what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 6,782 RSS Feed

Operating System: Windows

Microsoft RRAS InterfaceAdjustVLSPointers NULL Dereference
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module triggers a NULL dereference in svchost.exe on all current versions of Windows that run the RRAS service. This service is only accessible without authentication on Windows XP SP1 (using the SRVSVC pipe).

tags | exploit
systems | windows, xp
SHA-256 | 8059fb8c22d151c258655d2081e63afe11bd42018fe842fb2ca56e2bfad094d4
Microsoft Windows NAT Helper Denial of Service
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module exploits a denial of service vulnerability within the Internet Connection Sharing service in Windows XP.

tags | exploit, denial of service
systems | windows, xp
advisories | CVE-2006-5614
SHA-256 | 4081d9e66e799fc1ee17b0b334e5116b16098d5626022f9a6fbefbbbbb1c9417
MS02-063 PPTP Malformed Control Data Kernel Denial of Service
Posted Aug 31, 2024
Authored by aushack | Site metasploit.com

This Metasploit module exploits a kernel based overflow when sending abnormal PPTP Control Data packets to Microsoft Windows 2000 SP0-3 and XP SP0-1 based PPTP RAS servers (Remote Access Services). Kernel memory is overwritten resulting in a BSOD. Code execution may be possible however this module is only a DoS.

tags | exploit, remote, overflow, kernel, code execution
systems | windows, 2k
advisories | CVE-2002-1214
SHA-256 | f6b900c41ad128f7eb0865eabc39ca4b0dca932339d32bf7d9c3aab93b77cce7
Wireshark Analyzer 4.4.0
Posted Aug 29, 2024
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: 4.4.0 is the new stable release of Wireshark.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | ead5cdcc08529a2e7ce291e01defc3b0f8831ba24c938db0762b1ebc59c71269
Microsoft Windows IPv6 CVE-2024-38063 Checker / Denial Of Service
Posted Aug 29, 2024
Authored by Photubias

Microsoft Windows IPv6 vulnerability checking proof of concept python script that causes a denial of service. Windows 10 and 11 versions under 10.0.26100.1457 and Server 2016-2019-2022 versions under 10.0.17763.6189 are affected.

tags | exploit, denial of service, proof of concept, python
systems | windows
advisories | CVE-2024-38063
SHA-256 | 04c38d06a082513de8abf2875e18f1ebec41c245eac05cf7f60cc0cff919185a
Microsoft Windows IPv6 Memory Corruption
Posted Aug 28, 2024
Authored by Aung Myat | Site github.com

This python script is a proof of concept exploit that demonstrates a IPv6 related memory corruption in Microsoft Windows.

tags | exploit, proof of concept, python
systems | windows
advisories | CVE-2024-38063
SHA-256 | e6be8f94e65ac49e1c64112d19884e8a3c0da0f9997c4e2f50859639ac393ab4
Red Hat Security Advisory 2024-5749-03
Posted Aug 22, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-5749-03 - The components for Red Hat OpenShift for Windows Containers 10.16.1 are now available.

tags | advisory
systems | linux, redhat, windows
SHA-256 | 7f1b9147b8b48896815634ad24330781a0d14e2bae9524dbca09c8fbbb8190c6
Red Hat Security Advisory 2024-5745-03
Posted Aug 22, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-5745-03 - The components for Red Hat OpenShift for Windows Containers 10.15.3 are now available.

tags | advisory
systems | linux, redhat, windows
SHA-256 | 2a472f2663c8e786a51436e3044912225ec85ad38c92226fdc4b945a82df8a3c
Microsoft CLFS.sys Denial of Service
Posted Aug 14, 2024
Authored by ricnar456 | Site github.com

CVE-2024-6768 is a vulnerability in the Common Log File System (CLFS.sys) driver of Windows, caused by improper validation of specified quantities in input data. This flaw leads to an unrecoverable inconsistency, triggering the KeBugCheckEx function and resulting in a Blue Screen of Death (BSoD). The issue affects all versions of Windows 10 and Windows 11, Windows Server 2016, Server 2019 and Server 2022 despite having all updates applied. This Proof of Concept (PoC) shows that by crafting specific values within a .BLF file, an unprivileged user can induce a system crash.

