This Metasploit module triggers a NULL dereference in svchost.exe on all current versions of Windows that run the RRAS service. This service is only accessible without authentication on Windows XP SP1 (using the SRVSVC pipe).
8059fb8c22d151c258655d2081e63afe11bd42018fe842fb2ca56e2bfad094d4
This Metasploit module exploits a denial of service vulnerability within the Internet Connection Sharing service in Windows XP.
4081d9e66e799fc1ee17b0b334e5116b16098d5626022f9a6fbefbbbbb1c9417
This Metasploit module exploits a kernel based overflow when sending abnormal PPTP Control Data packets to Microsoft Windows 2000 SP0-3 and XP SP0-1 based PPTP RAS servers (Remote Access Services). Kernel memory is overwritten resulting in a BSOD. Code execution may be possible however this module is only a DoS.
f6b900c41ad128f7eb0865eabc39ca4b0dca932339d32bf7d9c3aab93b77cce7
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
ead5cdcc08529a2e7ce291e01defc3b0f8831ba24c938db0762b1ebc59c71269
Microsoft Windows IPv6 vulnerability checking proof of concept python script that causes a denial of service. Windows 10 and 11 versions under 10.0.26100.1457 and Server 2016-2019-2022 versions under 10.0.17763.6189 are affected.
04c38d06a082513de8abf2875e18f1ebec41c245eac05cf7f60cc0cff919185a
This python script is a proof of concept exploit that demonstrates a IPv6 related memory corruption in Microsoft Windows.
e6be8f94e65ac49e1c64112d19884e8a3c0da0f9997c4e2f50859639ac393ab4
Red Hat Security Advisory 2024-5749-03 - The components for Red Hat OpenShift for Windows Containers 10.16.1 are now available.
7f1b9147b8b48896815634ad24330781a0d14e2bae9524dbca09c8fbbb8190c6
Red Hat Security Advisory 2024-5745-03 - The components for Red Hat OpenShift for Windows Containers 10.15.3 are now available.
2a472f2663c8e786a51436e3044912225ec85ad38c92226fdc4b945a82df8a3c
CVE-2024-6768 is a vulnerability in the Common Log File System (CLFS.sys) driver of Windows, caused by improper validation of specified quantities in input data. This flaw leads to an unrecoverable inconsistency, triggering the KeBugCheckEx function and resulting in a Blue Screen of Death (BSoD). The issue affects all versions of Windows 10 and Windows 11, Windows Server 2016, Server 2019 and Server 2022 despite having all updates applied. This Proof of Concept (PoC) shows that by crafting specific values within a .BLF file, an unprivileged user can induce a system crash.
0ec1d82e1e6a31fe57b2e6f518e950e98281a0c7e322246a6ffaddcc34e5296a
Malwarebytes is prone to an arbitrary file deletion (usage of DeleteFileW by MBAMService.exe) running as SYSTEM. This process can be manipulated from a non-admin user because it fails to properly filter the user supplied input while scanning a file, this vulnerability leads to a privilege escalation. This exploit was tested on Windows 10 Pro version 22H2 (OS Build 19045.4412). Versions 19 and below are affected.
eca87917d810bdde90422062bea7bd5546bee077531f56dba38a618f2f1d6611
Backdoor.Win32.Nightmare.25 malware suffers from a code execution vulnerability.
913e7fbeebf6842756fdf04349d73c4d478f8bc2b97fff487bffb398416d08aa
Windows Firewall Control version 6.11.0 suffers from an unquoted service path vulnerability.
a882c58f42ff14820df9c9336910eac40c4b435d9f10314db3d2344d3d43aff3
Red Hat Security Advisory 2024-5025-03 - Red Hat JBoss Web Server 5.8.1 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.
