Vulnerability of application control tools: Application control in Windows Defender Application Control (WDAC), a PowerShell Core automation tool, allows attackers to bypass existing security mechanisms.

The vulnerability of the application control tool, Windows Defender Application Control WDAC, a PowerShell Core automation tool, is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass existing security measures remotely...

HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)

Exploit Title: HFS HTTP File Server 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 20/02/2021 Exploit Author: Pergyz Vendor Homepage: http://www.rejetto.com/hfs/ Software Link: https://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Microsoft Windows...

The vulnerability of the application control tool: Windows Defender Application Control (WDAC), a PowerShell Core automation tool that allows attackers to gain unauthorized access to protected information.

The vulnerability of the application control tool, Windows Defender Application Control WDAC, a PowerShell Core automation tool, is related to security configuration errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected informati...

Vulnerability of .NET Core software, PowerShell Core automation tools, and Microsoft Visual Studio software, related to insufficient input data validation, allowing attackers to trigger service failures.

The vulnerability of the .NET Core runtime, the PowerShell Core automation tool, and the Microsoft Visual Studio software is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

HFS (HTTP File Server) 2.3.x Remote Code Execution

Exploit Title: HFS HTTP File Server 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 20/02/2021 Exploit Author: Pergyz Vendor Homepage: http://www.rejetto.com/hfs/ Software Link: https://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Microsoft Windows...

Citrix Data Collection Tool - CDC

Pre-requisites PowerShell 4.0 and above .NET 4.0 and above Media FrameWork 5.0 and above PowerShell Execution policy set to RemoteSigned/Unrestricted/ByPass Task Scheduler should be enabled for the creation of tasks to be executed when triggers are defined. Administrator privileges Please note: Y...

Chimera - A (Shiny And Very Hack-Ish) PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions

Chimera is a shiny and ver y hack-ish PowerShell obfuscation script designed to bypass AMSI and antivirus solutions. It digests malicious PS1's known to trigger AV and uses string substitution and variable concatenation to evade common detection signatures. Chimera was created for this write-up a...

The vulnerability of the PowerShell command line interface on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the PowerShell command line interface on Windows operating systems is related to deficiencies in the validation of PowerShell script names. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted script...

ATTPwn - Tool Designed To Emulate Adversaries

ATTPwn is a computer security tool designed to emulate adversaries. The tool aims to bring emulation of a real threat into closer contact with implementations based on the techniques and tactics from the MITRE ATT&CK framework. The goal is to simulate how a threat works in an intrusion scenario,...

Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability

...

PT-2021-2044 · Microsoft · Microsoft.Powershell.Utility +1

Name of the Vulnerable Software and Affected Versions: Microsoft.PowerShell.Utility Module affected versions not specified Description: The issue is related to errors in security settings, allowing a remote attacker to bypass existing protection mechanisms. This security-feature bypass...

Microsoft PowerShell Utility Security Feature Issue Vulnerability

Microsoft PowerShell Utility is a utility module from Microsoft Corporation USA. The module includes many of the basic administrative commands for PowerShell. Microsoft PowerShell Utility is vulnerable to a security feature issue. The following products and editions are affected:Windows 10 Versio...

GPOZaurr - Group Policy Eater Is A PowerShell Module That Aims To Gather Information About Group Policies

Group Policy Eater is a PowerShell module that aims to gather information about Group Policies but also allows fixing issues that you may find in them. Installing GPOZaurr requires RSAT installed to provide results. If you don't have them you can install them as below. Keep in mind it also instal...

PRTG Network Monitor Authenticated RCE

Notifications can be created by an authenticated user and can execute scripts when triggered. Due to a poorly validated input on the script name, it is possible to chain it with a user-supplied command allowing command execution under the context of privileged user. The module uses provided...

PRTG Network Monitor Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule "PRTG Network Monitor Authenticated RCE", 'Description' = %q Notifications can be created by an authenticate...

PRTG Network Monitor Remote Code Execution Exploit

This Metasploit module exploits an authenticated remote code execution vulnerability in PRTG Network Monitor. Notifications can be created by an authenticated user and can execute scripts when triggered. Due to a poorly validated input on the script name, it is possible to chain it with a...

(0Day) Microsoft Windows PowerShell Shell Handler Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the shell handle...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

SignHere Introduction CVE-2017-11882 - The unique vulnerab...

PrivescCheck

This is a PoC exploit for Windows privilege escalation enumeration. The script, PrivescCheck, is designed to identify common Windows security misconfigurations that can be leveraged for privilege escalation. It gathers various information that might be useful for exploitation and/or...

CVE-2021-21270

OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is...