tags | exploit, proof of concept
systems | windows
advisories | CVE-2024-6768
SHA-256 | 0ec1d82e1e6a31fe57b2e6f518e950e98281a0c7e322246a6ffaddcc34e5296a
MalwareBytes 19 Arbitrary File Deletion / Privilege Escalation
Posted Aug 14, 2024
Authored by Juan Sacco | Site github.com

Malwarebytes is prone to an arbitrary file deletion (usage of DeleteFileW by MBAMService.exe) running as SYSTEM. This process can be manipulated from a non-admin user because it fails to properly filter the user supplied input while scanning a file, this vulnerability leads to a privilege escalation. This exploit was tested on Windows 10 Pro version 22H2 (OS Build 19045.4412). Versions 19 and below are affected.

tags | exploit, arbitrary
systems | windows
SHA-256 | eca87917d810bdde90422062bea7bd5546bee077531f56dba38a618f2f1d6611
Backdoor.Win32.Nightmare.25 MVID-2024-0687 Code Execution
Posted Aug 12, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Nightmare.25 malware suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
SHA-256 | 913e7fbeebf6842756fdf04349d73c4d478f8bc2b97fff487bffb398416d08aa
Windows Firewall Control 6.11.0 Unquoted Service Path
Posted Aug 8, 2024
Authored by Milad Karimi

Windows Firewall Control version 6.11.0 suffers from an unquoted service path vulnerability.

tags | exploit
systems | windows
SHA-256 | a882c58f42ff14820df9c9336910eac40c4b435d9f10314db3d2344d3d43aff3
Red Hat Security Advisory 2024-5025-03
Posted Aug 7, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-5025-03 - Red Hat JBoss Web Server 5.8.1 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.

tags | advisory, web
systems | linux, redhat, windows
advisories | CVE-2024-34750
SHA-256 | 82beb02ec9626985555a39bc48ca532fec011a8ca2db3dba8eae4b91435b87f5
Red Hat Security Advisory 2024-4977-03
Posted Aug 7, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4977-03 - Red Hat JBoss Web Server 6.0.3 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.

tags | advisory, web
systems | linux, redhat, windows
advisories | CVE-2024-34750
SHA-256 | a05cfa31ea306bc1a212bcd45e989be000186ee7000d8eedc72b6c66cfe11b8d
MIMEDefang Email Scanner 3.5
Posted Jul 30, 2024
Authored by Dianne Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: Improved how filter elapsed time is calculated. Removed socket file on exit. Added an option to disable DKIM header lines wrap. Added action_greylist to support basic greylisting. Removed CR from multiline header's values. Simplified newline and return/newline handling. Added a sub to send a multipart mail message using Sendmail. Added a sub to check emails using Mail::SpamAssassin::Client. Added re_match_in_tgz_directory sub to block attachments in .tgz files. Added a Mail::MIMEDefang::SPF module to do Sender Policy Framework checks.
tags | tool
systems | windows, unix
SHA-256 | bec730e35bb8f3fb2198590047c4a20636d125cc62341460f946d4671b52da7b
Softing Secure Integration Server 1.22 Remote Code Execution
Posted Jul 22, 2024
Authored by mr_me, Chris Anastasio, Imran E. Dawoodjee | Site metasploit.com

This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using the "restore configuration" feature to upload a zip file containing a path traversal file which is a dll called ..\..\..\..\..\..\..\..\..\..\..\Windows\System32\wbem\wbemcomn.dll. This causes the file C:\Windows\System32\wbem\wbemcomn.dll to be created and executed upon touching the disk. In CVE-2022-2334, the planted wbemcomn.dll is used in a DLL hijacking attack when Softing Secure Integration Server restarts upon restoring configuration, which allows us to execute arbitrary code on the target system. The chain demonstrated in Pwn2Own used a signature instead of a password. The signature was acquired by running an ARP spoofing attack against the local network where the Softing SIS server was located. A username is also required for signature authentication. A custom DLL can be provided to use in the exploit instead of using the default MSF-generated one.

tags | exploit, remote, arbitrary, local, spoof, vulnerability, code execution
systems | windows
advisories | CVE-2022-1373, CVE-2022-2334
SHA-256 | 138c45447c1d3fa090b4666327e202412f377f34d7873c3c578299783f2b2a43
Wireshark Analyzer 4.2.6
Posted Jul 11, 2024
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: The releases notes do not show any updates but hey, new version!
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | 5ec6028df29068d889c98489bf194a884b00831106fea1e921fea3c65f2003f5
Red Hat Security Advisory 2024-1477-03
Posted Jun 27, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1477-03 - The components for Red Hat OpenShift for Windows Containers 8.1.2 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.

