Mon, 06 Aug 2018 09:22:22 GMT
VMware Security Advisory 2018-0019
VMware Security Advisory 2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability.
Mon, 06 Aug 2018 05:44:44 GMT
Microsoft Windows SCF File Feature Bypass
Microsoft Windows suffers from an SCF open file security warning feature bypass vulnerability.
Mon, 06 Aug 2018 03:33:33 GMT
SMPlayer 18.6.0 DLL Hijacking
SMPlayer version 18.6.0 suffers from a dll hijacking vulnerability.
Sun, 05 Aug 2018 03:22:22 GMT
Sidify Music Converter 1.2.9 DLL Hijacking
Sidify Music Converter version 1.2.9 suffers from a dll hijacking vulnerability.
Thu, 02 Aug 2018 03:33:33 GMT
Fortinet FortiClient 5.2.3 Local Privilege Escalation
Fortinet FortiClient version 5.2.3 (Windows 10 x64 Creators) suffers from a local privilege escalation vulnerability.
Thu, 02 Aug 2018 01:11:11 GMT
VMWare Player 12.5.9 Privilege Escalation / Denial Of Service
VMWare Player version 12.5.9 suffers from denial of service and privilege escalation vulnerabilities.
Mon, 30 Jul 2018 04:02:22 GMT
VMWare Player 7.1.3 DLL Hijacking
VMWare Player version 7.1.3 suffers from a dll hijacking vulnerability.
Tue, 24 Jul 2018 18:39:14 GMT
Microsoft Windows Kernel win32k!NtUserConsoleControl Denial Of Service
Microsoft Windows Kernel win32k!NtUserConsoleControl denial of service proof of concept exploit.
Tue, 24 Jul 2018 18:20:10 GMT
Microsoft Windows Kernel Malformed GPOS Table Buffer Overflow
The Microsoft Windows kernel suffers from an OTF font processing pool-based buffer overflow via a malformed GPOS table in ATMFD.DLL.
Mon, 23 Jul 2018 04:44:44 GMT
Sourcetree Remote Code Execution
Sourcetree suffers from multiple remote code execution vulnerabilities related to git submodules and argument injection. macOS versions 1.0b2 up to 2.7.6 and Windows versions 0.5.1.0 up to 2.6.10 are affected.
Thu, 19 Jul 2018 01:55:38 GMT
Windows Speech Recognition 184.108.40.2062 Buffer Overflow
Windows Speech Recognition version 220.127.116.112 suffers from a buffer overflow vulnerability.
Mon, 16 Jul 2018 14:30:02 GMT
Wireshark Analyzer 2.6.2
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
Mon, 16 Jul 2018 14:27:56 GMT
Microsoft Windows Enterprise Mode Site List 1/2 XML Injection
Microsoft Windows Enterprise Mode Site List Manager versions 1 and 2 suffer from an XML external entity injection vulnerability.
Tue, 10 Jul 2018 14:02:22 GMT
Microsoft Windows .library-ms Information Disclosure
Library description files are XML files that define libraries. Libraries aggregate items from local and remote storage locations into a single view in Windows Explorer. Library description files follow the Library Description schema and are saved as *.library-ms files. The .library-ms filetype triggers forced authentication when a user/client accesses a remote share that houses an attacker supplied ".library-ms" file, disclosing credential hashes and other identifiable computer informations.
Mon, 09 Jul 2018 23:22:22 GMT
Apple Security Advisory 2018-7-9-7
Apple Security Advisory 2018-7-9-7 - iTunes 12.8 for Windows is now available and addresses code execution and denial of service vulnerabilities.
Mon, 02 Jul 2018 19:59:22 GMT
Apple Security Advisory 2018-7-9-6
Apple Security Advisory 2018-7-9-6 - iCloud for Windows 7.6 is now available and addresses code execution and denial of service vulnerabilities.
Fri, 29 Jun 2018 01:11:11 GMT
Microsoft Windows Kernel (win32k.sys) Local Denial Of Service
Microsoft Windows Kernel (win32k.sys) suffers from a local denial of service null pointer vulnerability in NtUserConsoleControl.
Tue, 26 Jun 2018 16:07:09 GMT
Microsoft Windows ADODB.Record Object File Overwrite
Microsoft Windows suffers from an ADODB.Record object file overwrite vulnerability. The password for the proof of concept zip is adorecord.
Thu, 21 Jun 2018 20:37:56 GMT
Quest KACE Systems Management Command Injection
This Metasploit module exploits a command injection vulnerability in Quest KACE Systems Management Appliance version 8.0.318 (and possibly prior). The download_agent_installer.php file allows unauthenticated users to execute arbitrary commands as the web server user www. A valid Organization ID is required. The default value is 1. A valid Windows agent version number must also be provided. If file sharing is enabled, the agent versions are available within the \\kace.local\client\agent_provisioning\windows_platform Samba share. Additionally, various agent versions are listed on the KACE website. This Metasploit module has been tested successfully on Quest KACE Systems Management Appliance K1000 version 8.0 (Build 8.0.318).
Mon, 18 Jun 2018 23:44:12 GMT
IPConfigure Orchid VMS 2.0.5 Directory Traversal / Information Disclosure
Orchid Core VMS is vulnerable to a directory traversal attack. This affects Linux and Windows operating systems. This allows a remote, unauthenticated attacker to send crafted GET requests to the application, which results in the ability to read arbitrary files outside of the applications web directory. This issue is further compounded as the Linux version of Orchid Core VMS application is running in context of a user in the sudoers group. As such, any file on the underlying system, for which the location is known, can be read. This Metasploit module was tested against 2.0.5. This has been fixed in 2.0.6.
Thu, 14 Jun 2018 03:33:33 GMT
Microsoft COM For Windows Improper Serialized Object Handling
Microsoft COM for Windows privilege escalation proof of concept exploit. A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how "Microsoft COM for Windows" handles serialized objects.
Wed, 13 Jun 2018 13:33:33 GMT
EggHunter Buffer Overflow For Windows
Whitepaper called EggHunter Buffer Overflow for Windows. Written in Arabic.
Wed, 06 Jun 2018 20:22:22 GMT
Microsoft Windows 10 1709 Child Process Restriction Mitigation Bypass
Microsoft Windows 10 version 1709 suffers from a child process restriction mitigation bypass vulnerability.
Mon, 04 Jun 2018 16:10:27 GMT
Microsoft Windows 10 scrrun.dll Active-X Creation / Deletion Issues
scrrun.dll on Microsoft Windows 10 suffers from file creation, folder creation, and folder deletion vulnerabilities.
Apple Security Advisory 2018-06-01-7
Apple Security Advisory 2018-06-01-7 - iTunes 12.7.5 for Windows addresses buffer overflow and code execution vulnerabilities.
view page: 193