73 matches found
CVE-2020-1143: Win32k Use-After-Free
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...
CVE-2020-13166
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded the same for all customers’ installations in web.config, and can be used to send serialized ASP code. Recent assessments: wvu-r7 at May 21, 2020 5:50am UTC reported: Metasplo...
CVE-2020-10977
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. Recent assessments: wvu-r7 at June 09, 2020 10:49pm UTC reported: @zeroSteiner pointed us to this exploit chain today: . It uses CVE-2020-10535 to satisfy the authentication requirement. Note that...
CVE-2020-11100
In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. Recent assessments: 3dcyber at April 23, 2020 1:18...
Task Scheduler S4U Logon Elevation of Privilege
The windows task scheduler allows a split token administrator to register a task which runs as a batch job from a limited privilege context. This doesn’t require a user’s password to accomplish as the task will be run non-interactively and so doesn’t need access to the password in order to access...
CVE-2020-6418
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: J3rryBl4nks at March 04, 2020 4:42pm UTC reported: You would have to chain this vulnerability with a working sandbox escape in...
CVE-2020-9340
fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/opkandidat.php id parameter. Recent assessments: J3rryBl4nks at March 09, 2020 9:27pm UTC reported: This is an authenticated SQL Injection that should lead to a reverse shell. It’s very easy to identify, and to exploit. The value is low...
Admin Check Bypass in NtPowerInformation
The system call NtPowerInformation performs a check that the caller is an administrator before performing some specific power functions. The check is done in the PopUserIsAdmin function. Recent assessments: busterb at May 09, 2019 5:57pm UTC reported: Project zero reason for closure: Info not...
SMBv2 Symlink to Local File Vulnerability
SMBv2 supports symlinks on remote file systems by returning a special status code STATUSSTOPPEDONSYMLINK when a symlink is encountered on the remote share. It also returns a symlink reparse data buffer to be processed to determine where to redirect the request. While this is supported functionali...
Microsoft Office 2007 and 2010 RTF frmtxtbrl EIP corruption
The following crash was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application verified was enabled for testing and reproduction. This sample also reproduced in Office 2010 running on Windows 7 x86. It did not reproduce in...
Microsoft Internet Explorer: READ in CAnimatablePropertyListElement::GetCurrentValues:
Clusterfuzz crash Recent assessments: busterb at May 09, 2019 5:57pm UTC reported: Not exploitable other than for crashing a browser, probably not that useful though. Assessed Attacker Value: 1 Assessed Attacker Value: 1Assessed Attacker Value: 5...
Return Of Bleichenbacher's Oracle Threat
ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server. Recent assessments: busterb at May 09, 2019 5:57pm UTC reported: The details are pretty heavily documented on robotattack.org, so no need to...
CVE-2019-19194
The Bluetooth Low Energy Secure Manager Protocol SMP implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key LTK if an out-of-order link-layer encryption request...
CVE-2019-17517
The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 5.0.4 for DA14580/1/2/3 devices does not properly restrict the L2CAP payload length, allowing attackers in radio range to cause a buffer overflow via a crafted Link Layer packet. Recent assessments: pbarry25 at April 25,...
CVE-2019-17060
The Bluetooth Low Energy BLE stack implementation on the NXP KW41Z based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID LLID equal to...
CVE-2020-8597 rhostname buffer overflow in pppd
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions. Recent assessments: wvu-r7 at March 10, 2020 6:33pm UTC reported: AFAIK, it is common to enable full mitigations on the binary, with ASLR enabled on the system. While this doesn’...
CVE-2020-7246
A remote code execution RCE vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users‘photoppreview’ delete photo feature, allowing bypass of .htaccess protection...
Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to view all files on the device.
A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1. Recent assessments: busterb at January 30, 2020 8:09a...
Remote Desktop Client remote code execution vulnerability
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka ‘Remote Desktop Client Remote Code Execution Vulnerability’. Recent assessments: busterb at January 15, 2020 2:29am UTC reported: This is a client-side exploit, which...
CVE-2020-0638
An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Update Notification Manager Elevation of Privilege Vulnerability’. Recent assessments:...