16 matches found
Lenovo Energy Management Driver for Windows 10 Vulnerability - US
Lenovo Security Advisory: LEN-27682 Potential Impact: Denial of service Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-6183 Summary Description: A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to...
Cesar Cerrudo on Securing Smart Cities
IOActive Labs CTO Cesar Cerrudo talks to Ryan Naraine about major realistic security problems affecting technology implementations of smart cities — from traffic control systems to surveillance cameras and power grids — and warns that the damages from live attacks could be catastrophic. Download:...
Twitter Bug Allowed Apps to Access Direct Messages Without Permission
Social networking sites such as Twitter and Facebook have become not just communication hubs, but also authentication mechanisms for third-party sites. Many sites and Web applications allow users to sign in with their Facebook or Twitter credentials rather than registering, which is a nice...
Cesar Cerrudo on Owning Your CEO
Dennis Fisher talks with Cesar Cerrudo of IOActive Labs about his research project that used Fortune 500 executives’ corporate email addresses as the starting point to gather data about their online activities. Cerrudo found that he was able to map executives’ activities across a wide range of...
Elevating Privileges Via Windows Installers
There’s an odd bit of behavior that some Windows systems will exhibit when certain kinds of installers are launched, automatically elevating the privileges of the installer process to system-level privileges. In theory, the issue shouldn’t be exploitable because at one point in the process the...
MS Windows Token Kidnapping Problems Resurface
Microsoft’s problems with Token Kidnapping .pdf on the Windows platform aren’t going away anytime soon. More than a year after Microsoft issued a patch to cover privilege escalation issues that could lead to complete system takeover, a security researcher plans to use the Black Hat conference...
Symantec Altiris Client Service 6.8.378 Local Privilege Escalation Exploit
Exploit for unknown platform in category local exploits ========================================================================== Symantec Altiris Client Service 6.8.378 Local Privilege Escalation Exploit ========================================================================== // 0day PRIVATE...
Oracle 10g (PROCESS_DUP_HANDLE) Local Privilege Elevation (win32)
No description provided by source. // Argeniss - Information Security // // Oracle Database local elevation of privileges PoC exploit // // Author: Cesar Cerrudo include windows.h include stdio.h BOOL InjectShellcodeDWORD oldEIP,CHAR oSID HMODULE hKernel; FARPROC pCreateProc; LPSTR...
Oracle 10g (Windows x86) - 'PROCESS_DUP_HANDLE' Local Privilege Escalation
// Argeniss - Information Security // // Oracle Database local elevation of privileges PoC exploit // // Author: Cesar Cerrudo include include BOOL InjectShellcodeDWORD oldEIP,CHAR oSID HMODULE hKernel; FARPROC pCreateProc; LPSTR sCommand="cmd.exe"; DWORD dwStrLen; CHAR buff100;...
[SA22668] Microsoft Windows GDI Kernel Structures Handling Vulnerability
TITLE: Microsoft Windows GDI Kernel Structures Handling Vulnerability SECUNIA ADVISORY ID: SA22668 VERIFY ADVISORY: http://secunia.com/advisories/22668/ CRITICAL: Less critical IMPACT: Privilege escalation, DoS WHERE: Local system OPERATING SYSTEM: Microsoft Windows 2000 Advanced Server...
MS Windows COM Structured Storage Local Exploit (MS05-012)
No description provided by source. // by Cesar Cerrudo - Argeniss - www.argeniss.com // MS05-012 - COM Structured Storage Vulnerability - CAN-2005-0047 Exploit // // More exploits at www.argeniss.com/products.html // // Works on Win2k sp4, WinXP sp2, Win2k3 sp0 // Close all runing programs to avo...
MS Windows 2k Utility Manager (All-In-One) Exploit (MS04-019)
No description provided by source. / COROMPUTER2004 Crpt Utility Manager exploit v2.666 modified by kralor Crpt It gets system language and sets windows names to work on any win2k :P Feel free to add other languages : v2.666: added autonomous allinone remote exploitation system ; It can be execut...
ARGENISS-ADV-030501.txt
Argeniss Security Advisory Name: Oracle Database Server Directory transversal Affected Software: Oracle Database Server versions 8i and 9i Severity : Medium Remote exploitable: Yes Authentication to Database Server is needed Credits: Cesar Cerrudo Date: 03/07/05 Advisory Number: ARG030501 Details...
- Argeniss - Oracle Database Server Directory transversal
Argeniss Security Advisory Name: Oracle Database Server Directory transversal Affected Software: Oracle Database Server versions 8i and 9i Severity : Medium Remote exploitable: Yes Authentication to Database Server is needed Credits: Cesar Cerrudo Date: 03/07/05 Advisory Number: ARG030501 Details...
[Full-Disclosure] [AppSecInc Team SHATTER Security Advisory] Microsoft Windows Improper Token Validation
Microsoft Windows Improper Token Validation AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/general/06-0001.html January 10, 2005 Credit: This vulnerability was discovered and researched by Cesar Cerrudo of Application Security, Inc. Risk Level: High Summary: A...
SQL Server 2000 Buffer Overflows and SQL Inyection vulnerabilities.
Security Advisory Name: SQL Server 2000 Buffer Overflows and SQL Inyection vulnerabilities. System Affected : Sql Server 2000 all Service Packs. Severity : High. Author: Cesar Cerrudo. Date: 07/25/2002 Advisory Number: CC070205 Overview: Database Consistency Checkers DBCCs are command console...