1575 matches found
CyberGhost 6.0.4.2205 Privilege Escalation
Exploit CyberGhost 6.0.4.2205 Privilege Escalation Date: 06.03.2017 Software Link: http://www.cyberghostvpn.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1. Description CG6Service service has method...
CyberGhost 6.0.4.2205 - Local Privilege Escalation
Exploit CyberGhost 6.0.4.2205 Privilege Escalation Date: 06.03.2017 Software Link: http://www.cyberghostvpn.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1. Description CG6Service service has method...
CyberGhost 6.0.4.2205 - Local Privilege Escalation
CyberGhost 6.0.4.2205 - Local Privilege Escalation Exploit CyberGhost 6.0.4.2205 Privilege Escalation Date: 06.03.2017 Software Link: http://www.cyberghostvpn.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1...
CyberGhost 6.0.4.2205 Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits Exploit CyberGhost 6.0.4.2205 Privilege Escalation Date: 06.03.2017 Software Link: http://www.cyberghostvpn.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1...
CVE-2017-0510
An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...
Windows Exploit development tutorial series--stack injection a-vulnerability warning-the black bar safety net
! Foreword Welcome to the heap spray tutorial the first part. This Part I will introduce the IE under typical heap spray technique, the second part will introduce the precise injection and IE8 under UAF vulnerabilities. It is worth mentioning that, the stack injection is just a payload Delivery...
openSUSE Security Update : nodejs (openSUSE-2017-284)
nodejs was updated to LTS release 4.7.3 to fix the following issues : - deps: upgrade embedded openssl sources to 1.0.2k CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, boo1022085, boo1022086, boo1009528 Changes in LTS release 4.7.1 : - build: shared library support is now working for AIX builds -...
Grab: Authorization bypass using login by phone option+horizontal escalation possible on Grab Android App
Description: After my previous report about 2FA bypass on the Profile Edit endpoint i was interested to find enpoint, which will allow me horizontal privileges escalation. So, I found the endpoint using android app https://p.grabtaxi.com/api/passenger/v2/profiles/activationsms which allow me to...
U.S. Dept Of Defense: Critical information disclosure at https://█████████
Summary: There is a critical information disclosure at https://████████/rserver/rdPage.aspx?rdReport=dbDashboard&rdShowModes= Description: As you can see in the video the https://████████/rserver/rdPage.aspx?rdReport=dbDashboard&rdShowModes= loads a page with a debug this page functions enabled,...
FLARE Script Series: Querying Dynamic State using the FireEye Labs Query-Oriented Debugger (flare-qdb)
Introduction This post continues the FireEye Labs Advanced Reverse Engineering FLARE script series. Here, we introduce flare-qdb, a command-line utility and Python module based on vivisect for querying and altering dynamic binary state conveniently, iteratively, and at scale. flare-qdb works on...
uSQLite 1.0.0 Denial Of Service
!/usr/bin/python Exploit Title: Remote buffer overflow vulnerability in uSQLite 1.0.0 PoC Date: 27/10/1016 Exploit Author: Peter Baris Software Link: https://sourceforge.net/projects/usqlite/?source=directory Version: 1.0.0 Tested on: windows 7 and XP SP3 Longer strings will cause heap based...
openSUSE Security Update : perl (openSUSE-2016-1086)
This update for Perl fixes the following issues : - CVE-2016-6185: Xsloader looking at a 'eval' directory. bsc988311 - CVE-2016-1238: Searching current directory for optional modules. bsc987887 - CVE-2015-8853: Regular expression engine hanging on bad utf8. bsc - CVE-2016-2381: Environment dup...
UBUNTU-CVE-2016-3885
debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACEATTACH operations and thread exits, which allows attackers to gain privileges via a crafted application, aka internal b...
Yelp: Self-XSS via location cookie city field when getting suggestions for a new location
Hi, Only self-XSS, but thought I would report it anyway! I noticed the cookie "location" had some JSON in it, so I changed the city field to debugger, made sure it was encoded the same, then went to add a new location/change an existing location at https://www.yelp.com/profilelocation. Making sur...
HatDBG - Minimal WIN32 Debugger in Powershell
The HatDBG is A pure Powershell win32 debugging abstraction class. The goal of this project is to make a powershell debugger. It is intended to be used during internal penetration tests and red team engagements. This is exclusively for educational purposes. The debugger objects implementing a...
A Shadow of our Former Self
Posted by James Forshaw of Google Project Zero “Necessity is the Mother of Invention” as it’s said, and this is no more true than when looking for and exploiting security vulnerabilities. When new exploit mitigations are introduced, either a way of bypassing the mitigation is needed or an...
Adobe Flash - JXR Processing Double-Free
Adobe Flash - JXR Processing Double-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=788 There is a heap overflow when loading the attacked JXR file in Adobe Flash. To reproduce, load the attached file using LoadImage.swf?img=12.atf. This issue can be a bit difficult to...
Adobe Flash - JXR Processing Double-Free
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=788 There is a heap overflow when loading the attacked JXR file in Adobe Flash. To reproduce, load the attached file using LoadImage.swf?img=12.atf. This issue can be a bit difficult to reproduce, as the crash occurs when the playe...
Microsoft Process Kill Utility (kill.exe) 6.3.9600.17298 - Crash (PoC)
Exploit for windows platform in category dos / poc ''' + Credits: HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MS-KILL-UTILITY-BUFFER-OVERFLOW.txt + ISR: ApparitionSec Vendor: ================= www.microsoft.com Product:...
The vulnerability of the SeaMonkey software allows a malicious actor to compromise the confidentiality and integrity of protected information.
The vulnerability in the implementation of XrayWrapper in Mozilla Firefox and SeaMonkey allows malicious actors to bypass access restrictions by using a specially crafted web page, provided that the user visits it through a debugger. This enables operations such as unwrapping and calling DOM...