SweetPotato – Service to SYSTEM

I've had a keen interest in the original RottenPotato and JuicyPotato exploits that utilize DCOM and NTLM reflection to perform privilege escalation to SYSTEM from service accounts. The applications behave by leveraging the SeImpersontePrivilege and MITM to perform privilege escalation when a hig...

Denial Of Service (DoS)

samba is vulnerable to denial of service. A flaw was found in the way Samba handled file descriptors. If an attacker were able to open a large number of file descriptors on the Samba server, they could flip certain stack bits to "1" values, resulting in the Samba server smbd crashing...

Insecure TLS Configuration

seamonkey uses an insecure TLS configuration. It was found that the SSL DHE Diffie-Hellman Ephemeral mode implementation for key exchanges in SeaMonkey accepted DHE keys that were 256 bits in length. This update removes support for 256 bit DHE keys, as such keys are easily broken using modern...

The vulnerability of the Windows Background Intelligent Transfer Service, a file transfer service between the client and the HTTP server, allows a hacker to escalate their privileges.

The vulnerability of the Windows Background Intelligent Transfer Service, which is responsible for intelligent file transfer between clients and Windows HTTP servers, is related to errors in processing links that point to file and directory paths. Exploiting this vulnerability can allow an attack...

KB4541500: Windows 7 and Windows Server 2008 R2 March 2020 Security Update

The remote Windows host is missing security update 4541500 or cumulative update 4540688. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in...

CVE-2020-0787

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...

Privilege escalation

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...

CVE-2020-0787

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...

CVE-2020-0787

CVE-2020-0787 is a privilege-escalation flaw in Microsoft Windows BITS (Background Intelligent Transfer Service) caused by improper handling of symbolic links. The issue can allow an attacker who can run code on a vulnerable host to escalate to system-level privileges and execute arbitrary code. ...

CVE-2020-0787 Windows BITS Privesc

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS improperly handles symbolic links, aka ‘Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability’. Recent assessments: gwillcox-r7 at June 10, 2020 2:20am UTC...

Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, a...

CVE-2020-2732

A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to...

sLoad Malware Revamped as Powerful 'StarsLord' Loader

The sLoad malware downloader, a PowerShell-based trojan first spotted in May 2018, has a new, polished version that comes with “more powerful features, posing even higher risk,” Microsoft researchers are warning. After discovering it being used in several campaigns over the holidays, researchers...

PT-2020-1236 · Libyang · Libyang

Name of the Vulnerable Software and Affected Versions: libyang versions prior to v1.0-r3 Description: An invalid memory access flaw is present in the function resolve feature value when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files...

sLoad launches version 2.0, Starslord

sLoad, the PowerShell-based Trojan downloader notable for its almost exclusive use of the Background Intelligent Transfer Service BITS for malicious activities, has launched version 2.0. The new version comes on the heels of a comprehensive blog we published detailing the malware’s multi-stage...

LOLBITS - C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol

LOLBITS is a C reverse shell that uses Microsoft's Background Intelligent Transfer Service BITS to communicate with the Command and Control backend. The Command and Control backend is hidden behind an apparently harmless flask web application and it's only accesible when the HTTP requests receive...

libyang: stack-based buffer overflow in make_canonical when bits leaf type is used

A stack-based buffer overflow flaw was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or execute code...

PYSEC-2019-209

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case datasize and numsegments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. Thi...

Elegant sLoad Carries Out Spying, Payload Delivery in BITS

A fresh analysis of the trojan sLoad sheds light on the growing trend of advanced malware “living off the land” of a targeted system and successfully evading detection and carrying out malicious activities. SLoad is a PowerShell downloader type of malware and is known for its impressive...

Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities

Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS. Background Intelligent Transfer Service BITS is a component of the Windows operating...