Twenty Year Anniversary
Showing 101 - 125 of 5,318 RSS Feed

Operating System: Windows

Microsoft Windows Kernel Pool GetFontData Address Leak
Posted Nov 15, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool address is leaked via an undocumented GetFontData feature in ATMFD.

tags | exploit, kernel
systems | windows
MD5 | 0fc9e0391632fca8d511a3b229bca0a1
Anti-Virus Privileged File Write
Posted Nov 15, 2017
Authored by Florian Bogner

Anti-Virus solutions are split into several different components (an unprivileged user mode part, a privileged user mode part and a kernel component). Logically the different systems talk to each other. By abusing NTFS directory junctions it is possible from the unprivileged user mode part ("the UI") to restore files from the virus quarantine with the permissions of the privileged user mode part ("Windows service"). This may results in a privileged file write vulnerability.

tags | exploit, kernel, virus
systems | windows
MD5 | 7862227fbd0c9e346e9689c3307fcd0a
PSFTPd Windows FTP Server 10.0.4 Build 729 Use-After-Free / Log Injection
Posted Nov 10, 2017
Authored by Markus Vervier, Eric Sesterhenn

PSFTPd Windows FTP Server version 10.0.4 Build 729 suffers from use-after-free, log injection, and various other vulnerabilities.

tags | exploit, vulnerability
systems | windows
advisories | CVE-2017-15269, CVE-2017-15270, CVE-2017-15271, CVE-2017-15272
MD5 | a6b220a3915564ca47ef1ce14c453651
Datto Windows Agent Remote Code Execution
Posted Nov 9, 2017
Authored by Michael Brumlow, Brian Vincent

Datto Windows Agent suffers from multiple remote code execution vulnerabilities.

tags | advisory, remote, vulnerability, code execution
systems | windows
advisories | CVE-2017-16673, CVE-2017-16674
MD5 | 676d485c422ed3c22a813b3845e1997a
Microsoft Windows LNK File Code Execution
Posted Nov 8, 2017
Authored by Yorick Koster, Spencer McIntyre | Site metasploit.com

This Metasploit module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except an additional SpecialFolderDataBlock is included. The folder ID set in this SpecialFolderDataBlock is set to the Control Panel. This is enough to bypass the CPL whitelist. This bypass can be used to trick Windows into loading an arbitrary DLL file. The PATH option must be an absolute path to a writeable directory which is indexed for searching. If no PATH is specified, the module defaults to %USERPROFILE%.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2015-0095, CVE-2017-8464
MD5 | e8d2e4d615be10d88bf8b20b6b549143
Dialog Mobile Broadband 23.015.11.01.297 DLL Hijacking
Posted Nov 6, 2017
Authored by Himash N

Dialog Mobile Broadband version 23.015.11.01.297 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | d50ba80bd092d2bcf2040522c57ed047
MIMEDefang Email Scanner 2.83
Posted Nov 1, 2017
Authored by Dianne Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: Minor tweaks to the sample filter. Updates to mimedefang-multiplexor. Various other updates.
tags | tool
systems | windows, unix
MD5 | 77b2f2178727dc600a9c1cf075b0ecd8
Apple Security Advisory 2017-10-31-7
Posted Nov 1, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-10-31-7 - iCloud for Windows 7.1 is now available and addresses multiple code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | windows, apple, 7
advisories | CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803
MD5 | 26891f75fd57c0122ac654f4a17c984c
Apple Security Advisory 2017-10-31-6
Posted Nov 1, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-10-31-6 - iTunes 12.7.1 for Windows is now available and addresses multiple code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | windows, apple
advisories | CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803
MD5 | 4a902dbb65b5e5fff878166c822f5799
Microsoft Windows 10 Creators Update 32-bit Ring-0 Code Execution
Posted Oct 30, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows 10 Creators Update suffers from a 32-bit execution of ring-0 code from NULL page via NtQuerySystemInformation (class 185, Warbird functionality).

tags | advisory
systems | windows
MD5 | 3b1777f8309fb6e91148a1b542d501ef
Windows Attachment Manager Incorrect High Risk JAR Handling
Posted Oct 27, 2017
Authored by Stevie Lamb

The Windows Attachment Manager does not correctly handle JAR files marked as high risk when accessed via Internet Explorer 11.

tags | advisory
systems | windows
MD5 | 0a2b101ba0ba57f6c9393f4be248261b
Windows NTLM Auth Hash Disclosure / Denial Of Service
Posted Oct 25, 2017
Authored by Juan Diego

Under certain circumstances a shared folder on Windows can be abused remotely to obtain the user credentials and to freeze the machine.

tags | exploit
systems | windows
MD5 | 75df1861286943e3f336ac2f00048071
Hacksys Extreme Vulnerable Windows Driver Analysis Part 1
Posted Oct 19, 2017
Authored by Alireza Chegini

Whitepaper called Hacksys Extreme Vulnerable Windows Driver Analysis. Part 1 of a series. Written in Arabic.

