what you don't know can hurt you
Showing 1 - 25 of 253 RSS Feed

Registry Files

Ubuntu Security Notice USN-5134-1
Posted Nov 9, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5134-1 - An information disclosure issue was discovered in the command line interface of Docker. A misconfigured credential store could result in supplied credentials being leaked to the public registry, when using the docker login command with a private registry.

tags | advisory, registry, info disclosure
systems | linux, ubuntu
advisories | CVE-2021-41092
MD5 | 6fefdf00f548781e13c2e78365347a9d
Red Hat Security Advisory 2021-4100-01
Posted Nov 2, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4100-01 - This release of Red Hat Integration - Service registry 2.0.2.GA serves as a replacement for 2.0.1.GA, and includes the below security fixes. Issues addressed include a cross site scripting vulnerability.

tags | advisory, registry, xss
systems | linux, redhat
advisories | CVE-2020-13956, CVE-2021-20289, CVE-2021-20293
MD5 | 754feedd1a70604cce602b17c7604884
Red Hat Security Advisory 2021-3338-01
Posted Aug 31, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3338-01 - Hivex is a library that can read and write Hive files, undocumented binary files that Windows uses to store the Windows Registry on disk.

tags | advisory, registry
systems | linux, redhat, windows
advisories | CVE-2021-3622
MD5 | 8b3c47c99f2d2556f90c9c2d5494ae8c
Red Hat Security Advisory 2021-2318-01
Posted Jun 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2318-01 - Hivex is a library that can read and write Hive files, undocumented binary files that Windows uses to store the Windows Registry on disk. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, registry
systems | linux, redhat, windows
advisories | CVE-2021-3504
MD5 | 88684e1028674d4fafd7f55608e62f64
Red Hat Security Advisory 2021-2039-01
Posted May 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2039-01 - This release of Red Hat Integration - Service registry 1.1.1.GA serves as a replacement for 1.1.0.GA, and includes the below security fixes. Issues addressed include XML injection and remote SQL injection vulnerabilities.

tags | advisory, remote, registry, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2020-14040, CVE-2020-25638, CVE-2020-25649
MD5 | a7f2b920bee53e427f11e78f85418989
Microsoft Windows Containers Host Registry Privilege Escalation
Posted Mar 10, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows Containers Host Registry Virtual Registry Provider does not correctly handle relative opens leading to a process in a server silo being able to access the host registry leading to elevation of privilege.

tags | exploit, registry
systems | windows
advisories | CVE-2021-26864
MD5 | 6305bd287c8bfb28100d961cbddfdabb
Microsoft Windows Server Silo Registry Key Symbolic Link Privilege Escalation
Posted Feb 10, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows has a privilege escalation vulnerability. When a process is running in a server silo, the checks for trusted hive registry key symbolic links is disabled leading to elevation of privilege.

tags | exploit, registry
systems | windows
advisories | CVE-2021-24096
MD5 | 91697f9020080e5254805aa5e5e1cc57
Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess Registry Key Creation / Privilege Escalation
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess function allows a user to create arbitrary registry keys in the .DEFAULT users hive leading to elevation of privilege.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2020-17103
MD5 | 1dedadce5dfb6b98c3be28c5271c765b
Ubuntu Security Notice USN-4589-2
Posted Oct 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4589-2 - USN-4589-1 fixed a vulnerability in containerd. This update provides the corresponding update for docker.io. It was discovered that containerd could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user's registry credentials. Various other issues were also addressed.

tags | advisory, remote, registry
systems | linux, ubuntu
advisories | CVE-2020-15157
MD5 | 0ff1cab3c8d8dd33e88294428bb3c3f2
Ubuntu Security Notice USN-4589-1
Posted Oct 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4589-1 - It was discovered that containerd could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user's registry credentials.