tags | advisory
systems | linux, redhat, windows
advisories | CVE-2021-35937
SHA-256 | 422de2aff9b71e587dc3e6f2137d6581c267777dd052e5da1d7f0e24e67dd944
PHP CGI Argument Injection Remote Code Execution
Posted Jun 18, 2024
Authored by Orange Tsai, sfewer-r7, WatchTowr | Site metasploit.com

This Metasploit module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant (such as Chinese or Japanese), such that the Unicode best-fit conversion scheme will unexpectedly convert a soft hyphen (0xAD) into a dash (0x2D) character. Additionally a target web server must be configured to run PHP under CGI mode, or directly expose the PHP binary. This issue has been fixed in PHP 8.3.8 (for the 8.3.x branch), 8.2.20 (for the 8.2.x branch), and 8.1.29 (for the 8.1.x branch). PHP 8.0.x and below are end of life and have note received patches. XAMPP is vulnerable in a default configuration, and we can target the /php-cgi/php-cgi.exe endpoint. To target an explicit .php endpoint (e.g. /index.php), the server must be configured to run PHP scripts in CGI mode.

tags | exploit, web, cgi, php
systems | windows
advisories | CVE-2024-4577
SHA-256 | c2545000b9fdd9d40a19e238932d2917bdfb1a41c680df6e0ffb2128341c38ef
Backdoor.Win32.Plugx MVID-2024-0686 Insecure Permissions
Posted Jun 18, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Plugx malware suffers from an insecure permissions vulnerability.

tags | exploit
systems | windows
SHA-256 | 7076c980aa6786c8d24e01b045aeb9ab8e22593c4f8397211e8cadd230e53ac2
VSCode ipynb Remote Code Execution
Posted Jun 11, 2024
Authored by h00die, Zemnmez | Site metasploit.com

VSCode when opening a Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at startup. During testing, the first open of the Jupyter notebook resulted in pop-ups displaying errors of unable to find the payload exe file. The second attempt at opening the Jupyter notebook would result in successful execution. Successfully tested against VSCode 1.70.2 on Windows 10.

tags | exploit, arbitrary, javascript
systems | windows
advisories | CVE-2022-41034
SHA-256 | dfacdfad1b8092f162656aa7bc4778fc74536b788b7075dfea96dafa5efb29f3
Trojan.Win32.DarkGateLoader MVID-2024-0685 Code Execution
Posted Jun 6, 2024
Authored by malvuln | Site malvuln.com

Multiple variants of Trojan.Win32.DarkGateLoader malware suffer from a code execution vulnerability.

tags | exploit, trojan, code execution
systems | windows
SHA-256 | 0c34abb7ef5cf7c84cae2320156b2bd5e182a1b8db58b16cf858d0ef615eda5e
NorthStar C2 Cross Site Scripting / Code Execution
Posted May 22, 2024
Authored by h00die, chebuya | Site metasploit.com

NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is vulnerable to a stored cross site scripting issue. An unauthenticated user can simulate an agent registration to cause the cross site scripting attack and take over a users session. With this access, it is then possible to run a new payload on all of the NorthStar C2 compromised hosts (agents), and kill the original agent. Successfully tested against NorthStar C2 commit e7fdce148b6a81516e8aa5e5e037acd082611f73 running on Ubuntu 22.04. The agent was running on Windows 10 19045.

tags | exploit, xss
systems | linux, windows, ubuntu
advisories | CVE-2024-28741
SHA-256 | e5fdc1eb511aee9e0ced55911325ab4ed7c9efe59d20347fc192d3a17a7fa844
Wireshark Analyzer 4.2.5
Posted May 16, 2024
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: The releases notes do not show any updates but hey, new version!
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | 55e793ab87a9a73aac44336235c92cb76c52180c469b362ed3a54f26fbb1261f
Apple Security Advisory 05-08-2024-1
Posted May 15, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 05-08-2024-1 - iTunes 12.13.2 for Windows addresses a code execution vulnerability.

tags | advisory, code execution
systems | windows, apple
advisories | CVE-2024-27793
SHA-256 | 5f0227fe139f7793aad3f6800152423342e9c7d7768a34a0e0f628ca78a3baf9
Page 5 of 272
Back34567Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close