CVE-2023-3513 RazerCentralService Unsafe Deserialization Escalation of Privilege

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral =7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization...

CVE-2023-3513 RazerCentralService Unsafe Deserialization Escalation of Privilege

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral =7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization...

Missing Authorization in Jenkins WMI Windows Agents plugin

WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library. It provides a general-purpose remote command execution capability that Jenkins uses to check if Java is available, and if not, to install it. This library has a buffer overflow vulnerability that may allow user...

MultiPotato - Another Potato to get SYSTEM via SeImpersonate privileges

First of all - credit to @splintercode & @decoderit for RoguePotato as this code heavily bases on it. This is just another Potato to get SYSTEM via SeImpersonate privileges. But this one is different in terms of It doesn't contain any SYSTEM auth trigger for weaponization. Instead the code can be...

Winshark - A Wireshark Plugin To Instrument ETW

Wireshark plugin to work with Event Tracing for Windows Microsoft Message Analyzer is being retired and its download packages were removed from microsoft.com sites on November 25 2019. Wireshark have built a huge library of network protocol dissectors. The best tool for Windows would be one that...

RedPeanut - A Small RAT Developed In .Net Core 2 And Its Agent In .Net 3.5/4.0

RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0. RedPeanut code execution is based on shellcode generated with DonutCS. It is therefore a hybrid, although developed in .Net it does not rely solely on the Assembly.Load. This increases the detection surface, but...

SRC-2018-0026 : Docker dockerBackend HandleRequestAsync Deserialization of Untrusted Data Elevation of Privilege Vulnerability

Vulnerability Details: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Docker for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution

This module will exploit SMB with vulnerabilities in MS17-010 to achieve a write-what-where primitive. This will then be used to overwrite the connection session information with as an Administrator session. From there, the normal psexec payload code execution is done. Exploits a type confusion...

FortiClient privilege escalation vulnerability

A low privileged user may be able to execute arbitrary code by exploiting a FortiClientNamedPipe vulnerability...

CVE-2016-8493

In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability...

CVE-2016-8493

In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability...

CVE-2016-8493

In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability...

Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (2)

Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux MS16-008 2 Source: https://code.google.com/p/google-security-research/issues/detail?id=589 Windows: Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux 2 Platform: Windows 8.1, not tested any other OS...

Microsoft Windows 10 - Sandboxed Mount Reparse Point Creation Mitigation Bypass (MS15-111)

Source: https://code.google.com/p/google-security-research/issues/detail?id=486 Windows: Sandboxed Mount Reparse Point Creation Mitigation Bypass Platform: Windows 10 build 10240, earlier versions do not have the functionality Class: Security Feature Bypass Summary: A mitigation added to Windows ...

KLA10122 SB vulnerability in Comodo Firewall Pro

An unspecified vulnerability was found in Comodo Firewall Pro. By exploiting this vulnerability malicious users can bypass the driver protection for registry keys. This vulnerability can be exploited locally at a point related to OLE NamedPipe. Original advisories - Related products...