792 matches found
Shopify: Arbitrary write on s3://shopify-delivery-app-storage/files
Short ==== The policy used to upload files via the Delivery app is too generic which results in an arbitrary write and replace of files in the files/ directory. Disclaimer: While I was unable to create a second store to fully test this I can't create new development stores right now, support is...
Kaspersky AntiVirus - UPX Parsing Memory Corruption
Source: https://code.google.com/p/google-security-research/issues/detail?id=527 While fuzzing UPX packed files, this crash was discovered resulting in an arbitrary stack-relative write. This vulnerability is obviously remotely exploitable for remote code execution as NT AUTHORITY\SYSTEM. First...
VBox Satellite Express Arbitrary Write Privilege Escalation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation Title: VBox Satellite Express Arbitrary Write Privilege Escalation Advisory ID: KL-001-2015-005 Publication Date: 2015.09.16 Publication URL:...
VBox Satellite Express 2.3.17.3 - Arbitrary Write Vulnerability
A vulnerability within the ndvbs module allows an attacker to inject memory they control into an arbitrary location they define. This vulnerability can be used to overwrite function pointers in HalDispatchTable resulting in an elevation of privilege. suffers from code execution, and local file...
GNU Parallel Arbitrary File Write Vulnerability
GNU Parallel is a set of shell tools developed by the GNU Project that can be used to parallelize the execution of jobs on a single or multiple machines. A security vulnerability exists in versions prior to GNU Parallel 20150422. When the program uses multiple commands --pipe, --tmux, --cat,...
SUSE SLED10 / SLES10 Security Update : PostgreSQL (SUSE-SU-2012:1336-1)
PostgreSQL was updated to the latest stable release 8.1.23, fixing various bugs and security issues. The following security issues have been fixed : - CVE-2012-3488: This update fixes arbitrary read and write of files via XSL functionality. - CVE-2012-2655: postgresql: denial of service stack...
SoftSphere DefenseWall FWIPS 3.24 - Local Privilege Escalation
SoftSphere DefenseWall FWIPS 3.24 - Local Privilege Escalation / Exploit Title - SoftSphere DefenseWall FW/IPS Arbitrary Write Privilege Escalation Date - 10th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.softsphere.com Tested Version - 3.24 Driver Version -...
SoftSphere DefenseWall FW/IPS 3.24 - Privilege Escalation Exploit
Exploit for windows platform in category local exploits / Exploit Title - SoftSphere DefenseWall FW/IPS Arbitrary Write Privilege Escalation Date - 10th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.softsphere.com Tested Version - 3.24 Driver Version - 3.2.3.0...
SoftSphere DefenseWall FW/IPS 3.24 - Local Privilege Escalation
/ Exploit Title - SoftSphere DefenseWall FW/IPS Arbitrary Write Privilege Escalation Date - 10th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.softsphere.com Tested Version - 3.24 Driver Version - 3.2.3.0 - dwall.sys Tested on OS - 32bit Windows XP SP3 OSVDB -...
pigz: arbitrary write to files
The package pigz before version 2.3.3-1 is vulnerable to multiple directory traversal vulnerabilities. That allows remote attackers to write to arbitrary files via a 1 full pathname or 2 .. dot dot in an archive...
Windows tcpip.sys Arbitrary Write Privilege Escalation Exploit
A vulnerability within the Microsoft TCP/IP protocol driver tcpip.sys, can allow an attacker to inject controlled memory into an arbitrary location within the kernel. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
AVG Internet Security 2015.0.5315 Privilege Escalation
/ Exploit Title - AVG Internet Security 2015 Arbitrary Write Privilege Escalation Date - 04th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.avg.com/ Tested Version - 2015.0.5315 Driver Version - 15.0.0.5204 - avgtdix.sys Tested on OS - 32bit Windows XP SP3 OSV...
BullGuard 14.1.285.4 Privilege Escalation
/ Exploit Title - BullGuard Multiple Products Arbitrary Write Privilege Escalation Date - 04th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.bullguard.com/ Tested Version - 14.1.285.4 Driver Version - 1.0.0.6 - BdAgent.sys Tested on OS - 32bit Windows XP SP3...
Arbitrary Write Privilege Elevation Vulnerability in Multiple BullGuard Products
BullGuard bdagent.sys is an antivirus program. An arbitrary write elevation of privilege vulnerability exists in several BullGuard products that allows local users to write data to arbitrary storage units and gain privileges via crafted 0x0022405c IOCTL calls...
Windows tcpip.sys Arbitrary Write Privilege Escalation
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/local/windowskernel' require 'rex' class Metasploit3 'Windows tcpip.sys Arbitrary Write Privilege Escalation', 'Description' ...
Arbitrary Write Privilege Elevation Vulnerability in Various K7 Computing Products
K7 Computing is an antivirus program. An arbitrary write elevation of privilege vulnerability exists in several K7 Computing products that allows a local user to write to arbitrary memory locations and gain elevated privileges by crafting 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac...
Microsoft-Server-2003-SP2
Title: Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation Advisory ID: KL-001-2015-001 Publication Date: 2015.01.28 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2015-001.txt...
K7 Computing Multiple Products Arbitrary Write Privilege Escalation Exploit
Exploit for windows platform in category local exploits / Exploit Title - K7 Computing Multiple Products Arbitrary Write Privilege Escalation Date - 04th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.k7computing.co.uk/ Tested Version - 14.2.0.240 Driver Versio...
AVG Internet Security 2015 Arbitrary Write Privilege Escalation Exploit
Exploit for windows platform in category local exploits / Exploit Title - AVG Internet Security 2015 Arbitrary Write Privilege Escalation Date - 04th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.avg.com/ Tested Version - 2015.0.5315 Driver Version - 15.0.0.52...
BullGuard Multiple Products Arbitrary Write Privilege Escalation Exploit
Exploit for windows platform in category local exploits / Exploit Title - BullGuard Multiple Products Arbitrary Write Privilege Escalation Date - 04th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.bullguard.com/ Tested Version - 14.1.285.4 Driver Version -...