PrivEsc in Lenovo Vantage. Two minutes later

TL;DR The latest and greatest Lenovo Vantage software which ships with the most recent Lenovo devices is affected by a privilege escalation vulnerability. Whilst Vantage has been released since circa 2016, the software replaced Lenovo Solutions Centre LSC as the recommended platform management an...

VMWare Fusion - Local Privilege Escalation

VMWare Fusion - Local Privilege Escalation Local Privilege Escalation via VMWare Fusion Overview: A directory traversal vulnerability in VMware Fusion's SUID binaries can allow an attacker to run commands as the root user. Tested Versions: VMware Fusion 10.1.3 9472307 on macOS 10.13.6 VMware Fusi...

Input validation

SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation...

CVE-2020-6191

SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation...

Linux: Hidden executables

Malicious programs, code, and scripts usually start with a dot . to hide themselves. Note: This script dramatically increases the scan duration. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

Persistence – Image File Execution Options Injection

Image File Execution Options is a Windows registry key which enables developers to attach a debugger to an application and to enable "GlobalFlag" for application debugging. This behavior of Windows opens the door for persistence since an arbitrary executable can be used as a debugger of a specifi...

PT-2019-16066 · Upx Team +1 · Upx +1

Name of the Vulnerable Software and Affected Versions: UPX version 3.95 Description: A floating-point exception was discovered in PackLinuxElf::elf hash in p lx elf.cpp, causing an application crash that leads to denial of service. Recommendations: For UPX version 3.95, consider updating to a new...

ScanGuard Antivirus Insecure Permissions

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SCANGUARD-ANTIVIRUS-INSECURE-PERMISSIONS.txt + ISR: ApparitionSec Vendor https://www.scanguard.com Product ScanGuard Antivirus ScanGuardSetup.exe Hash: 1a63c67a249da0c2e9abd09d35c3c65d...

Donut - Generates X86, X64, Or AMD64+x86 Position-Independent Shellcode That Loads .NET Assemblies, PE Files, And Other Windows Payloads From Memory

Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL including .NET Assemblies files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable such as Program.Main, it...

ALPINE-CVE-2019-1789

ClamAV versions prior to 0.101.2 are susceptible to a denial of service DoS vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking...

Default configuration

An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable...

CVE-2019-3980

The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run...

The story of Adobe Reader symbols

Posted by Mateusz Jurczyk, Project Zero Modern day security analysis of client applications is often hindered by the inaccessibility of their source code and other aids such as debug symbols. As a result, it is necessary to perform completely black-box reverse engineering of the software, in orde...

The vulnerability of the Image Verification function in the Cisco IOS XE operating system allows a perpetrator to install malware onto a vulnerable device or upload malicious executable files.

The vulnerability of the Image Verification function in the Cisco IOS XE operating system is related to the lack of verification of file signatures during the system’s loading process. Exploiting this vulnerability allows a perpetrator to install malware onto a vulnerable device or load malicious...

Command injection

In radare2 before 3.9.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and...

UBUNTU-CVE-2019-16718

In radare2 before 3.9.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and...

Metame - Metame Is A Metamorphic Code Engine For Arbitrary Executables

metame is a simple metamorphic code engine for arbitrary executables. From Wikipedia: Metamorphic code is code that when run outputs a logically equivalent version of its own code under some interpretation. This is used by computer viruses to avoid the pattern recognition of anti-virus software...

The vulnerability of the Smart Tunnel component of the microprogramming software for Cisco Adaptive Security Appliance allows a attacker to load a malicious executable file.

The vulnerability of the Smart Tunnel component of the Cisco Adaptive Security Appliance microprogramming firewall software is related to the lack of checks for the integrity of system files. Exploiting this vulnerability could allow a attacker to load a malicious executable file...

UBUNTU-CVE-2019-14745

In radare2 before 3.7.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in...

PT-2019-13812 · Radare2 +1 · Radare2 +1

Name of the Vulnerable Software and Affected Versions: radare2 versions prior to 3.7.0 Description: A command injection issue exists due to improper handling of symbol names embedded in executables. This allows for the execution of arbitrary shell commands with the permissions of the victim by...