what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Microsoft Windows NtUserSetWindowFNID Win32k User Callback
Posted Jul 16, 2019
Authored by ze0r, Jacob Robles, Kaspersky Lab | Site metasploit.com

An elevation of privilege vulnerability exists in Microsoft Windows when the Win32k component fails to properly handle objects in memory. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This Metasploit module is tested against Windows 10 v1703 x86.

tags | exploit, x86
systems | windows, 7
advisories | CVE-2018-8453
MD5 | 410d26c4ad5d959638a9e5d77947143e

Related Files

Microsoft Windows Win32k Privilege Escalation
Posted May 23, 2019
Authored by ExpLife0011

Proof of concept exploit for an elevation of privilege vulnerability that exists in Windows when the Win32k component fails to properly handle objects in memory.

tags | exploit, proof of concept
systems | windows
advisories | CVE-2019-0803
MD5 | 91e99823c59717f23a26ea09901bf4fb
Ross Video DashBoard 8.5.1 Insecure Permissions
Posted Apr 23, 2019
Authored by LiquidWorm | Site zeroscience.mk

Ross Video DashBoard version 8.5.1 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.

tags | exploit
MD5 | 213fc44c941da29b2eaecd65db51c680
Microsoft Windows RestrictedErrorInfo Unmarshal Section Handle Use-After-Free
Posted Jan 16, 2019
Authored by James Forshaw, Google Security Research

The WinRT RestrictedErrorInfo does not correctly check the validity of a handle to a section object which results in closing an unrelated handle which can lead to an elevation of privilege.

tags | exploit
advisories | CVE-2019-0570
MD5 | 2dc1425b83ba55c550113e0d3f7b4578
Microsoft Windows SetImeInfoEx Win32k NULL Pointer Dereference
Posted Oct 19, 2018
Authored by Dhiraj Mishra, unamer, bigric3, Anton Cherepanov | Site metasploit.com

This Metasploit module exploits an elevation of privilege vulnerability that exists in Windows 7 and 2008 R2 when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This Metasploit module is tested against windows 7 x86, windows 7 x64 and windows server 2008 R2 standard x64.

tags | exploit, arbitrary, x86, kernel
systems | windows, 7
advisories | CVE-2018-8120
MD5 | 967e04838b302049cc237c549437ccec
Schneider Electric Pelco VideoXpert Privilege Escalation
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Schneider Electric Pelco VideoXpert is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Users' group, for several binary files. The service is installed by default to start on system boot with LocalSystem privileges. Attackers can replace the binary with their rootkit, and on reboot they get SYSTEM privileges.

tags | exploit
MD5 | 2fe804940583feed8e2672643c87628d
OPSI Managed Client Remote Command Execution
Posted Jan 31, 2017
Authored by Simon Bieber

A remote attacker with knowledge of a single machine name and the corresponding OPSI machine key is able to execute arbitrary commands on any OPSI Managed client in the same managed environment by using the Remote Procedure Call (RPC) Interface of the OPSI-Server. The attacker is able to use the SYSTEM privileges of the OPSI Agent on any managed client computer and execute arbitrary commands leading to an elevation of privileges. Affected includes OPSI Server version 4.0.7.26 and OPSI ClientAgent version 4.0.7.10-1.

tags | exploit, remote, arbitrary
MD5 | ee9da89b67a08e7b4cc37b97b97a4235
Windows User Profile Service Privilege Escalation
Posted Oct 17, 2016
Authored by Google Security Research, forshaw

Windows suffers from an elevation of privilege vulnerability in the User Profile Service.

tags | exploit
systems | windows
advisories | CVE-2015-0004
MD5 | 6d809c061e7b0de9c103632a0f395ecd
ZKTeco ZKAccess Professional 3.5.3 Insecure File Permissions
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKAccess suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) for 'Authenticated Users' group. Version 3.5.3 is affected.

tags | exploit
MD5 | 05cfd802f588536de977ba624823c2ce
ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTime.Net suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Everyone' group, making the entire directory 'ZKTimeNet3.0' and its files and sub-dirs world-writable. Version 3.0.1.6 is affected.

tags | exploit
MD5 | a5214c3e7c6c4b35eb1264aa4ddc5e7c
Wowza Streaming Engine 4.5.0 Local Privilege Escalation
Posted Jul 20, 2016
Authored by LiquidWorm | Site zeroscience.mk

Wowza Streaming Engine suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group. In combination with insecure file permissions the application suffers from an unquoted search path issue impacting the services 'WowzaStreamingEngine450' and 'WowzaStreamingEngineManager450' for Windows deployed as part of Wowza Streaming software. Version 4.5.0 build 18676 is affected.

tags | exploit
systems | windows
MD5 | b436a59d1a7e647bb91ff95d5aadac30
Operation Technology ETAP 14.1.0 Local Privilege Escalation
Posted May 22, 2016
Authored by LiquidWorm | Site zeroscience.mk

ETAP suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Authenticated Users' group. Version 14.1.0.0 is affected.

tags | exploit
MD5 | 8c0c10fa8a705c1f883ed568ea6c35d2
WEG SuperDrive G2 12.0.0 Insecure File Permissions
Posted Jan 18, 2016
Authored by LiquidWorm | Site zeroscience.mk

SuperDrive suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Authenticated Users' group.

tags | exploit
MD5 | 742d3a6b76a3af120c6668ed7d938054
iniNet SpiderControl SCADA Web Server Service 2.02 Privilege Escalation
Posted Dec 7, 2015
Authored by LiquidWorm | Site zeroscience.mk