tags | paper
systems | windows
MD5 | c6aaef0e16af84719f2f55fdbf70e8db
Microsoft Windows GDFMaker 6.3.9600.16384 XXE Injection
Posted Oct 18, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows Game Definition File Editor (GDFMaker) version 6.3.9600.16384 suffers from an XML external entity injection vulnerability.

tags | exploit
systems | windows
MD5 | c7d0ae4a7bf14a2d1e2cae2ae115040a
Windows Kernel Pool Ntfs!LfsRestartLogFile Memory Disclosure
Posted Oct 16, 2017
Authored by Google Security Research, mjurczyk

This advisory discusses a Microsoft Windows kernel pool memory disclosure into NTFS metadata ($LogFile) in Ntfs!LfsRestartLogFile.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11817
MD5 | f4472007f780b633aa086c20fa3c9ee8
Windows Kernel Pool nt!RtlpCopyLegacyContextX86 Memory Disclosure
Posted Oct 16, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool suffers from a nt!RtlpCopyLegacyContextX86 related memory disclosure vulnerability.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11784
MD5 | e7fc69388cdf09d854702265504b52eb
Windows x64 API Hooking Shellcode
Posted Oct 16, 2017
Authored by Roziul Hasan Khan Shifat

117 bytes small Windows x64 API hooking shellcode.

tags | shellcode
systems | windows
MD5 | 0e1f30f71a25c4a08e91b66ad4ca90de
SyncBreeze 10.1.16 SEH GET Overflow
Posted Oct 13, 2017
Authored by wetw0rk | Site metasploit.com

There exists an unauthenticated SEH based vulnerability in the HTTP server of Sync Breeze Enterprise version 10.1.16, when sending a GET request with an excessive length it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account. The SEH record is overwritten with a "POP,POP,RET" pointer from the application library libspp.dll. This exploit has been successfully tested on Windows XP, 7 and 10 (x86->x64). It should work against all versions of Windows and service packs.

tags | exploit, web, x86
systems | windows, nt, xp
MD5 | d7371f0084bb280d35baaca73d2c929d
Windows Escalate UAC Protection Bypass (In Memory Injection) Abusing WinSXS
Posted Oct 12, 2017
Authored by Ernesto Fernandez | Site metasploit.com

This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off by abusing the way "WinSxS" works in Windows systems. This Metasploit module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead of three separate binaries in the standard technique. However, it requires the correct architecture to be selected, (use x64 for SYSWOW64 systems also).

tags | exploit, shell
systems | windows
MD5 | 168e1d24d366b109430b6a8f6c85ad79
Wireshark Analyzer 2.4.2
Posted Oct 10, 2017
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Various updates.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | 237525d8f189f1253ca18b00a055eccb
PostgreSQL 10 Installer For Windows DLL Hijacking
Posted Oct 10, 2017
Authored by Stefan Kanthak

The PostgreSQL 10 installer for Windows suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | f46c2b1ad8a1d5e4276cb73262711868
Microsoft Windows 10 x64 RS2 win32kfull!bFill Overflow
Posted Oct 6, 2017
Authored by siberas

This is a collection of exploits for the recently-patched win32kfull!bFill vulnerability. Executing the Palette or Bitmap exploit will give you SYSTEM privileges on the affected system. The exploits should work fine on Windows 10 x64 with Creators Update, build 15063.540 (latest version of Win10 before the release of Microsoft's September Updates).

tags | exploit, overflow
systems | windows
advisories | CVE-2016-3309
MD5 | 1bbb2193435fcfc4958108cf2fde83e9
HP Security Bulletin HPESBMU03753 1
Posted Oct 3, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBMU03753 1 - Several potential security vulnerabilities have been identified in HPE System Management Homepage (SMH) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Cross-site scripting, local and remote Denial of Service, local and remote execution of arbitrary code, local elevation of privilege and local unqualified configuration change. Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability, xss
systems | linux, windows
advisories | CVE-2016-8743, CVE-2017-12544, CVE-2017-12545, CVE-2017-12546, CVE-2017-12547, CVE-2017-12548, CVE-2017-12549, CVE-2017-12550, CVE-2017-12551, CVE-2017-12552, CVE-2017-12553
MD5 | 3610a8a805b73bebd3f6895b697cadac
EMC AppSync Host Plug-In 3.5 Denial Of Service
Posted Sep 28, 2017
Site emc.com

EMC AppSync host plug-in on Windows platform includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 3.5 and below are affected.

tags | advisory, denial of service
systems | windows
advisories | CVE-2017-8018
MD5 | 0dc5c768a6b91e7f30ed970745210698
Apple Security Advisory 2017-09-25-8
Posted Sep 28, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-09-25-8 - iTunes 12.7 for Windows addresses code execution, memory corruption, and various other vulnerabilities.

tags | advisory, vulnerability, code execution
systems | windows, apple
advisories | CVE-2017-7081, CVE-2017-7087, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120
MD5 | 306ff87175ca8e8645b30d800ae4ccb2
Page 5 of 213
Back34567Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    2 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close