This script is a proof of concept to bypass the Microsoft Windows User Access Control (UAC) via SluiFileHandlerHijackLPE.
76887c2ea927367c717be6c7a61a4c47Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained. This archive contains the proof of concept code that demonstrates these vulnerabilities which were originally made public in March of 2019.
2c80166b698e465440e3bf6ffd7c105eA type confusion has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash the process or leak information from the client system via calendar replies. Proof of concept included.
a33d7e36196d4e9a0a3f169c53c92555A stack-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.
49abf1b78a3de04f368979532aefb985A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.
57730181dc38a3336a3cbd8039969dcfFree SMTP Server version 2.5 denial of service proof of concept exploit.
251cf82e96f4079a0c51f6fba20fe551Cyberoam Transparent Authentication Suite version 2.1.2.5 Fully Qualified Domain Name and NetBIOS Name proof of concept denial of service exploits.
406e1b9e3e42f78695b5d0d18723294eCyberoam SSLVPN Client version 1.3.1.30 Connect To Server and HTTP Proxy proof of concept denial of service exploits.
58792727a37ee5f583bba7e302d5a4acCyberoam General Authentication Client version 2.1.2.7 denial of service proof of concept exploit.
25fb3135d2b03bfe127615a267f294beFast AVI MPEG Joiner version 1.2.0812 License Name proof of concept denial of service exploit.
2faf3b46f2c524d909685620bc2709e4Pidgin version 2.13.0 denial of service proof of concept exploit.
28207d4cc0edd814d45b493ac9e546cdOpencart versions 3.0.3.2 and below extension/feed/google_base remote denial of service proof of concept exploit.
8f7d02198514d6db4dfef8e0e72e0139Proof of concept exploit for an elevation of privilege vulnerability that exists in Windows when the Win32k component fails to properly handle objects in memory.
91e99823c59717f23a26ea09901bf4fbNetAware version 1.20 Share Name and Add Block denial of service proof of concept exploits.
a38547dd80a67a5d5a0b40a2186404d3Terminal Services Manager version 3.2.1 denial of service proof of concept exploit.
8505d3266959fbe399e4b016b5dd03eeMicrosoft Windows task scheduler .job import arbitrary DACL write proof of concept exploit.
52b9f1fd108ce77586d458c8e25878fbTapinRadio version 2.11.6 Address denial of service proof of concept exploit.
e23d018eb2158ed1b3894de02dcbfb31BlueStacks version 4.80.0.1060 denial of service proof of concept exploit.
747c9bb73ad4ab38e59f1dccda79856cRarmaRadio version 2.72.3 Server and Username proof of concept denial of service exploits.
b67247c5346ea62ca0d016cb5013d0ebSecurity controls configured via php.ini directives at the PHP_INI_SYSTEM level are ineffective as they could be bypassed by malicious scripts via writing their own process memory on the Linux platform. Proof of concept code included.
f04fc6f6465d117497efa31d8a63fc4eDeluge version 1.3.15 Webseeds and URL proof of concept denial of service exploits.
9f64dbbdfac374bc0b620f626702b39eEncrypt PDF version 2.3 denial of service proof of concept exploit.
2326961bd505b13e7eae95517f7b3012docPrint Pro version 8.0 denial of service proof of concept exploit.
8e8253c73d2b264fb1a3bdf1f1fd2fdbVeryPDF PCL Converter version 2.7 denial of service proof of concept exploit.
6cf05e04926b6d5742205ab6bfac9de7AbsoluteTelnet version 10.16 denial of service proof of concept exploit.
28c81a38f6f3277935775cb8a82d91b9
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed