exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

Win32k ConsoleControl Offset Confusion / Privilege Escalation
Posted Feb 28, 2022
Authored by Spencer McIntyre, BITTER APT, LiHao, KaLendsi, MaDongZe, TuXiaoYi, JinQuan, L4ys | Site metasploit.com

A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to achieve an out of bounds write operation, eventually leading to privilege escalation. This flaw was originally identified as CVE-2021-1732 and was patched by Microsoft on February 9th, 2021. In early 2022, a technique to bypass the patch was identified and assigned CVE-2022-21882. The root cause is is the same for both vulnerabilities. This exploit combines the patch bypass with the original exploit to function on a wider range of Windows 10 targets.

tags | exploit, root, vulnerability
systems | windows
advisories | CVE-2021-1732, CVE-2022-21882
SHA-256 | 9902434a58e36c7838c71ee860592d8624368fc1b380cf4c9ccf530f09895fd2

Related Files

Secunia Security Advisory 50240
Posted Aug 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Business Events, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 0f934c653687b3c3190527b0ba1147ee5399fae84ad92cc3c33f3716f18c8c14
Secunia Security Advisory 50204
Posted Aug 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Jason A. Donenfeld has discovered a vulnerability in Viscosity, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
SHA-256 | fd0542d8812a18d1176df5a88ecd1854b54de9f65af5d2cf9ebed197c3a23a21
Secunia Security Advisory 50244
Posted Aug 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | windows
SHA-256 | 63491bc1a361b46394d0e770340bc1d62e358ab46fcf9ac1195de71f4c9f6e0e
Secunia Security Advisory 50228
Posted Aug 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Visio, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | e3a48073c43b9d05e8941c081e1360c3645f1cd4a2004b7b13549f120466ee5e
Secunia Security Advisory 50257
Posted Aug 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for python-django. This fixes two security issues and a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, xss, python
systems | linux, debian
SHA-256 | fb3927d6bec81d24005c29a06dbc212f764f4d161f9c53d4a1dd8b08da17db26
Secunia Security Advisory 50268
Posted Aug 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for socat. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, gentoo
SHA-256 | abe1ddb41fee41410a12536c8c6588982c55f250ba71a7cc24991a93590aec31
Secunia Security Advisory 50295
Posted Aug 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to disclose system information.

tags | advisory, kernel, local
systems | linux, redhat
SHA-256 | ec1fa84642b28261b751df1866f0e7c1ed612fdc551a003c186ba18e8601c764
Secunia Security Advisory 50246
Posted Aug 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Condor, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | ab47a5138a9ce5ec63f1504bcdbb93dadf9de8d03dafd5b0a1ce6cfd83142475
Gentoo Linux Security Advisory 201208-06
Posted Aug 15, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201208-6 - A vulnerability in libgdata could allow remote attackers to perform man-in-the-middle attacks. Versions less than 0.8.1-r2 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2012-1177
SHA-256 | 6c9550b2609f2f265e43e99e0791a7773adfb69954890e5f2e3a22021e0ab085
Secunia Security Advisory 50243
Posted Aug 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | windows
SHA-256 | 3921be400542ad8b66f2ad3a5e76763bec88068d4951e85a0d664844d9ce23ed
Secunia Security Advisory 50236
Posted Aug 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | windows
SHA-256 | 312c2d9673be9c4269e466183c43c773e722f5516f299990ed56c53da2cd58a2
Secunia Security Advisory 50285
Posted Aug 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Flash Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | e0733d737d0d8ddbe3aadff8a040109e471ebf225c1b95fa19168f756675e864
Secunia Security Advisory 50286
Posted Aug 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | d6bbe46a29dc3c302794ef44df8800306ce895bfd0c34048b4b956e4c73c2316
Secunia Security Advisory 50248
Posted Aug 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Brendan Coles has discovered two security issues and a vulnerability in TestLink, which can be exploited by malicious people to conduct cross-site forgery attacks and disclose certain sensitive and system information.

tags | advisory
SHA-256 | b75356024a543a0d9fde7722cd0bfef56d5c9bb5cdff27c1f45155eefb22e5ad
Secunia Security Advisory 50251
Posted Aug 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory
SHA-256 | e049e0b801540514dc4f36105c6d528a821ec2b23a16e48e0fdaf8849f69011a
Secunia Security Advisory 50247
Posted Aug 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in some Microsoft products, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 792a63b069aa7a3f73568e6ad5a1f0884ebbf23ffdcbd39d698fa21e085202ef
TestLink 1.9.3 Arbitrary File Upload
Posted Aug 14, 2012
Authored by Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in TestLink versions 1.9.3 and prior. This application has an upload feature that allows any authenticated user to upload arbitrary files to the '/upload_area/nodes_hierarchy/' directory with a randomized file name. The file name can be retrieved from the database using SQL injection.

tags | exploit, arbitrary, sql injection
SHA-256 | d7801d84f2c0b381a4eab2c495d1007bc1e69f64d876b88ff24732a4755a2f71
Secunia Security Advisory 50264
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | cisco
SHA-256 | 1d366967d1b82f4b9c5837e484d97357b744bb397a268d710d56649a30675bb5
Secunia Security Advisory 50189
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IOActive has discovered a vulnerability in FreeBSD, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | freebsd
SHA-256 | 53d6b8949377c0c7ca12b833d41843f87f860e1a7e4d4991c1a51799b39889da
Secunia Security Advisory 50216
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

tags | advisory, denial of service
systems | linux, suse
SHA-256 | c47dbcfbed988fb012fc5678f5bb01004dc25cea272f7fa84fd1fbd2b7b8508d
Secunia Security Advisory 50190
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - loneferret has discovered a vulnerability in Xeams, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | 8b783fab3c869b15f87c49ebe8765b32a51431b0ba60dc51f433a48d321d6fbb
Secunia Security Advisory 50202
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - loneferret has reported a vulnerability in Mailtraq, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | 0fed1f091fa8e947c49a2bc8ed348237c9dd70c2ba8826e594dbf58a285edf86
Secunia Security Advisory 50186
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Apache Qpid, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | ca4a9ca066ded44a60ab8b838d6a9ab0b5cea990d6c69bcb228727ab637ec11b
Secunia Security Advisory 50191
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
SHA-256 | b00d14799769d51a5de94e8d7221471ee7a0effab5e605b523ed775d9aaecb96
Secunia Security Advisory 50194
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for php5. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | linux, suse
SHA-256 | 45138b55a475ee758032d2c386f3048f0566ed3101649affd9b850cebe01c583
Page 2 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close