Twenty Year Anniversary
Showing 1 - 25 of 221 RSS Feed

Registry Files

Microsoft Windows Desktop Bridge Privilege Escalation
Posted Mar 21, 2018
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a Desktop Bridge Virtual Registry NtLoadKey arbitrary file read / write privilege escalation vulnerability.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2018-0882
MD5 | df20338cea8e10f24722840588aeb572
Microsoft Windows Desktop Bridge Privilege Escalation
Posted Mar 21, 2018
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a Desktop Bridge Virtual Registry arbitrary file read / write privilege escalation vulnerability.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2018-0880
MD5 | 36bac421e1beb393d9761eff962189a2
Microsoft Windows Kernel REG_RESOURCE_REQUIREMENTS_LIST Memory Disclosure
Posted Mar 21, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a 64-bit pool memory disclosure vulnerability via REG_RESOURCE_REQUIREMENTS_LIST registry values.

tags | advisory, kernel, registry
systems | windows
advisories | CVE-2018-0900
MD5 | 2105a0202148dd8d1c7d110f3ebe6dc8
Microsoft Windows Kernel REG_RESOURCE_LIST Memory Disclosure
Posted Mar 21, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a 64-bit pool memory disclosure vulnerability via REG_RESOURCE_LIST registry values (videoprt.sys descriptors).

tags | advisory, kernel, registry
systems | windows
advisories | CVE-2018-0899
MD5 | a3291f506262cdeab2f6590a2c2a2c56
Microsoft Windows Kernel REG_RESOURCE_LIST Memory Disclosure
Posted Mar 21, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a 64-bit pool memory disclosure vulnerability via REG_RESOURCE_LIST registry values (CmResourceTypeDevicePrivate entries).

tags | advisory, kernel, registry
systems | windows
advisories | CVE-2018-0898
MD5 | ed32c0fa3b9a152d5de55a21b3957fdd
Asterisk Project Security Advisory - AST-2018-001
Posted Feb 21, 2018
Authored by Joshua Colp, Sebastien Duthil | Site asterisk.org

Asterisk Project Security Advisory - The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number these desired ones are still stored internally. When an RTP packet was received this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example the payload number resulted in a video codec but the stream carried audio) a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of the type would always exist.

tags | advisory, registry
advisories | CVE-2018-7285
MD5 | c2d13e4e6902f9085785bc357baaa195
Fortinet FortiClient VPN Credential Disclosure
Posted Dec 13, 2017
Authored by M. Li | Site sec-consult.com

FortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Above all, the aforementioned storage is world readable, which actually lays the foundation for the credential recovery. Versions prior to 4.4.2335 on Linux, 5.6.1 on Windows, and 5.6.1 on Mac OSX are vulnerable.

tags | exploit, registry
systems | linux, windows, apple
MD5 | 515984bab47162e05e8a7da2b63fa483
Oracle Java SE Wv8u131 Information Disclosure
Posted Nov 2, 2017
Authored by mr_me

Oracle Java SE installs a protocol handler in the registry as "HKEY_CLASSES_ROOT\jnlp\Shell\Open\Command\Default" 'C:\Program Files\Java\jre1.8.0_131\bin\jp2launcher.exe" -securejws "%1"'. This can allow allow an attacker to launch remote jnlp files with little user interaction. A malicious jnlp file containing a crafted XML XXE attack can be leveraged to disclose files, cause a denial of service or trigger SSRF. Versions v8u131 and below are affected.

tags | exploit, java, remote, denial of service, shell, registry, protocol, info disclosure, xxe
advisories | CVE-2017-10309
MD5 | 1e5c74e4370cfb11bd675efce53eb688
Red Hat Security Advisory 2017-2603-01
Posted Sep 5, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2603-01 - The docker-distribution package provides the tool set to support the Docker Registry version 2. The following packages have been upgraded to a later upstream version: docker-distribution. Security Fix: It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service.

tags | advisory, registry
systems | linux, redhat
advisories | CVE-2017-11468
MD5 | 376ccb3d1ffaf47a33b169a322c1dacc
Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)
Posted Aug 22, 2017
Authored by b33f, OJ Reeves, Matt Nelson | Site metasploit.com

This Metasploit module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entries are referenced resulting in the process loading user-controlled DLLs. These DLLs contain the payloads that result in elevated sessions. Registry key modifications are cleaned up after payload invocation. This Metasploit module requires the architecture of the payload to match the OS, but the current low-privilege Meterpreter session architecture can be different. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process. This Metasploit module invokes the target binary via cmd.exe on the target. Therefore if cmd.exe access is restricted, this module will not run correctly.

tags | exploit, registry
systems | windows
MD5 | 73fea9d04345bcd15b0dc980da1ce0e1
Red Hat Security Advisory 2017-2424-01
Posted Aug 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2424-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.

tags | advisory, java, remote, arbitrary, registry
systems | linux, redhat
advisories | CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10135, CVE-2017-10243
MD5 | 8fab5bbc58eb39d0cc32ab4140264366
Red Hat Security Advisory 2017-1789-01
Posted Jul 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1789-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.

tags | advisory, java, remote, arbitrary, registry
systems | linux, redhat
advisories | CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10115, CVE-2017-10116, CVE-2017-10135, CVE-2017-10193, CVE-2017-10198
MD5 | 90fc7883aa9067bf9f49ed06e8ab701c
Windows UAC Protection Bypass (Via FodHelper Registry Key)
Posted Jun 7, 2017
Authored by amaloteaux, winscriptingblog | Site metasploit.com

This Metasploit module will bypass Windows 10 UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows fodhelper.exe application is launched. It will spawn a second shell that has the UAC flag turned off. This Metasploit module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process.

