Thu, 24 May 2018 18:39:24 GMT
Apple Security Advisory 2018-06-01-3
Apple Security Advisory 2018-06-01-3 - iCloud for Windows 7.5 is now available and addresses buffer overflow and code execution vulnerabilities.
Wed, 09 May 2018 17:52:18 GMT
Microsoft Internet Explorer 11 Vbscript Code Execution
Microsoft Internet Explorer 11 on Windows 7 x64/x86 suffers from a vbscript code execution vulnerability.
Mon, 07 May 2018 18:17:29 GMT
Microsoft Windows FxCop 12 XXE Injection
Microsoft FxCop versions 10 through 12 are vulnerable to XML injection attacks allowing local file ex-filtration and or NTLM hash theft. Tested in Windows 7 and Windows 10 download SDK it works in both.
Mon, 07 May 2018 18:15:09 GMT
PlaySMS import.php Code Execution
This Metasploit module exploits an authenticated file upload remote code execution vulnerability in PlaySMS version 1.4. This issue is caused by improper file contents handling in import.php (aka the Phonebook import feature). Authenticated Users can upload a CSV file containing a malicious payload via vectors involving the User-Agent HTTP header and PHP code in the User-Agent. This Metasploit module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7.
Fri, 04 May 2018 01:51:35 GMT
PlaySMS sendfromfile.php Code Execution
This Metasploit module exploits a code injection vulnerability within an authenticated file upload feature in PlaySMS version 1.4. This issue is caused by improper file name handling in sendfromfile.php file. Authenticated Users can upload a file and rename the file with a malicious payload. This Metasploit module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7.
Tue, 03 Apr 2018 23:02:22 GMT
Windows WMI Recieve Notification
This Metasploit module exploits an uninitialized stack variable in the WMI subsystem of ntoskrnl. This Metasploit module has been tested on vulnerable builds of Windows 7 SP0 x64 and Windows 7 SP1 x64.
Fri, 30 Mar 2018 15:56:03 GMT
ProcessMaker Plugin Code Execution
This Metasploit module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code as the web server user. Credentials for a valid user account with Administrator roles is required to run this module. This Metasploit module has been tested successfully on ProcessMaker versions 1.6-4276, 2.0.23, 3.0 RC 1, 3.2.0, 3.2.1 on Windows 7 SP 1; and version 3.2.0 on Debian Linux 8.
Mon, 26 Mar 2018 23:23:23 GMT
Apple Security Advisory 2018-3-29-8
Apple Security Advisory 2018-3-29-8 - iCloud for Windows 7.4 is now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.
Fri, 23 Feb 2018 17:54:12 GMT
ClipBucket beats_uploader Unauthenticated Arbitrary File Upload
This Metasploit module exploits a vulnerability found in ClipBucket versions before 4.0.0 (Release 4902). A malicious file can be uploaded using an unauthenticated arbitrary file upload vulnerability. It is possible for an attacker to upload a malicious script to issue operating system commands. This issue is caused by improper session handling in /action/beats_uploader.php file. This Metasploit module was tested on ClipBucket before 4.0.0 - Release 4902 on Windows 7 and Kali Linux.
Fri, 23 Feb 2018 17:52:49 GMT
Disk Savvy Enterprise 10.4.18 Buffer Ovreflow
This Metasploit module exploits a stack-based buffer overflow vulnerability in Disk Savvy Enterprise version 10.4.18, caused by improper bounds checking of the request sent to the built-in server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
Thu, 25 Jan 2018 01:51:41 GMT
CloudMe Sync 1.10.9 Buffer Overflow
This Metasploit module exploits a stack-based buffer overflow vulnerability in the CloudMe Sync version 1.10.9 client application. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
Fri, 12 Jan 2018 00:02:22 GMT
Apple Security Advisory 2018-1-23-7
Apple Security Advisory 2018-1-23-7 - iCloud for Windows 7.3 is now available and addresses code execution vulnerabilities.
Wed, 10 Jan 2018 01:28:53 GMT
ALLMediaServer 0.95 Stack Buffer Overflow
ALLMediaServer version 0.95 stack buffer overflow exploit with DEP bypass on Windows 7 x64.
