Lucene search
+L

260 matches found

gitee
gitee
added 2021/01/24 7:1 p.m.4 views

PrivescCheck

This is a PoC exploit for Windows privilege escalation enumeration. The script, PrivescCheck, is designed to identify common Windows security misconfigurations that can be leveraged for privilege escalation. It gathers various information that might be useful for exploitation and/or...

7AI score
Exploits0
nvd
nvd
added 2021/01/12 8:15 p.m.33 views

CVE-2021-1662

Windows Event Tracing Elevation of Privilege Vulnerability...

7.8CVSS8.1AI score0.00684EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2021/01/12 12:0 a.m.2 views

PT-2021-1895 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insecure privilege management in the Windows CSC Service, which can be exploited to elevate privileges. This allows an attacker to affect the system. No information ...

7.8CVSS6.6AI score0.00776EPSS
Exploits0References9
rapid7blog
rapid7blog
added 2021/01/08 7:54 p.m.421 views

Metasploit Wrap-Up

Struts2 Multi Eval OGNL RCE Our very own zeroSteiner added exploit/multi/http/struts2multievalognl, which exploits Struts2 evaluating OGNL expressions in HTML attributes multiple times CVE-2019-0230 and CVE-2020-17530. The CVE-2019-0230 OGNL chain for remote code execution requires a one-time cha...

10CVSS9.4AI score0.97822EPSS
Exploits46
bdu_fstec
bdu_fstec
added 2020/11/26 12:0 a.m.4 views

The vulnerability of the Win32k component in Windows operating systems, which allows attackers to increase their privileges

The vulnerability of the Win32k component in Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

7.8CVSS7.1AI score0.0098EPSS
Exploits0References2
gitee
gitee
added 2020/11/20 3:17 p.m.13 views

Exploit for CVE-2013-0422

K8tools 2020628 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...

10CVSS6.5AI score0.99913EPSS
Exploits283
thn
thn
added 2020/11/03 9:33 a.m.149 views

New Chrome Zero-Day Under Active Attacks – Update Your Browser

Google has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update. The company released 86.0.4240.183 for Windows, Mac, and Linux, which it said will be rolling out over the coming...

9.6CVSS0.9AI score0.5063EPSS
Exploits6
osv
osv
added 2020/10/21 2:15 p.m.4 views

CVE-2020-10138

Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkinsagent. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can...

7.8CVSS7.6AI score0.0052EPSS
Exploits0References1
thn
thn
added 2020/10/02 9:59 a.m.9 views

Researchers Fingerprint Exploit Developers Who Help Several Malware Authors

Writing advanced malware for a threat actor requires different groups of people with diverse technical expertise to put them all together. But can the code leave enough clues to reveal the person behind it? To this effect, cybersecurity researchers on Friday detailed a new methodology to identify...

5.9AI score
Exploits0
bdu_fstec
bdu_fstec
added 2020/09/29 12:0 a.m.6 views

The vulnerability of the fdSSDP.dll library in Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the fdSSDP.dll library on Windows operating systems is related to privilege management errors. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...

7.8CVSS7.2AI score0.00939EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2020/09/22 12:0 a.m.24 views

The vulnerability of the Win32k.sys component of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Win32k.sys component of the Windows operating system is related to errors in call handling. Exploiting this vulnerability can allow an attacker to enhance their privileges by running a specially created application...

7.8CVSS6.7AI score0.00603EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2020/09/22 12:0 a.m.8 views

The vulnerability of the dnsrslvr.dll library in the Windows operating system allows a hacker to increase their privileges.

The vulnerability of the dnsrslvr.dll library in the Windows operating system is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...

7.8CVSS7.2AI score0.00931EPSS
Exploits0References2
osv
osv
added 2020/09/11 5:15 p.m.3 views

CVE-2020-1152

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would have to log on to an affected system an...

5.8CVSS5.8AI score0.00603EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2020/09/09 12:0 a.m.6 views

The vulnerability of the Connected User Experiences and Telemetry Services for Windows operating systems allows attackers to enhance their privileges.

The vulnerability of the Connected User Experiences and Telemetry Services for Windows operating systems is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...

7.8CVSS7.2AI score0.00795EPSS
Exploits0References2
nvd
nvd
added 2020/07/24 11:15 p.m.24 views

CVE-2020-10610

In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or...

7.8CVSS7.4AI score0.00378EPSS
Exploits0References1
prion
prion
added 2020/07/24 11:15 p.m.18 views

Information disclosure

In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or...

7.2CVSS7.4AI score0.00378EPSS
Exploits0References1Affected Software9
gitee
gitee
added 2020/07/17 10:48 a.m.3 views

PrivescCheck

This is an offensive tool for Windows privilege escalation. It is an extended and updated version of PowerUp, aiming to enumerate common Windows security misconfigurations that can be leveraged for privilege escalation and gather various information useful for exploitation and/or post-exploitatio...

6.9AI score
Exploits0
bdu_fstec
bdu_fstec
added 2020/06/17 12:0 a.m.6 views

The vulnerability of the Win32k component in Microsoft Windows operating systems, which allows attackers to increase their privileges

The vulnerability of the Win32k component in Microsoft Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

7.8CVSS7.2AI score0.01284EPSS
Exploits0References2
cnvd
cnvd
added 2020/06/12 12:0 a.m.6 views

VMware Horizon Client Elevation of Privilege Vulnerability

VMware Horizon Client is a client application for connecting to VMware Horizon virtual desktops from VMware. An elevation of privilege vulnerability exists in VMware Horizon Client 5.x and earlier versions for Windows-based platforms, which can be exploited by a local attacker to run commands as ...

7.8CVSS7.1AI score0.00372EPSS
Exploits0References1
osv
osv
added 2020/05/21 11:15 p.m.4 views

CVE-2020-1010

An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service wbengine that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'...

7.8CVSS7.2AI score0.00837EPSS
Exploits0References1
Rows per page
Query Builder