SpiderControl SCADA Web Server Service suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Everyone' and 'Authenticated Users' group making the entire directory 'WWW' and its files and sub-dirs world-writable. Version 2.02.0000 is affected.

tags | exploit, web
MD5 | 5a5a97cb93faa18168eec1c848856e40
iniNet SpiderControl PLC Editor Simatic 6.30.04 Privilege Escalation
Posted Dec 7, 2015
Authored by LiquidWorm | Site zeroscience.mk

SpiderControl PLC Editor Simatic suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group, and 'C' flag (Change) for 'Authenticated Users' group making the entire directory 'PLCEditorSimatic_6300400' and its files and sub-dirs world-writable. Version 6.30.04 is affected.

tags | exploit
MD5 | 123e700828414ac291d05305a73de48f
VBox Satellite Express Arbitrary Write Privilege Escalation
Posted Sep 19, 2015
Authored by Matthew Bergin

A vulnerability within the ndvbs module allows an attacker to inject memory they control into an arbitrary location they define. This vulnerability can be used to overwrite function pointers in HalDispatchTable resulting in an elevation of privilege. suffers from code execution, and local file inclusion vulnerabilities.

tags | exploit, arbitrary, local, vulnerability, code execution, file inclusion
advisories | CVE-2015-6923
MD5 | c56337361b901c4e2f2fbad2bf8b4456
XGI Windows VGA Display Manager Privilege Escalation
Posted Sep 2, 2015
Authored by Matthew Bergin

A vulnerability within the xrvkp module allows an attacker to inject memory they control into an arbitrary location they define. This vulnerability can be used to overwrite function pointers in HalDispatchTable resulting in an elevation of privilege.

tags | advisory, arbitrary
advisories | CVE-2015-5466
MD5 | fa7a30390f3068edb084017fce9f34b0
HPE Security Bulletin HPSBUX03369 SSRT102037 1
Posted Aug 21, 2015
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPSBUX03369 SSRT102037 1 - A potential security vulnerability have been identified with HP-UX programs using the execve(2) system call. The vulnerability could be exploited locally to create an elevation of privilege. Revision 1 of this advisory.

tags | advisory
systems | hpux
advisories | CVE-2015-2132
MD5 | bd5440d8a3372131b936fca98fdde037
Ubisoft Uplay 5.0 Insecure File Permissions Local Privilege Escalation
Posted Feb 25, 2015
Authored by LiquidWorm | Site zeroscience.mk

Uplay for PC suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Users' group, making the entire directory 'Ubisoft Game Launcher' and its files and sub-dirs world-writable.

tags | exploit
MD5 | 1824ce0969f550927ece68359aa4496e
Telefonica O2 Connection Manager 3.4 Local Privilege Escalation
Posted Oct 10, 2014
Authored by LiquidWorm | Site zeroscience.mk

O2 Connection Manager suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable files with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group, making the entire directory 'O2 Connection Manager' and its files and sub-dirs world-writable.

tags | exploit
MD5 | 4d033bd9ea18075264665e2c94456f52
Ubisoft Uplay 4.6 Insecure File Permissions Local Privilege Escalation
Posted Jul 6, 2014
Authored by LiquidWorm | Site zeroscience.mk

Uplay for PC suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group, making the entire directory 'Ubisoft Game Launcher' and its files and sub-dirs world-writable. Versions 4.7.3208 and 4.5.2.3010 are affected.

tags | exploit
MD5 | 940048eacc4ed05fcbaf133b9d0df577
HP Security Bulletin HPSBHF02946 2
Posted May 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02946 2 - A potential security vulnerability has been identified with certain HP servers that use NVIDIA Computing GPU processors. The vulnerability could be exploited resulting in an elevation of privilege. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2013-5987
MD5 | f1c9adfd1adad00dbde16b585a279799
HP Security Bulletin HPSBHF02946
Posted May 9, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02946 - A potential security vulnerability has been identified with certain HP servers that use NVIDIA Computing GPU processors. The vulnerability could be exploited resulting in an elevation of privilege. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2013-5987
MD5 | ce34c2f6779c636a1e10ae2fbb870848
HP Security Bulletin HPSBMU02975
Posted Mar 14, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02975 - A potential security vulnerability has been identified in HP Smart Update Manager for Linux version 5.3.5. The vulnerability could be exploited to allow an elevation of privileges on the target system. Revision 1 of this advisory.

tags | advisory
systems | linux
advisories | CVE-2013-6208
MD5 | a407e7e6a29737646dc9d68b02c2598a
Aloaha Credential Provider Monitor 5.0.226 Privilege Escalation
Posted Jan 20, 2013
Authored by LiquidWorm | Site zeroscience.mk

The Aloaha Credential Provider Service is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Everyone' group, for the 'AloahaCredentialProviderService.exe' binary file. The service was shipped with Aloaha PDF Saver and possibly every SmartCard Software package from Aloaha. The files are installed in the 'Wrocklage' directory which has the Everyone group assigned to it with full permissions making every single file inside vulnerable to change by any user on the affected machine. After you replace the binary with your rootkit, on reboot you get SYSTEM privileges. Version 5.0.226 is affected.

tags | exploit
MD5 | 8e4bc09536a472c7c22413f8af74b590
SopCast 3.4.7 Improper Permissions
Posted Dec 5, 2011
Authored by LiquidWorm | Site zeroscience.mk

SopCast is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. Version 3.4.7.45585 is affected.

tags | exploit
MD5 | b2c5864616ba68698eca6bd92cc09572
Page 1 of 4
Back1234Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    10 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close