NSClient++ 0.5.2.35 - Privilege Escalation

Exploit Author: bzyo Twitter: @bzyo Exploit Title: NSClient++ 0.5.2.35 - Privilege Escalation Date: 05-05-19 Vulnerable Software: NSClient++ 0.5.2.35 Vendor Homepage: http://nsclient.org/ Version: 0.5.2.35 Software Link: http://nsclient.org/download/ Tested on: Windows 10 x64 Details: When...

Pulse Secure Pulse Connect Secure Path Traversal Vulnerability

Pulse Secure Pulse Connect Secure a.k.a. PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure in the United States. A security vulnerability exists in Network File Share NFS in Pulse Secure PCS. An attacker could exploit this vulnerability to write arbitrar...

CB TAU Threat Intelligence Notification: HopLight Campaign (Linked to North Korea) is Reusing Substantial Amount of Code

On April 10, 2019 the US Department of Homeland Security DHS released a Malware Analysis Report MAR-10135536-8 which detailed the trojan HopLight. HopLight has been linked to different North Korean DPRK campaigns also known as the Lazarus Group. The CB Threat Analysis Unit TAU has continued to...

Zoho ManageEngine ADManager Plus 6.6 (Build 6659) - Privilege Escalation

Zoho ManageEngine ADManager Plus 6.6 Build 6659 - Privilege Escalation Exploit Title: Zoho ManageEngine ADManager Plus 6.6 Build 6659 Privilege Escalation Date: 15th April 2019 Exploit Author: Digital Interruption Vendor Homepage: https://www.manageengine.co.uk/ Version: 6.6 Build 6658 Tested on:...

Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Exploit Title: Zoho ManageEngine ADManager Plus 6.6 Build 6659 Privilege Escalation Exploit Author: Digital Interruption Vendor Homepage: https://www.manageengine.co.uk/ Version: 6.6 Build 6658 Tested on: Windows Server 2012 R2 CVE :...

Zoho ManageEngine ADManager Plus 6.6 (Build &lt; 6659) - Privilege Escalation

Exploit Title: Zoho ManageEngine ADManager Plus 6.6 Build 6659 Privilege Escalation Date: 15th April 2019 Exploit Author: Digital Interruption Vendor Homepage: https://www.manageengine.co.uk/ Version: 6.6 Build 6658 Tested on: Windows Server 2012 R2 CVE : CVE-2018-19374 Due to weak permissions...

Microsoft Windows and Microsoft Windows Server Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A privilege-lifting vulnerability exists in Microsoft Windows that stems from Windows'...

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver luafv.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change...

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver luafv.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change...

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver luafv.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change...

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver luafv.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change...

HPSBHF03606 rev. 2 - Intel Platform System BIOS Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Intel Platform Firmware that could allow privileged...

Memu Play 6.0.7 - Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Exploit Title: Memu Play 6.0.7 - Privilege Escalation PoC Author: Alejandra Sánchez Vendor Homepage: https://www.memuplay.com/ Software Link: https://www.memuplay.com/download-en.php?filename=Memu-Setup&from=officialrelease Version: 6.0.7...

Memu Play 6.0.7 - Privilege Escalation

Memu Play 6.0.7 - Privilege Escalation Exploit Title: Memu Play 6.0.7 - Privilege Escalation PoC Date: 20/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.memuplay.com/ Software Link: https://www.memuplay.com/download-en.php?filename=Memu-Setup&from=officialrelease Version: 6.0.7...

Memu Play 6.0.7 - Privilege Escalation

Exploit Title: Memu Play 6.0.7 - Privilege Escalation PoC Date: 20/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.memuplay.com/ Software Link: https://www.memuplay.com/download-en.php?filename=Memu-Setup&from=officialrelease Version: 6.0.7 Tested on: Windows 10 / Windows 7...

Memu Play 6.0.7 Privilege Escalation

Exploit Title: Memu Play 6.0.7 - Privilege Escalation PoC Date: 20/02/2019 Author: Alejandra SA!nchez Vendor Homepage: https://www.memuplay.com/ Software Link: https://www.memuplay.com/download-en.php?filename=Memu-Setup&from=officialrelease Version: 6.0.7 Tested on: Windows 10 / Windows 7...

exacqVision ESM 5.12.2 - Privilege Escalation

exacqVision ESM 5.12.2 - Privilege Escalation Exploit Title: exacqVision ESM 5.12.2 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Date: 2019-02-13 Vulnerable Software: http://cdnpublic.exacq.com/5.12/exacqVisionEnterpriseSystemManager5.12.2.150128x86.exe Vendor Homepage:...

snapd &lt; 2.37 (Ubuntu) - &#039;dirty_sock&#039; Local Privilege Escalation (1)

!/usr/bin/env python3 """ dirtysock: Privilege Escalation in Ubuntu via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC, which is being made available...

Windows DNS Server Heap Overflow Vulnerability

A remote code execution vulnerability exists in Windows Domain Name System DNS servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as D...

Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2019-02775)

Microsoft Windows 10 and others are products of Microsoft Corporation USA.Microsoft Windows 10 is an operating system for personal computers; Windows Server 2016 is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows that stems from a program's failure t...