Microsoft Windows x64 – Privilege Escalation (UAC Protection Bypass printui.exe) Exploit

include include include include "resource.h" include include include define err -1 define dis 0 define def 1 define max 2 define BUFFER 8192 int CheckUac int ConsentAdmin; int EnableLua; DWORD BufferSize = BUFFER; RegGetValueHKEYLOCALMACHINE,...

Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 10 UAC Protection Bypass Via Windows Store WSReset.exe', 'Description' = %q This module exploits a flaw in the WSReset.exe Windows Store...

Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 10 UAC Protection Bypass Via Windows Store WSReset.exe', 'Description' = %q This module exploits a flaw in the WSReset.exe Windows Store...

EA Origin < 10.5.38 - Remote Code Execution Vulnerability

Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on: Windows 7, Windows 8, Windows 10 CVE :...

EA Origin Remote Code Execution

Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on: Windows 7, Windows 8, Windows 10 CVE :...

EA Origin 10.5.38 - Remote Code Execution

EA Origin 10.5.38 - Remote Code Execution Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on:...

EA Origin &lt; 10.5.38 - Remote Code Execution

Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on: Windows 7, Windows 8, Windows 10 CVE :...

Talking about the URI Schemes of use-vulnerability warning-the black bar safety net

In the past month or so, I spent a lot of time to read and test custom URI Schemes to. As my previous post mentioned, not properly implemented a custom URI there may be many security issues. I mentioned“many”of the word, here I want to EA Origin client, for example, to share with you this aspect ...

Notepad++: Command injection by setting a custom search engine

Summary: Arbitrary commands can be injected when using the "Search on Internet" function with a malicious custom search engine. The custom search engine can be set through the GUI or the config files, with different attack scenarios. Description: The "Search on Internet" context menu functionalit...

Notepad++: No SearchEngine sanatizing can lead to command injection

Information: Summary: Notepad++ is vulnerable to a command injection vulnerability. Debug Info: Notepad++ v7.6.3 32-bit Build time : Jan 27 2019 - 17:20:30 Path : C:\Program Files x86\Notepad++\notepad++.exe Admin mode : ON Local Conf mode : OFF OS : Windows 10 64-bit Plugins : none Description:...

Razer Cortex Debugger Remote Command Execution

Razer "Cortex" has CEF debugger stub enabled by default allowing arbitrary remote command execution. I was alerted on twitter that the software distributed by Razer for their gaming equipment might be unsafe, I downloaded the ones I could see online to take a look. I have only looked at "Cortex",...

Razer Cortex Debugger Remote Command Execution Vulnerability

Razer Cortex has a CEF debugger stub enabled by default allowing arbitrary remote command execution. Razer "Cortex" has CEF debugger stub enabled by default allowing arbitrary remote command execution. I was alerted on twitter that the software distributed by Razer for their gaming equipment migh...

Windows UAC Protection Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' class MetasploitModule 'Windows UAC Protection Bypass Via ComputerDefault Registry Key', 'Descriptio...

CVE-2018-17208

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface. This occurs because shell...

CVE-2018-17208

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface. This occurs because shell...

Microsoft Office 2007 Groove Security Bypass / Code Execution Exploit

Microsoft Office 2007 Groove contains a security bypass issue regarding 'Workspace Shortcut' files .GLK because it allows arbitrary registered URL Protocols to be passed, when only 'grooveTelespace://' URLs should be allowed, which allows execution of arbitrary code upon opening a 'GLK' file...

Microsoft Office 2007 Groove Security Bypass / Code Execution

Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007 32-bits Due to the nature of the issue, it would work on the x64 version of Office 2007, but I don't know if there's one ?? Tested on: Windows 7/Server 2008/Vista/Serve...

Microsoft Office Groove - Workspace Shortcut Arbitrary Code Execution

Microsoft Office Groove - Workspace Shortcut Arbitrary Code Execution Title: MS Office Groove 'Workspace Shortcut' Arbitrary Code Execution Vulnerability Date: September 28th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/...

Microsoft Office Groove - &#039;Workspace Shortcut&#039; Arbitrary Code Execution

Title: MS Office Groove 'Workspace Shortcut' Arbitrary Code Execution Vulnerability Date: September 28th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007 32-bits x86 Tested on: Windows 7/Server 2008/Vista/Serve...

Acunetix OLE Automation Array Remote Code Execution Exploit

Acunetix versions 9.5 and below OLE automation array remote code execution exploit. !/usr/bin/python import BaseHTTPServer, sys, socket Acunetix OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909 Date: 27 Mar 2015 Version...