9 matches found
Microsoft Windows - MsiAdvertiseProduct Arbitrary File Read Exploit
Exploit for windows platform in category local exploits The bug is in “MsiAdvertiseProduct” Calling this function will result in a file copy by the installer service. This will copy an arbitrary file that we can control with the first parameter into c:\windows\installer … a check gets done while...
Microsoft Windows - MsiAdvertiseProduct Arbitrary File Read
Microsoft Windows - MsiAdvertiseProduct Arbitrary File Read The bug is in “MsiAdvertiseProduct” Calling this function will result in a file copy by the installer service. This will copy an arbitrary file that we can control with the first parameter into c:\windows\installer … a check gets done...
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Read
The bug is in “MsiAdvertiseProduct” Calling this function will result in a file copy by the installer service. This will copy an arbitrary file that we can control with the first parameter into c:\windows\installer … a check gets done while impersonating, but using junctions there is still a TOCT...
Microsoft Data Sharing - Local Privilege Escalation Exploit
Exploit for windows platform in category local exploits Microsoft Data Sharing - Local Privilege Escalation Exploit Bug description: RpcDSSMoveFromSharedFilehandle,L"token",L"c:\blah1\pci.sys"; This function exposed over alpc, has a arbitrary delete vuln. Hitting the timing was pretty annoying...
Microsoft Data Sharing - Local Privilege Escalation (PoC)
Bug description: RpcDSSMoveFromSharedFilehandle,L"token",L"c:\blah1\pci.sys"; This function exposed over alpc, has a arbitrary delete vuln. Hitting the timing was pretty annoying. But my PoC will keep rerunning until c:\windows\system32\drivers\pci.sys is deleted. I believe it's impossible to hit...
Microsoft Windows 10 - Child Process Restriction Mitigation Bypass Exploit
Exploit for linux platform in category local exploits Windows: Child Process Restriction Mitigation Bypass Platform: Windows 10 1709 not tested other versions Class: Security Feature Bypass Summary: It’s possible to bypass the child process restriction mitigation policy by impersonating the...
Microsoft Windows 10 - Child Process Restriction Mitigation Bypass
Microsoft Windows 10 - Child Process Restriction Mitigation Bypass Windows: Child Process Restriction Mitigation Bypass Platform: Windows 10 1709 not tested other versions Class: Security Feature Bypass Summary: It’s possible to bypass the child process restriction mitigation policy by...
Microsoft Windows 10 - Child Process Restriction Mitigation Bypass
Windows: Child Process Restriction Mitigation Bypass Platform: Windows 10 1709 not tested other versions Class: Security Feature Bypass Summary: It’s possible to bypass the child process restriction mitigation policy by impersonating the anonymous token leading to a security feature bypass...
openSUSE Security Update : samba (openSUSE-2016-399)
"This update for the samba server fixes the following issues : Security issue fixed : - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; bso11648 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...