Wed, 10 Jan 2018 01:27:24 GMT
HPE iMC dbman RestoreDBase Unauthenticated Remote Command Execution
This Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restore a user-specified database (OpCode 10007), however the database connection username is not sanitized resulting in command injection, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This Metasploit module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN).
Wed, 20 Dec 2017 16:05:36 GMT
HPE iMC dbman RestartDB Unauthenticated Remote Command Execution
This Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restart a user-specified database instance (OpCode 10008), however the instance ID is not sanitized, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This Metasploit module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN).
Sat, 16 Dec 2017 02:33:33 GMT
Microsoft Windows Kernel Ring-0 Address Leak
It was discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory system call (information class 2, MemoryMappedFilenameInformation). The vulnerability affects Windows 7 to 10, 32-bit and 64-bit.
Wed, 01 Nov 2017 15:50:11 GMT
Apple Security Advisory 2017-12-13-3
Apple Security Advisory 2017-12-13-3 - iCloud for Windows 7.2 is now available and addresses code execution and privacy issues.
Thu, 28 Sep 2017 00:15:56 GMT
Apple Security Advisory 2017-10-31-7
Apple Security Advisory 2017-10-31-7 - iCloud for Windows 7.1 is now available and addresses multiple code execution vulnerabilities.
Tue, 08 Aug 2017 13:02:22 GMT
Apple Security Advisory 2017-09-25-2
Apple Security Advisory 2017-09-25-2 - iCloud for Windows 7 is now available and addresses memory corruption, arbitrary code execution, and various other vulnerabilities.
Sat, 22 Jul 2017 02:23:54 GMT
Demystifying Windows Kernel Exploitation By Abusing GDI Objects
Demystifying Windows Kernel Exploitation by Abusing GDI Objects. This has the Windows 7 SP1 x86 exploit demonstrated at Defcon 25.
Wed, 19 Jul 2017 14:44:44 GMT
Metasploit RPC Console Command Execution
This Metasploit module connects to a specified Metasploit RPC server and uses the 'console.write' procedure to execute operating system commands. Valid credentials are required to access the RPC interface. This Metasploit module has been tested successfully on Metasploit 4.15 on Kali 1.0.6; Metasploit 4.14 on Kali 2017.1; and Metasploit 4.14 on Windows 7 SP1.
Tue, 18 Jul 2017 09:22:22 GMT
Microsoft Windows 7 SP1 x86 GDI Palette Objects Local Privilege Escalation
Microsoft Windows 7 SP1 x86 GDI palette objects local privilege escalation exploit that leverages the vulnerability as described in MS17-017.
Wed, 07 Jun 2017 13:47:58 GMT
Microsoft Internet Explorer 11 CMarkup::DestroySplayTree Memory Corruption
Microsoft Internet Explorer suffers from a memory corruption vulnerability in CMarkup::DestroySplayTree. The bug was confirmed on IE version 11.0.9600.18617 (Update version 11.0.40) running on Windows 7 64-bit.
Tue, 23 May 2017 00:12:02 GMT
EternalBlue Exploit Analysis And Port To Microsoft Windows 10
On April 14, 2017, the Shadow Brokers Group released the FUZZBUNCH framework, an exploitation toolkit for Microsoft Windows. The toolkit was allegedly written by the Equation Group, a highly sophisticated threat actor suspected of being tied to the United States National Security Agency (NSA). The framework included ETERNALBLUE, a remote kernel exploit originally targeting the Server Message Block (SMB) service on Microsoft Windows XP (Server 2003) and Microsoft Windows 7 (Server 2008 R2). In this paper, the RiskSense Cyber Security Research team analyzes how using wrong-sized CPU registers leads to a seemingly innocuous mathematical miscalculation. This causes a chain reaction domino effect ultimately culminating in code execution, making ETERNALBLUE one of the most complex exploits ever written. They will discuss what was necessary to port the exploit to Microsoft Windows 10, and future mitigations Microsoft has already deployed, which can prevent vulnerabilities of this class from being exploited in the future. The FUZZBUNCH version of the exploit contains an Address Space Layout Randomization (ASLR) bypass, and the Microsoft Windows 10 version required an additional Data Execution Prevention (DEP) bypass not needed in the original exploit.
VX Search Enterprise GET Buffer Overflow
This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of VX Search Enterprise v9.5.12, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
view page: 180