82beb02ec9626985555a39bc48ca532fec011a8ca2db3dba8eae4b91435b87f5
Red Hat Security Advisory 2024-4977-03 - Red Hat JBoss Web Server 6.0.3 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.
a05cfa31ea306bc1a212bcd45e989be000186ee7000d8eedc72b6c66cfe11b8d
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
bec730e35bb8f3fb2198590047c4a20636d125cc62341460f946d4671b52da7b
This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using the "restore configuration" feature to upload a zip file containing a path traversal file which is a dll called ..\..\..\..\..\..\..\..\..\..\..\Windows\System32\wbem\wbemcomn.dll. This causes the file C:\Windows\System32\wbem\wbemcomn.dll to be created and executed upon touching the disk. In CVE-2022-2334, the planted wbemcomn.dll is used in a DLL hijacking attack when Softing Secure Integration Server restarts upon restoring configuration, which allows us to execute arbitrary code on the target system. The chain demonstrated in Pwn2Own used a signature instead of a password. The signature was acquired by running an ARP spoofing attack against the local network where the Softing SIS server was located. A username is also required for signature authentication. A custom DLL can be provided to use in the exploit instead of using the default MSF-generated one.
138c45447c1d3fa090b4666327e202412f377f34d7873c3c578299783f2b2a43
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
5ec6028df29068d889c98489bf194a884b00831106fea1e921fea3c65f2003f5
Red Hat Security Advisory 2024-1477-03 - The components for Red Hat OpenShift for Windows Containers 8.1.2 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
422de2aff9b71e587dc3e6f2137d6581c267777dd052e5da1d7f0e24e67dd944
This Metasploit module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant (such as Chinese or Japanese), such that the Unicode best-fit conversion scheme will unexpectedly convert a soft hyphen (0xAD) into a dash (0x2D) character. Additionally a target web server must be configured to run PHP under CGI mode, or directly expose the PHP binary. This issue has been fixed in PHP 8.3.8 (for the 8.3.x branch), 8.2.20 (for the 8.2.x branch), and 8.1.29 (for the 8.1.x branch). PHP 8.0.x and below are end of life and have note received patches. XAMPP is vulnerable in a default configuration, and we can target the /php-cgi/php-cgi.exe endpoint. To target an explicit .php endpoint (e.g. /index.php), the server must be configured to run PHP scripts in CGI mode.
c2545000b9fdd9d40a19e238932d2917bdfb1a41c680df6e0ffb2128341c38ef
Backdoor.Win32.Plugx malware suffers from an insecure permissions vulnerability.
7076c980aa6786c8d24e01b045aeb9ab8e22593c4f8397211e8cadd230e53ac2
VSCode when opening a Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at startup. During testing, the first open of the Jupyter notebook resulted in pop-ups displaying errors of unable to find the payload exe file. The second attempt at opening the Jupyter notebook would result in successful execution. Successfully tested against VSCode 1.70.2 on Windows 10.
dfacdfad1b8092f162656aa7bc4778fc74536b788b7075dfea96dafa5efb29f3
Multiple variants of Trojan.Win32.DarkGateLoader malware suffer from a code execution vulnerability.
0c34abb7ef5cf7c84cae2320156b2bd5e182a1b8db58b16cf858d0ef615eda5e
NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is vulnerable to a stored cross site scripting issue. An unauthenticated user can simulate an agent registration to cause the cross site scripting attack and take over a users session. With this access, it is then possible to run a new payload on all of the NorthStar C2 compromised hosts (agents), and kill the original agent. Successfully tested against NorthStar C2 commit e7fdce148b6a81516e8aa5e5e037acd082611f73 running on Ubuntu 22.04. The agent was running on Windows 10 19045.
e5fdc1eb511aee9e0ced55911325ab4ed7c9efe59d20347fc192d3a17a7fa844
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
55e793ab87a9a73aac44336235c92cb76c52180c469b362ed3a54f26fbb1261f
Apple Security Advisory 05-08-2024-1 - iTunes 12.13.2 for Windows addresses a code execution vulnerability.
5f0227fe139f7793aad3f6800152423342e9c7d7768a34a0e0f628ca78a3baf9