97 matches found
IBM DB2 代码问题漏洞
IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM DB2 suffers from an arbitrary code execution vulnerability that can be exploited by an attacker to...
COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module
During a recent investigation at a telecommunications company led by Mandiant Managed Defense, our team was tasked with rapidly identifying systems that had been accessed by a threat actor using legitimate, but compromised domain credentials. This sometimes-challenging task was made simple becaus...
Design/Logic Flaw
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the...
CVE-2020-7352
CVE-2020-7352 context : The GalaxyClientService in GOG Galaxy runs as SYSTEM on Windows. It ships with an embedded, static RSA private key and listens on localhost:9978, enabling a local attacker with user privileges to execute OS commands in elevated context via crafted inputs. The issue affects...
CVE-2020-7352 GOG Galaxy GalaxyClientService Privilege Escalation
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the...
CHAPS - Configuration Hardening Assessment PowerShell Script
CHAPS is a PowerShell script for checking system security settings where additional software and assessment tools, such as Microsoft Policy Analyzer, cannot be installed. The purpose of this script is to run it on a server or workstation to collect configuration information about that system. The...
CVE-2019-18279
In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019...
CVE-2019-18279
In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019...
PT-2019-6410 · Phoenix · Phoenix Sct Winflash
Name of the Vulnerable Software and Affected Versions: Phoenix SCT WinFlash versions 1.1.12.0 through 1.5.74.0 Description: The issue is related to the included drivers in Phoenix SCT WinFlash, which could be used by a malicious Windows application to gain elevated privileges. The adverse impacts...
CVE-2017-12814
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable...
NetworkRecon: PowerShell to Identify Network Vulnerabilities!
PenTestIT RSS Feed As PowerShell becomes more prevalent in the Windows environment, so will it's use for vulnerability assessment and penetration tests. I have covered a few of them earlier such as PowerSploit, PSAttack. However none of the ones I mentioned help you detect network vulnerabilities...
Invincea-X SboxDrv.sys Version Number Query Local Privilege Escalation Vulnerability
Summary An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a specia...
Microsoft Machine Debug Manager (mdm) DLL Hijacking
Microsoft Machine Debug Manager mdm DLL side loading vulnerability Vulnerability: DLL Hijacking / DLL Side Loading Advisory URL: https://ipositivesecurity.com/2017/06/15/microsoft-machine-debug-manager-mdm-insecure-library-loading-allows-code-execution/ ------------------------ ABOUT...
Exposed Localstart.asp Page
To restrict access to specific pages on a webserver, developers can implement various methods of authentication, therefore only allowing access to clients with valid credentials. There are several forms of authentication that can be used. The simplest forms of authentication are known as 'Basic'...
MS14-068-domain privilege escalation vulnerability summary-vulnerability warning-the black bar safety net
0x01 vulnerability of origin Said to ms14-068,have to say the silver ticket, that is, the cheque in. Cheque is a piece of tgs, that is, a service Ticket. The service ticket is the client is sent directly to the server and request the service resource. If the server is not the domain controller dc...
Noriben - Portable, Simple, Malware Analysis Sandbox
Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of the sample's activities. Noriben...
Desktop Client: Local Code Injection
The ownCloud Client was vunerable to a local code injection attack. A malicious local user could create a special path where the client would load libraries from during startup. As on Windows, everyone by default has the permission to write to the C: drive and create arbitrary directories and...
PentestBox 2.0 - Portable Penetration Testing Distribution for Windows Environments
PentestBox provides all security tools as a software package, eliminating requirement of Virtual machines or dualboot environments on Windows Operating System. It is created because more than 50% of penetration testing distribution users uses windows. Source So it provides an efficient platform f...
Fix weblogic JAVA deserialization vulnerability of a variety of methods-vulnerability warning-the black bar safety net
The current oracle is also not in the publicly released weblogic JAVA deserialization vulnerability official patch currently see the repair method is nothing more than two: Use SerialKiller replace the sequence of operation of the ObjectInputStream class; In does not affect the business case, the...
CVE-2015-4807
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache...