EUVD-2008-5072

Malware in sbrugna...

Windows IIS HTTP Protocol Stack Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows IIS HTTP Protocol Stack DOS', 'Description' = %q This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafte...

Exploit for CVE-2022-21907

CVE-2022-21907 Vulnerability in HTTP Protocol Stack Enabling R...

Microsoft Windows Multiple Vulnerabilities (KB5023706)

This host is missing an important security update according to Microsoft KB5023706 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution Exploit

Title: Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution Author: nu11secur1ty Date: 01.14.2022 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/download/details.aspx?id=48264 Reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-219...

Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution

Title: Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution Author: nu11secur1ty Date: 01.14.2022 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/download/details.aspx?id=48264 Reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-219...

Microsoft Patch Tuesday for March 2023 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the companys hardware and software line, including two issues that are actively being exploited in the wild, continuing a trend of zero-days appearing in Patch Tuesdays over the past few months. Two of th...

CVE-2023-23392

HTTP Protocol Stack Remote Code Execution Vulnerability...

CVE-2023-23392

HTTP Protocol Stack Remote Code Execution Vulnerability...

CVE-2023-23392

CVE-2023-23392 is a remotely exploitable security flaw in the Windows HTTP Protocol Stack that enables remote code execution when HTTP/3 with buffered I/O is enabled. Multiple connected sources confirm affected products as Windows 11 and Windows Server 2022, with successful exploitation possible ...

CVE-2023-23392 HTTP Protocol Stack Remote Code Execution Vulnerability

...

KLA48553 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface, cause denial of service, bypass security restrictions. Below is a complete list of...

Exploit for CVE-2022-21907

CVE-2022-21907 Golang Application by 1vere$k CVE-2022-21907 -...

Exploit for CVE-2022-21907

CVE-2022-21907 A REAL DoS exploit for CVE-2022-21907 It supp...

Windows IIS HTTP Protocol Stack DOS

This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafted Accept-Encoding headers that was patched by Microsoft in May 2021, on vulnerable IIS servers. Successful exploitation will result in the target computer BSOD'ing before subsequently rebooting. Note that the...

Exploit for CVE-2022-21907

CVE-2022-21907 - Double Free in http.sys driver !./.github...

Exploit for CVE-2022-21907

This is a PoC exploit for CVE-2022-21907, a HTTP Protocol Stack...

Microsoft Patch Tuesday January 2022

Hello everyone! This episode will be about Microsoft Patch Tuesday for January 2022. Traditionally, I will use my open source Vulristics tool for analysis. This time I didnt make any changes to how connectors work. The report generation worked correctly on the first try. python3.8 vulristics.py...

Microsoft Patch Tuesday fixes critical zero-days along with 97 other flaws

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Microsoft has fixed 97 vulnerabilities, with nine classified as Critical and 88 as Important and among them 6 zero-days. Following are the type of security vulnerabilities reported in multiple Microsoft products: 41 Elevation...

First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability

Microsoft on Tuesday kicked off its first set of updates for 2022 by plugging 96 security holes across its software ecosystem, while urging customers to prioritize patching for what it calls a critical "wormable" vulnerability. Of the 96 vulnerabilities, nine are rated Critical and 89 are rated...