Qualys Security Advisory - Qmail Remote Code Execution

Qualys Security Advisory 15 years later: Remote Code Execution in qmail CVE-2005-1513 ======================================================================== Contents ======================================================================== Summary Analysis Exploitation qmail-verify - CVE-2020-38...

ALPINE-CVE-2020-0093

In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...

CVE-2020-12463

Avira Software Updater prior to 2.0.6.27476 is affected by an elevation of privilege due to improper handling of file hard links. This allows local users to take control of arbitrary files. CVSSv3.1 base score 7.8 (LOCAL, HIGH impact on confidentiality/integrity/availability); no exploit details ...

ALLPlayer 7.6 Buffer Overflow

Exploit Title: ALLPlayer v7.6 Local Buffer Overflow SEHUnicode Version: 7.6 Date: 20-04-2020 Exploit Author: Xenofon Vassilakopoulos Tested on: Windows 7 Home Premium SP1 x86 Steps to reproduce : 1. generate the test.m3u using this exploit 2. open ALLPlayer then go to Open audio file 3. load the...

Denial Of Service (DoS)

The kernel is vulnerable to Denial Of Service DoS. The attack is possible because a NULL pointer dereference flaw in ftraceregexlseek in the Linux kernel's ftrace implementation could allow a local, unprivileged user to cause a denial of service. Note: The debugfs file system must be mounted...

CVE-2020-1885

Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file...

Microsoft Server Message Block 3.1.1 (SMBv3) Compression Buffer Overflow Exploit

A vulnerability exists within the Microsoft Server Message Block 3.1.1 SMBv3 protocol that can be leveraged to execute code on a vulnerable server. This local exploit implementation leverages this flaw to elevate itself before injecting a payload into winlogon.exe. This module requires Metasploit...

SMBv3 Compression Buffer Overflow

A vulnerability exists within the Microsoft Server Message Block 3.1.1 SMBv3 protocol that can be leveraged to execute code on a vulnerable server. This local exploit implementation leverages this flaw to elevate itself before injecting a payload into winlogon.exe. This module requires Metasploit...

CVE-2020-0505

CVE-2020-0505 is an Intel Graphics Drivers vulnerability involving an improper conditions check. Affected before versions include 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212. Exploitation could allow an authenticated local user to cause information disclosure an...

CVE-2020-0069

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

MGASA-2020-0076 Updated mgetty packages fix security vulnerability

Updated mgetty package fixes security vulnerability: mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file CVE-2019-1010189...

CVE-2014-7302

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx...

CVE-2014-7302

The CVE-2014-7302 entry concerns SGI Tempo on SGI ICE-X systems where the /opt/sgi/sgimc/bin/vx binary has insecure SUID root permissions (example: -rwsr-sr-x 1 root root). This allows low-privileged local users to escalate to root by executing vx and applying its permission-changing capabilities...

CVE-2018-1000876

binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfdgetdynamicrelocupperbound,bfdcanonicalizedynamicreloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be...

CVE-2019-2228

In arrayfind of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

NewStart CGSL CORE 5.04 / MAIN 5.04 : binutils Multiple Vulnerabilities (NS-SA-2019-0187)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has binutils packages installed that are affected by multiple vulnerabilities: - An issue was discovered in armpt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangli...

CVE-2019-0061

The management daemon MGD is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the internal socket, a...

CVE-2019-9373

In JobStore, there is a mismatched serialization/deserialization for the "battery-not-low" job attribute. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:...

Information disclosure

In SyncStatusObserver, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. This could lead to local limited information disclosure with no additional execution privileges needed. User interaction is not needed f...

Microsoft Windows 10 UAC Protection Bypass Via Windows Store

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 10 UAC Protection Bypass Via Windows Store WSReset.exe', 'Description' = %q This module exploits a flaw in the WSReset.exe Windows Store...