260 matches found
PrivescCheck
This is a PoC exploit for Windows privilege escalation enumeration. The script, PrivescCheck, is designed to identify common Windows security misconfigurations that can be leveraged for privilege escalation. It gathers various information that might be useful for exploitation and/or...
CVE-2021-1662
Windows Event Tracing Elevation of Privilege Vulnerability...
PT-2021-1895 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insecure privilege management in the Windows CSC Service, which can be exploited to elevate privileges. This allows an attacker to affect the system. No information ...
Metasploit Wrap-Up
Struts2 Multi Eval OGNL RCE Our very own zeroSteiner added exploit/multi/http/struts2multievalognl, which exploits Struts2 evaluating OGNL expressions in HTML attributes multiple times CVE-2019-0230 and CVE-2020-17530. The CVE-2019-0230 OGNL chain for remote code execution requires a one-time cha...
The vulnerability of the Win32k component in Windows operating systems, which allows attackers to increase their privileges
The vulnerability of the Win32k component in Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
Exploit for CVE-2013-0422
K8tools 2020628 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...
New Chrome Zero-Day Under Active Attacks – Update Your Browser
Google has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update. The company released 86.0.4240.183 for Windows, Mac, and Linux, which it said will be rolling out over the coming...
CVE-2020-10138
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkinsagent. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can...
Researchers Fingerprint Exploit Developers Who Help Several Malware Authors
Writing advanced malware for a threat actor requires different groups of people with diverse technical expertise to put them all together. But can the code leave enough clues to reveal the person behind it? To this effect, cybersecurity researchers on Friday detailed a new methodology to identify...
The vulnerability of the fdSSDP.dll library in Windows operating systems allows attackers to escalate their privileges.
The vulnerability of the fdSSDP.dll library on Windows operating systems is related to privilege management errors. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...
The vulnerability of the Win32k.sys component of the Windows operating system, which allows a hacker to increase their privileges
The vulnerability of the Win32k.sys component of the Windows operating system is related to errors in call handling. Exploiting this vulnerability can allow an attacker to enhance their privileges by running a specially created application...
The vulnerability of the dnsrslvr.dll library in the Windows operating system allows a hacker to increase their privileges.
The vulnerability of the dnsrslvr.dll library in the Windows operating system is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...
CVE-2020-1152
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would have to log on to an affected system an...
The vulnerability of the Connected User Experiences and Telemetry Services for Windows operating systems allows attackers to enhance their privileges.
The vulnerability of the Connected User Experiences and Telemetry Services for Windows operating systems is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...
CVE-2020-10610
In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or...
Information disclosure
In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or...
PrivescCheck
This is an offensive tool for Windows privilege escalation. It is an extended and updated version of PowerUp, aiming to enumerate common Windows security misconfigurations that can be leveraged for privilege escalation and gather various information useful for exploitation and/or post-exploitatio...
The vulnerability of the Win32k component in Microsoft Windows operating systems, which allows attackers to increase their privileges
The vulnerability of the Win32k component in Microsoft Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
VMware Horizon Client Elevation of Privilege Vulnerability
VMware Horizon Client is a client application for connecting to VMware Horizon virtual desktops from VMware. An elevation of privilege vulnerability exists in VMware Horizon Client 5.x and earlier versions for Windows-based platforms, which can be exploited by a local attacker to run commands as ...
CVE-2020-1010
An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service wbengine that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'...