tags | advisory, remote, registry
systems | linux, ubuntu
advisories | CVE-2020-15157
MD5 | 6b7595a2ebb73feb35765b548371311f
DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation
Posted Sep 11, 2020
Authored by Imran Dawoodjee, Shay Ber | Site metasploit.com

This Metasploit module exploits a feature in the DNS service of Windows Server. Users of the DnsAdmins group can set the ServerLevelPluginDll value using dnscmd.exe to create a registry key at HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters\ named ServerLevelPluginDll that can be made to point to an arbitrary DLL.

tags | exploit, arbitrary, registry
systems | windows
MD5 | a9fb3457e349592a8a89e98cdf5e1403
Microsoft Windows CmpDoReadTxRBigLogRecord Memory Corruption Privilege Escalation
Posted Aug 21, 2020
Authored by James Forshaw, Google Security Research

The handling of KTM logs when initializing a Registry Hive contains no bounds checks which results in privilege escalation.

tags | exploit, registry
advisories | CVE-2020-1378
MD5 | 47cc29fc3f9a4152d374689e8d8dbe44
Microsoft Windows CmpDoReDoCreateKey Arbitrary Registry Key Creation Privilege Escalation
Posted Aug 21, 2020
Authored by James Forshaw, Google Security Research

The handling of KTM logs does not limit Registry Key operations to the loading hive leading to elevation of privilege.

tags | exploit, registry
advisories | CVE-2020-1377
MD5 | cde9e4062cc05fc18d17cf5eabad623b
Microsoft Windows Kernel Privilege Escalation
Posted Feb 28, 2020
Authored by nu11secur1ty

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tracing functionality used by the Routing and Remote Access service. The issue results from the lack of proper permissions on registry keys that control this functionality. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.

tags | exploit, remote, local, registry
systems | windows
advisories | CVE-2020-0668
MD5 | 10f155214b43543ed6228cacf1da3f77
Ubuntu Security Notice USN-4251-1
Posted Jan 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4251-1 - It was discovered that Tomcat incorrectly handled the RMI registry when configured with the JMX Remote Lifecycle Listener. A local attacker could possibly use this issue to obtain credentials and gain complete control over the Tomcat instance. It was discovered that Tomcat incorrectly handled FORM authentication. A remote attacker could possibly use this issue to perform a session fixation attack. Various other issues were also addressed.

tags | advisory, remote, local, registry
systems | linux, ubuntu
advisories | CVE-2019-12418, CVE-2019-17563
MD5 | 814d8cfa779825aef578ee7c98213d00
Trend Micro Security 2019 Security Bypass Protected Service Tampering
Posted Jan 17, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Trend Micro Maximum Security is vulnerable to arbitrary code execution as it allows for creation of registry key to target a process running as SYSTEM. This can allow a malware to gain elevated privileges to take over and shutdown services that require SYSTEM privileges like Trend Micros "Asmp" service "coreServiceShell.exe" which does not allow Administrators to tamper with them. This could allow an attacker or malware to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. Note administrator privileges are required to exploit this vulnerability.

tags | exploit, arbitrary, registry, code execution
advisories | CVE-2019-19697
MD5 | 8141cd4c6867deb8b0509555a9e089df
Windows Escalate UAC Protection Bypass
Posted Nov 18, 2019
Authored by enigma0x3, bwatters-r7 | Site metasploit.com

This Metasploit module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when Windows backup and restore is launched. It will spawn a second shell that has the UAC flag turned off. This module modifies a registry key, but cleans up the key once the payload has been invoked.

tags | exploit, shell, registry
systems | windows
MD5 | 4f1cab9439a2a2fee0bb0c73a655df7d
Red Hat Security Advisory 2019-2766-01
Posted Sep 12, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2766-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains updated container images for multus-cni, operator-lifecycle-manager, and operator-registry in Red Hat OpenShift Container Platform 4.1.15. Each of these container images includes gRPC, which has been updated with the fixes for unbounded memory growth issues.

