Twenty Year Anniversary
Showing 1 - 25 of 224 RSS Feed

Registry Files

Oracle WebLogic 12.1.2.0 Remote Code Execution
Posted Jul 9, 2018
Authored by bobsecq

Oracle WebLogic version 12.1.2.0 RMI registry UnicastRef object java deserialization remote code execution exploit.

tags | exploit, java, remote, registry, code execution
advisories | CVE-2017-3248
MD5 | 0b5ec20bae66318da834b3ae3e8f3db3
Microsoft Windows Desktop Bridge Virtual Registry Incomplete Fix
Posted Jun 20, 2018
Authored by James Forshaw, Google Security Research

The handling of the virtual registry for desktop bridge applications can allow an application to create arbitrary files as system resulting in privilege escalation. This is because the fix for CVE-2018-0880 (MSRC case 42755) did not cover all similar cases which were reported at the same time in the issue.

tags | exploit, arbitrary, registry
MD5 | 0c6e9aac6eb44da88353cc69fbad521f
Windows UAC Protection Bypass (Via Slui File Handler Hijack)
Posted May 31, 2018
Authored by bytecode-77, gushmazuko | Site metasploit.com

This Metasploit module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary (.exe) application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. When we run slui.exe with changed Registry key (HKCU:\Software\Classes\exefile\shell\open\command), it will run our custom command as Admin instead of slui.exe. The module modifies the registry in order for this exploit to work. The modification is reverted once the exploitation attempt has finished. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting the payload in a different process.

tags | exploit, shell, registry
systems | windows
MD5 | cbaf903a1f48babbbfdd55bd95607ccf
Microsoft Windows Desktop Bridge Privilege Escalation
Posted Mar 21, 2018
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a Desktop Bridge Virtual Registry NtLoadKey arbitrary file read / write privilege escalation vulnerability.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2018-0882
MD5 | df20338cea8e10f24722840588aeb572
Microsoft Windows Desktop Bridge Privilege Escalation
Posted Mar 21, 2018
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a Desktop Bridge Virtual Registry arbitrary file read / write privilege escalation vulnerability.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2018-0880
MD5 | 36bac421e1beb393d9761eff962189a2
Microsoft Windows Kernel REG_RESOURCE_REQUIREMENTS_LIST Memory Disclosure
Posted Mar 21, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a 64-bit pool memory disclosure vulnerability via REG_RESOURCE_REQUIREMENTS_LIST registry values.

tags | advisory, kernel, registry
systems | windows
advisories | CVE-2018-0900
MD5 | 2105a0202148dd8d1c7d110f3ebe6dc8
Microsoft Windows Kernel REG_RESOURCE_LIST Memory Disclosure
Posted Mar 21, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a 64-bit pool memory disclosure vulnerability via REG_RESOURCE_LIST registry values (videoprt.sys descriptors).

tags | advisory, kernel, registry
systems | windows
advisories | CVE-2018-0899
MD5 | a3291f506262cdeab2f6590a2c2a2c56
Microsoft Windows Kernel REG_RESOURCE_LIST Memory Disclosure
Posted Mar 21, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a 64-bit pool memory disclosure vulnerability via REG_RESOURCE_LIST registry values (CmResourceTypeDevicePrivate entries).

tags | advisory, kernel, registry
systems | windows
advisories | CVE-2018-0898
MD5 | ed32c0fa3b9a152d5de55a21b3957fdd
Asterisk Project Security Advisory - AST-2018-001
Posted Feb 21, 2018
Authored by Joshua Colp, Sebastien Duthil | Site asterisk.org

Asterisk Project Security Advisory - The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number these desired ones are still stored internally. When an RTP packet was received this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example the payload number resulted in a video codec but the stream carried audio) a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of the type would always exist.

tags | advisory, registry
advisories | CVE-2018-7285
MD5 | c2d13e4e6902f9085785bc357baaa195
Fortinet FortiClient VPN Credential Disclosure
Posted Dec 13, 2017
Authored by M. Li | Site sec-consult.com

FortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Above all, the aforementioned storage is world readable, which actually lays the foundation for the credential recovery. Versions prior to 4.4.2335 on Linux, 5.6.1 on Windows, and 5.6.1 on Mac OSX are vulnerable.

tags | exploit, registry
systems | linux, windows, apple
MD5 | 515984bab47162e05e8a7da2b63fa483
Oracle Java SE Wv8u131 Information Disclosure
Posted Nov 2, 2017
Authored by mr_me

Oracle Java SE installs a protocol handler in the registry as "HKEY_CLASSES_ROOT\jnlp\Shell\Open\Command\Default" 'C:\Program Files\Java\jre1.8.0_131\bin\jp2launcher.exe" -securejws "%1"'. This can allow allow an attacker to launch remote jnlp files with little user interaction. A malicious jnlp file containing a crafted XML XXE attack can be leveraged to disclose files, cause a denial of service or trigger SSRF. Versions v8u131 and below are affected.

tags | exploit, java, remote, denial of service, shell, registry, protocol, info disclosure, xxe
advisories | CVE-2017-10309
MD5 | 1e5c74e4370cfb11bd675efce53eb688
Red Hat Security Advisory 2017-2603-01
Posted Sep 5, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2603-01 - The docker-distribution package provides the tool set to support the Docker Registry version 2. The following packages have been upgraded to a later upstream version: docker-distribution. Security Fix: It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service.

