Brave Software: links the user may download can be a malicious files

Hi, Summary: This vulnerability is pretty simple and pretty dangerous at the same time Almost any link the user tries to download it's extension is set according to the file extension in the path if the path is / then it download's it according to the domain name Eg: 1...

Git for Windows Untrusted Search Path Vulnerability

Git for Windows is a free, open source distributed version control system based on Windows developed by American software developer Linus Torvalds Linus Torvalds. An untrustworthy search path vulnerability exists in version 1.x of Git for Windows. This vulnerability can be exploited by a local...

Microsoft Windows AHCACHE.SYS Denial of Service (MS16-110: CVE-2016-3369)

A denial of service vulnerability exists in the AHCACHE.SYS driver. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit this issue by sending a specially crafted Portable Executable file to an affected server. Successful exploitation could allow an...

Extending Linux Executable Logging With The Integrity Measurement Architecture

Gaining insight into the files being executed on your system is a great first step towards improved visibility on your endpoints. Taking this a step further, centrally storing logs of file execution data so they can be used for detection and hunting provides an excellent opportunity to find evil ...

Extending Linux Executable Logging With The Integrity Measurement Architecture

Gaining insight into the files being executed on your system is a great first step towards improved visibility on your endpoints. Taking this a step further, centrally storing logs of file execution data so they can be used for detection and hunting provides an excellent opportunity to find evil ...

Samsung SW Update Service Privilege Escalation

Exploit Title: Samsung SW Update Service Unquoted Service Path Privilege Escalation Date: 04/10/2016 Author: Yunus YILDIRIM Th3GundY Team: CT-Zer0 @CRYPTTECH && Superbug @xsuperbug Website: http://yildirimyunus.com Contact: [email protected] Category: local Vendor Homepage:...

Microsoft Windows CLFS Driver Elevation of Privilege (MS16-134: CVE-2016-3343)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to improper handling of objects in memory. The attacker must entice the victim to run an executable file to exploit this vulnerability...

Microsoft Windows CLFS Elevation of Privilege (MS16-134: CVE-2016-0026)

An elevation of privilege vulnerability has been reported in Microsoft Windows. The vulnerability is due to an malformed blf file, which could be abused by attackers to gain local privilege escalation. The attacker must entice the victim to run an executable file to exploit this vulnerability...

Microsoft Windows CLFS Elevation of Privilege (MS16-134: CVE-2016-7184)

An elevation of privilege vulnerability has been reported in Microsoft Windows. The vulnerability is due to an malformed blf file, which could be abused by attackers to gain local privilege escalation. The attacker must entice the victim to run an executable file to exploit this vulnerability...

Solaris 8/9 passwd(1) - circ() Stack-Based Buffer Overflow Privilege Escalation Exploit

Exploit for linux platform in category local exploits / $Id: raptorpasswd.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorpasswd.c - passwd circ local, Solaris/SPARC 8/9 Copyright c 2004 Marco Ivaldi Unknown vulnerability in passwd1 in Solaris 8.0 and 9.0 allows local users to gain privileges via...

Microsoft Windows VHDFS Driver Elevation of Privilege (MS16-138: CVE-2016-7226)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to insufficient specification for a certain flag. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted executable...

Microsoft Windows VHDFS Driver Elevation of Privilege (MS16-138: CVE-2016-7225)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to insufficient specification for a certain flag. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted executable...

Microsoft Windows Driver CLFS Elevation Of Privilege (MS16-134: CVE-2016-3332)

An elevation of privilege vulnerability has been reported in Microsoft Windows. The vulnerability is due to an malformed blf file, which could be abused by attackers to gain local privilege escalation. The attacker must entice the victim to run an executable file to exploit this vulnerability...

Moodle Arbitrary File Upload Vulnerability (CNVD-2016-10744)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. An arbitrary file upload vulnerability exists in the dual extension support in the ima...

CVE-2016-9186

Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors...

Unrestricted file upload

Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors...

Unrestricted file upload

Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors...

NVIDIA GeForce Experience Stack Buffer Overflow Vulnerability

NVIDIA GeForce Experience is a suite of automatic graphics card update tools from NVIDIA. A stack buffer overflow vulnerability exists in NVIDIA GeForce Experience. An attacker can exploit this vulnerability with an executable path to cause a denial of service or elevation of privilege...

NVIDIA Driver - Unchecked User-Provided Pointer in Escape 0x5000027

NVIDIA Driver - Unchecked User-Provided Pointer in Escape 0x5000027 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=937 The DxgkDdiEscape handler for 0x5000027 accepts a user provided pointer, but does no checks on it before using it. ... DWORD userptr = escape5000027data-userpt...

NO-IP DUC v4.1.1 Unquoted Service Path Privilege Escalation Exploit

Exploit Title : NO-IPprivilegescalation.rb - 'Unquoted Service Path Privilege Escalation' PDF Version : 4.1.1 vuln Discover : Ehsan Hosseini Module Author : pedr0 Ubuntu r00t-3xp10it Tested on : Windows 7 Professional Software Link : http://www.noip.com/client/DUCSetupv411.exe DESCRIPTION NO-IP D...