit
systems | windows
MD5 | cffd7bc598b1b7d4cd593b6b402424e4
Fortinet FortiClient VPN Credential Disclosure
Posted Dec 13, 2017
Authored by M. Li | Site sec-consult.com

FortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Above all, the aforementioned storage is world readable, which actually lays the foundation for the credential recovery. Versions prior to 4.4.2335 on Linux, 5.6.1 on Windows, and 5.6.1 on Mac OSX are vulnerable.

tags | exploit, registry
systems | linux, windows, apple
MD5 | 515984bab47162e05e8a7da2b63fa483
PS4 Remote Play 2.5.0.9220 DLL Hijacking
Posted Dec 13, 2017
Authored by Maelstrom Security

PS4 Remote Play version 2.5.0.9220 suffers from a dll hijacking vulnerability.

tags | advisory, remote
systems | windows
MD5 | 75dc08c32f295ed4d0c576c54e2e2294
Wireshark Analyzer 2.4.3
Posted Nov 30, 2017
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Multiple dissector crashes are addressed. Various other updates.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | db15593d518008dd8a870f4f05dbb828
Windows Defender Controlled Folder Bypass
Posted Nov 30, 2017
Authored by James Forshaw, Google Security Research

Windows Defender suffers from a controlled folder bypass through the UNC path. Affected includes Windows 10 1709 and Antimalware client version 4.12.16299.15.

tags | exploit
systems | windows
MD5 | a7c30a5ca5f72bced3e65bfc017e3f47
JTempest Windows ExtIO 32-Bit
Posted Nov 28, 2017
Authored by rtl-sdr, Martin Marinov | Site github.com

TempestSDR is an open source tool that allows you to use any SDR that has a supporting ExtIO (such as RTL-SDR, Airspy, SDRplay, HackRF) to receive the unintentional signal radiation from a screen, and turn that signal back into a live image. This is a pre-compiled version of the project that is built to work on Windows with ExtIO interfaces.

tags | tool
systems | windows
MD5 | 9b499cdf0b7d0e6ff6c9c1e964e83781
TempestSDR RTL-SDR Fork
Posted Nov 28, 2017
Authored by rtl-sdr, Martin Marinov | Site github.com

This project is a software toolkit for remotely eavesdropping video monitors using a Software Defined Radio (SDR) receiver. It exploits compromising emanations from cables carrying video signals. Raster video is usually transmitted one line of pixels at a time, encoded as a varying current. This generates an electromagnetic wave that can be picked up by an SDR receiver. The software maps the received field strength of a pixel to a gray-scale shade in real-time. This forms a false colour estimate of the original video signal. The toolkit uses unmodified off-the-shelf hardware which lowers the costs and increases mobility compared to existing solutions. It allows for additional post-processing which improves the signal-to-noise ratio. The attacker does not need to have prior knowledge about the target video display. All parameters such as resolution and refresh rate are estimated with the aid of the software. The software consists of a library written in C, a collection of plug-ins for various Software Define Radio (SDR) front-ends and a Java based Graphical User Interface (GUI). It is a multi-platform application, with all native libraries pre-compiled and packed into a single Java jar file. This forked variant of the original contains an updated Makefile to support Windows with ExtIO interfaces.

tags | tool, java
systems | windows
MD5 | 7268b9390d5f385f817cf0264ef9b197
Microsoft Windows win32kfull!GreUpdateSpriteInternal Kernel Stack Memory Disclosure
Posted Nov 25, 2017
Authored by Google Security Research, mjurczyk

On Windows 10 32-bit version 1709, a kernel stack memory disclosure was discovered in win32kfull!GreUpdateSpriteInternal.

tags | advisory, kernel
systems | windows
MD5 | bba9e21920f1470c2c04ff12bffe0c98
Microsoft Windows win32kbase!NtQueryCompositionInputQueueAndTransform Kernel Stack Memory Disclosure
Posted Nov 25, 2017
Authored by Google Security Research, mjurczyk

The win32k!NtQueryCompositionInputQueueAndTransform system call may disclose portions of uninitialized kernel stack memory to user-mode clients on Windows 10.

tags | advisory, kernel
systems | windows
MD5 | 0d2ef075cd05432e7108cc59cee1953c
Microsoft Windows win32k!xxxSendMenuSelect Memory Disclosure
Posted Nov 21, 2017
Authored by Google Security Research, mjurczyk

There is a Microsoft Windows kernel stack memory disclosure vulnerability in win32k!xxxSendMenuSelect via fnHkINLPMSG user-mode callback.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11853
MD5 | df47cad4c0563e46c4d01e39c825ee89
Microsoft Windows nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry) Disclosure
Posted Nov 21, 2017
Authored by Google Security Research, mjurczyk

It was discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10, due to uninitialized fields in the output structure being copied to the application.

tags | exploit
systems | windows
advisories | CVE-2017-11831
MD5 | 819fa28825ba821d4b6515b916dd256a
Microsoft Windows NTFS File System Metadata Disclosures
Posted Nov 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows Kernel suffers from multiple stack and pool memory disclosures into NTFS file system metadata.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11880
MD5 | 82f8fc385cb8e1d9907a4dbdb347c2e4
HP Security Bulletin HPESBMU03795 1
Posted Nov 16, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBMU03795 1 - Security vulnerabilities have been identified in HPE Matrix Operating Environment (MOE) on Windows. The vulnerabilities could be exploited remotely resulting in Unauthenticated Disclosure of Information and indirect vulnerabilities. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | windows
advisories | CVE-2017-8970, CVE-2017-8971, CVE-2017-8972, CVE-2017-8973
MD5 | 8648dae01365e70268230cec0d45ef55
Microsoft Windows Kernel Pool Address Derivation
Posted Nov 15, 2017
Authored by Google Security Research, mjurczyk

The OpenType ATMFD.DLL kernel-mode font driver on Windows has an undocumented "escape" interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The interface is very similar to Buffered IOCTL in nature, and handles 13 different operation codes in the numerical range of 0x2502 to 0x2514. It is accessible to user-mode applications through an exported (but not documented) gdi32!NamedEscape function, which internally invokes the NtGdiExtEscape syscall.

tags | exploit, kernel
systems | windows
MD5 | ac8c580a68213846a36f69940bc63b44
Microsoft Windows Kernel Pool GetFontData Address Leak
Posted Nov 15, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool address is leaked via an undocumented GetFontData feature in ATMFD.

tags | exploit, kernel
systems | windows
MD5 | 0fc9e0391632fca8d511a3b229bca0a1
Anti-Virus Privileged File Write
Posted Nov 15, 2017
Authored by Florian Bogner

Anti-Virus solutions are split into several different components (an unprivileged user mode part, a privileged user mode part and a kernel component). Logically the different systems talk to each other. By abusing NTFS directory junctions it is possible from the unprivileged user mode part ("the UI") to restore files from the virus quarantine with the permissions of the privileged user mode part ("Windows service"). This may results in a privileged file write vulnerability.

tags | exploit, kernel, virus
systems | windows
MD5 | 7862227fbd0c9e346e9689c3307fcd0a
Page 2 of 211
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    11 Files
  • 21
    Feb 21st
    3 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close