tags | advisory, registry
systems | linux, redhat
advisories | CVE-2017-11468
MD5 | 376ccb3d1ffaf47a33b169a322c1dacc
Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)
Posted Aug 22, 2017
Authored by b33f, OJ Reeves, Matt Nelson | Site metasploit.com

This Metasploit module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entries are referenced resulting in the process loading user-controlled DLLs. These DLLs contain the payloads that result in elevated sessions. Registry key modifications are cleaned up after payload invocation. This Metasploit module requires the architecture of the payload to match the OS, but the current low-privilege Meterpreter session architecture can be different. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process. This Metasploit module invokes the target binary via cmd.exe on the target. Therefore if cmd.exe access is restricted, this module will not run correctly.

tags | exploit, registry
systems | windows
MD5 | 73fea9d04345bcd15b0dc980da1ce0e1
Red Hat Security Advisory 2017-2424-01
Posted Aug 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2424-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.

tags | advisory, java, remote, arbitrary, registry
systems | linux, redhat
advisories | CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10135, CVE-2017-10243
MD5 | 8fab5bbc58eb39d0cc32ab4140264366
Red Hat Security Advisory 2017-1789-01
Posted Jul 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1789-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.

tags | advisory, java, remote, arbitrary, registry
systems | linux, redhat
advisories | CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10115, CVE-2017-10116, CVE-2017-10135, CVE-2017-10193, CVE-2017-10198
MD5 | 90fc7883aa9067bf9f49ed06e8ab701c
Windows UAC Protection Bypass (Via FodHelper Registry Key)
Posted Jun 7, 2017
Authored by amaloteaux, winscriptingblog | Site metasploit.com

This Metasploit module will bypass Windows 10 UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows fodhelper.exe application is launched. It will spawn a second shell that has the UAC flag turned off. This Metasploit module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process.

tags | exploit, shell, registry
systems | windows
MD5 | b20812c1abf3d3375be101013cd12af0
Red Hat Security Advisory 2017-0269-01
Posted Feb 13, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0269-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties.

tags | advisory, java, remote, arbitrary, registry
systems | linux, redhat
advisories | CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289
MD5 | 8faae7138b045d45be1d06c53b01bd61
Red Hat Security Advisory 2017-0180-01
Posted Jan 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0180-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties.

tags | advisory, java, remote, arbitrary, registry
systems | linux, redhat
advisories | CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289
MD5 | a0049716ba1a2f0004ddcc44b4624678
Enigma Fileless UAC Bypass
Posted Jan 9, 2017
Authored by r00t-3xp10it, mattifestation, enigma0x3 | Site metasploit.com

This Metasploit module is an implementation of fileless uac bypass using cmd.exe instead of powershell.exe (OJ msf module). This module will create the required registry entry in the current user's hive, set the default value to whatever you pass via the EXEC_COMMAND parameter, and runs eventvwr.exe (hijacking the process being started to gain code execution).

tags | exploit, registry, code execution
MD5 | 862cbc79ab67b7fbac67a90c5c966e37
Mac OS IOKit Registry Code Execution
Posted Dec 22, 2016
Authored by Google Security Research, ianbeer

Mac OS suffers from a kernel code execution vulnerability due to writable privileged IOKit registry properties.

tags | exploit, kernel, registry, code execution
advisories | CVE-2016-7617
MD5 | ecbd7adf845d4a2d59727883b5a96837
Windows Escalate UAC Protection Bypass
Posted Dec 2, 2016
Authored by Matt Graeber, OJ Reeves, Matt Nelson | Site metasploit.com

This Metasploit module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows Event Viewer is launched. It will spawn a second shell that has the UAC flag turned off. This Metasploit module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process.

tags | exploit, shell, registry
systems | windows
MD5 | e6e7b2e95e14423e3c1de3ad6c4d3284
Windows Kernel Registry Hive Loading nt!RtlEqualSid Out-Of-Bounds Read
Posted Nov 15, 2016
Authored by Google Security Research, mjurczyk

A Windows kernel crash can occur in the nt!RtlEqualSid function invoked through nt!SeAccessCheck by nt!CmpCheckSecurityCellAccess while loading corrupted registry hive files.

tags | exploit, kernel, registry
systems | windows
advisories | CVE-2016-7216
MD5 | c0756254e4e1ccc1568e1ae96ebe1bbe
Windows Kernel Registry Hive Arbitrary Read
Posted Oct 20, 2016
Authored by Google Security Research, mjurczyk

Windows Kernel Registry Hive loading suffers from a relative arbitrary read in nt!RtlValidRelativeSecurityDescriptor.

tags | exploit, arbitrary, kernel, registry
systems | windows
advisories | CVE-2016-3376
MD5 | 89aef03658496a8e3114b2e1b8361710
Windows Kernel Registry Hive Loading Negative Size
Posted Oct 20, 2016
Authored by Google Security Research, mjurczyk

Windows Kernel Registry Hive loading suffers from a negative RtlMoveMemory size in nt!CmpCheckValueList.

tags | exploit, kernel, registry
systems | windows
advisories | CVE-2016-0070
MD5 | 74b6353203597505db100939eaba9fd4
Windows NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation
Posted Oct 19, 2016
Authored by Google Security Research, forshaw

NtLoadKeyEx takes a flag to open a registry hive read only, if one of the hive files cannot be opened for read access it will revert to write mode and also impersonate the calling process. This can leading to elevation of privilege if a user controlled hive is opened in a system service.

tags | exploit, registry
advisories | CVE-2016-0079
MD5 | 1df9217976f58a92f0a890a61a8508f2
Page 1 of 9
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close