tags | advisory, registry
systems | linux, redhat
advisories | CVE-2019-9512, CVE-2019-9514, CVE-2019-9515
MD5 | c8fd05d54898ac2bbe3b9a959a38b3e8
Windows 10 UAC Protection Bypass Via Windows Store (WSReset.exe) And Registry
Posted Sep 5, 2019
Authored by bwatters-r7, sailay1996, ACTIVELabs | Site metasploit.com

This Metasploit module exploits a flaw in the WSReset.exe file associated with the Windows Store. This binary has autoelevate privs, and it will run a binary file contained in a low-privilege registry location. By placing a link to the binary in the registry location, WSReset.exe will launch the binary as a privileged user.

tags | exploit, registry
systems | windows
MD5 | d470c356d7562ece1d5652e2d264a075
Microsoft Windows CmKeyBodyRemapToVirtualForEnum Arbitrary Key Enumeration
Posted May 21, 2019
Authored by James Forshaw, Google Security Research

The Microsoft Windows kernel's Registry Virtualization does not safely open the real key for a virtualization location leading to enumerating arbitrary keys resulting in privilege escalation.

tags | exploit, arbitrary, kernel, registry
systems | windows
advisories | CVE-2019-0881
MD5 | b9ac41d7a345cbb537b2a935197cf91b
Ubuntu Security Notice USN-3975-1
Posted May 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3975-1 - It was discovered that the BigDecimal implementation in OpenJDK performed excessive computation when given certain values. An attacker could use this to cause a denial of service. Corwin de Boor and Robert Xiao discovered that the RMI registry implementation in OpenJDK did not properly select the correct skeleton class in some situations. An attacker could use this to possibly escape Java sandbox restrictions. Various other issues were also addressed.

tags | advisory, java, denial of service, registry
systems | linux, ubuntu
advisories | CVE-2019-2602, CVE-2019-2684, CVE-2019-2697, CVE-2019-2698
MD5 | 521a7981d1b62cfdfcb3e98017ad5165
Ubuntu Security Notice USN-3939-2
Posted Apr 8, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3939-2 - USN-3939-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Michael Hanselmann discovered that Samba incorrectly handled registry files. A remote attacker could possibly use this issue to create new registry files outside of the share, contrary to expectations. Various other issues were also addressed.

tags | advisory, remote, registry
systems | linux, ubuntu
advisories | CVE-2019-3880
MD5 | f01e8ef513a32d37d1d80396a801fd67
Ubuntu Security Notice USN-3939-1
Posted Apr 8, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3939-1 - Michael Hanselmann discovered that Samba incorrectly handled registry files. A remote attacker could possibly use this issue to create new registry files outside of the share, contrary to expectations.

tags | advisory, remote, registry
systems | linux, ubuntu
advisories | CVE-2019-3880
MD5 | 77cab3f7f7d3545fc100f87df1d9bec4
VMware Host VMX Process COM Class Hijack Privilege Escalation
Posted Mar 25, 2019
Authored by James Forshaw, Google Security Research

The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user which results in the elevated process sharing resources such as COM registrations with the normal user who can modify the registry to force an arbitrary DLL to be loaded into the VMX process. Affects VMware Workstation Windows version 14.1.5 (on Windows 10). Also tested on VMware Player version 15.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2019-5512
MD5 | 89f47ed75e40cece6cb2c49cd4ca6364
Microsoft Windows .Reg File / Dialog Box Message Spoofing
Posted Mar 11, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

The Windows registry editor allows specially crafted .reg filenames to spoof the default registry dialog warning box presented to an end user. This can potentially trick unsavvy users into choosing the wrong selection shown on the dialog box. Furthermore, we can deny the registry editor its ability to show the default secondary status dialog box (Win 10), thereby hiding the fact that our attack was successful.

tags | exploit, spoof, registry
systems | windows
MD5 | 105ff93a7fefdb9d6ae572f2070820c3
Page 1 of 11
Back12345Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close