tags | exploit, shell, registry
systems | windows
MD5 | b20812c1abf3d3375be101013cd12af0
Red Hat Security Advisory 2017-0269-01
Posted Feb 13, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0269-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties.

tags | advisory, java, remote, arbitrary, registry
systems | linux, redhat
advisories | CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289
MD5 | 8faae7138b045d45be1d06c53b01bd61
Red Hat Security Advisory 2017-0180-01
Posted Jan 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0180-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties.

tags | advisory, java, remote, arbitrary, registry
systems | linux, redhat
advisories | CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289
MD5 | a0049716ba1a2f0004ddcc44b4624678
Enigma Fileless UAC Bypass
Posted Jan 9, 2017
Authored by r00t-3xp10it, mattifestation, enigma0x3 | Site metasploit.com

This Metasploit module is an implementation of fileless uac bypass using cmd.exe instead of powershell.exe (OJ msf module). This module will create the required registry entry in the current user's hive, set the default value to whatever you pass via the EXEC_COMMAND parameter, and runs eventvwr.exe (hijacking the process being started to gain code execution).

tags | exploit, registry, code execution
MD5 | 862cbc79ab67b7fbac67a90c5c966e37
Mac OS IOKit Registry Code Execution
Posted Dec 22, 2016
Authored by Google Security Research, ianbeer

Mac OS suffers from a kernel code execution vulnerability due to writable privileged IOKit registry properties.

tags | exploit, kernel, registry, code execution
advisories | CVE-2016-7617
MD5 | ecbd7adf845d4a2d59727883b5a96837
Windows Escalate UAC Protection Bypass
Posted Dec 2, 2016
Authored by Matt Graeber, OJ Reeves, Matt Nelson | Site metasploit.com

This Metasploit module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows Event Viewer is launched. It will spawn a second shell that has the UAC flag turned off. This Metasploit module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process.

tags | exploit, shell, registry
systems | windows
MD5 | e6e7b2e95e14423e3c1de3ad6c4d3284
Windows Kernel Registry Hive Loading nt!RtlEqualSid Out-Of-Bounds Read
Posted Nov 15, 2016
Authored by Google Security Research, mjurczyk

A Windows kernel crash can occur in the nt!RtlEqualSid function invoked through nt!SeAccessCheck by nt!CmpCheckSecurityCellAccess while loading corrupted registry hive files.

tags | exploit, kernel, registry
systems | windows
advisories | CVE-2016-7216
MD5 | c0756254e4e1ccc1568e1ae96ebe1bbe
Windows Kernel Registry Hive Arbitrary Read
Posted Oct 20, 2016
Authored by Google Security Research, mjurczyk

Windows Kernel Registry Hive loading suffers from a relative arbitrary read in nt!RtlValidRelativeSecurityDescriptor.

tags | exploit, arbitrary, kernel, registry
systems | windows
advisories | CVE-2016-3376
MD5 | 89aef03658496a8e3114b2e1b8361710
Windows Kernel Registry Hive Loading Negative Size
Posted Oct 20, 2016
Authored by Google Security Research, mjurczyk

Windows Kernel Registry Hive loading suffers from a negative RtlMoveMemory size in nt!CmpCheckValueList.

tags | exploit, kernel, registry
systems | windows
advisories | CVE-2016-0070
MD5 | 74b6353203597505db100939eaba9fd4
Windows NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation
Posted Oct 19, 2016
Authored by Google Security Research, forshaw

NtLoadKeyEx takes a flag to open a registry hive read only, if one of the hive files cannot be opened for read access it will revert to write mode and also impersonate the calling process. This can leading to elevation of privilege if a user controlled hive is opened in a system service.

tags | exploit, registry
advisories | CVE-2016-0079
MD5 | 1df9217976f58a92f0a890a61a8508f2
Windows DeviceApi CMApi PiCMOpenClassKey IOCTL Privilege Escalation
Posted Oct 17, 2016
Authored by Google Security Research, forshaw

The Windows DeviceApi CMApi PiCMOpenClassKey IOCTL allows a normal user to create arbitrary registry keys in the system hive leading to elevation of privilege.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2016-0075
MD5 | 911d8189dbd28b3831aea3acd9cf75ab
Windows DeviceApi CMApi Privilege Escalation
Posted Oct 17, 2016
Authored by Google Security Research, forshaw

The Windows DeviceApi CMApi PnpCtxRegOpenCurrentUserKey function doesn't check the impersonation level of the current effective token allowing a normal user to create arbitrary registry keys in another user's loaded hive leading to elevation of privilege.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2016-0073
MD5 | e4cb23364b93db7f73f47786db17ed0b
NETGATE Registry Cleaner 16.0.205 Privilege Escalation
Posted Oct 15, 2016
Authored by Amir.ght

NETGATE Registry Cleaner build 16.0.205 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit, registry
MD5 | 41cd78b58d1eb91f1ddb6df8074207fd
Page 1 of 9
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

May 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    17 Files
  • 3
    May 3rd
    30 Files
  • 4
    May 4th
    29 Files
  • 5
    May 5th
    2 Files
  • 6
    May 6th
    3 Files
  • 7
    May 7th
    13 Files
  • 8
    May 8th
    27 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    15 Files
  • 11
    May 11th
    8 Files
  • 12
    May 12th
    2 Files
  • 13
    May 13th
    8 Files
  • 14
    May 14th
    7 Files
  • 15
    May 15th
    43 Files
  • 16
    May 16th
    19 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    3 Files
  • 20
    May 20th
    7 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    40 Files
  • 23
    May 23rd
    64 Files
  • 24
    May 24th
    55 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close