Windows Exploitation Techniques: Winning Race Conditions with Path Lookups

Posted by James Forshaw This post was originally written in 2016 for the Project Zero blog. However, in the end it was published separately in the journal PoC||GTFOissue 13 as well as in the second volume of the printed version. In honor of our new blog we’re republishing it on this blog and...

EUVD-2016-4295

Malware in sbrugna...

EUVD-2016-6405

Malware in sbrugna...

EUVD-2004-1480

Malware in sbrugna...

EUVD-2015-2521

Malware in sbrugna...

EUVD-2014-0078

Malware in sbrugna...

CVE-2023-50915

An issue exists in GalaxyClientService.exe in GOG Galaxy Beta 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC Object Manager symbolic link and could result in a denial of service...

CVE-2023-50915

CVE-2023-50915 affects GOG Galaxy (Beta) 2.0.67.2–2.0.71.2. The issue exists in GalaxyClientService.exe and could allow an authenticated user to overwrite and corrupt critical system files by abusing a combination of an NTFS Junction and an RPC Object Manager symbolic link, potentially leading to...

CVE-2023-50915

An issue exists in GalaxyClientService.exe in GOG Galaxy Beta 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC Object Manager symbolic link and could result in a denial of service...

PT-2024-14007 · Gog · Gog Galaxy

Name of the Vulnerable Software and Affected Versions: GOG Galaxy Beta versions 2.0.67.2 through 2.0.71.2 Description: An issue exists in GalaxyClientService.exe that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC...

GHSA-QPHH-5FV5-2MJJ Plone is vulnerable to information exposure via the object manager implementation

The object manager implementation objectmanager.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request...

Plone is vulnerable to information exposure via the object manager implementation

The object manager implementation objectmanager.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request...

PT-2021-22486 · Apache · Apache Ozone

Name of the Vulnerable Software and Affected Versions: Apache Ozone versions prior to 1.2.0 Description: The issue allows authenticated users with valid Ozone S3 credentials to create specific OM requests, impersonating any other user. Recommendations: For versions prior to 1.2.0, update to versi...

CVE-2021-21866

A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigge...

CVE-2020-25289

The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory which has weak permissions...

Code injection

The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory which has weak permissions...

CVE-2020-25289

The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory which has weak permissions...

CVE-2020-25289

The CVE-2020-25289 entry describes a local file-write vulnerability in the Avast SecureLine VPN service (pre-5.6.4982.470). The issue arises from an Object Manager symbolic link in the log directory that has weak permissions, allowing local users to write to arbitrary files. Some sources corrobor...

CVE-2020-15401

IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link...

CVE-2020-15401

IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link...