3106 matches found
Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation
Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Exploit Title: Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Date: 2019-11-22 Exploit Author: Abdelhamid Naceri Vendor Homepage: www.microsoft.com Tested on: Windows 10 1903 CVE : CVE-2019-1385 Windows:...
Microsoft Windows AppXsvc Deployment Extension Privilege Escalation
Exploit Title: Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Date: 2019-11-22 Exploit Author: Abdelhamid Naceri Vendor Homepage: www.microsoft.com Tested on: Windows 10 1903 CVE : CVE-2019-1385 Windows: "AppX Deployment Service" AppXSVC elevation of privilege vulnerability...
FreeSWITCH - Event Socket Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeSWITCH Event Socket Command Execution', 'Description' = %q This module uses the FreeSWITCH event socket interface to execute system commands...
WinPwn - Automation For Internal Windows Penetrationtest / AD-Security
In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy support. I often ran the same scripts one after the other to get information about the current system and/or the domain. To automate as many internal...
Malicious Package
malicious-npm-package is a malicious package. The package targets Windows system and runs a powershell command to download and execute a malicious script that is stored on a remote server...
SYS.2.2.3.A22
Ziel des Bausteins SYS.2.2.3 ist der Schutz von Informationen, die durch und auf Windows 10-Clients verarbeiten werden. Die Standard-Anforderung SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...
Malicious Package
Overview All versions of malicious-npm-package contain malicious code. The malware targets Windows systems. It runs a powershell command that downloads an executable file from a remote server and runs it. Recommendation Any computer that has this package installed or running should be considered...
FreeSWITCH Event Socket Command Execution Exploit
This Metasploit module uses the FreeSWITCH event socket interface to execute system commands using the system API command. The event socket service is enabled by default and listens on TCP port 8021 on the local network interface. This module has been tested successfully on FreeSWITCH versions:...
Security Updates for Exchange (November 2019)
The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell. An attacker who...
Double Vision: Stealthy Malware Dropper Delivers Dual RATs
A newly discovered initial-stage malware dropper has been discovered sneaking by antivirus products, with the ultimate goal of delivering a double-pronged whammy of RevengeRAT and WSH RAT payloads onto targeted Windows machines. A FortiGuard Labs team recently captured a sample file that had been...
Changing security incident response by utilizing the power of the cloud—DART tools, techniques, and procedures: part 1
This is the first in a blog series discussing the tools, techniques, and procedures that the Microsoft Detection and Response Team DART use to investigate cybersecurity incidents at our customer organizations. Today, we introduce the team and give a brief overview of each of the tools that utiliz...
CVE-2019-1373
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'...
CVE-2019-1373
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'...
Remote code execution
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'...
CVE-2019-1373
CVE-2019-1373 is a remote code execution vulnerability in Microsoft Exchange Server caused by deserialization of metadata via PowerShell. The issue affects Exchange servers and can be exploited by an attacker who can run PowerShell cmdlets against the server; the exact required privileges are not...
CVE-2019-1373
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'...
Microsoft Exchange Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the logged in user. Exploitation of this vulnerability requires that a use...
FUDForum 3.0.9 Code Execution / Cross Site Scripting
// Exploit Title : FUDForum 3.0.9 - Stored XSS / Remote Code Execution // Date : 10/26/19 // Exploit Author : liquidsky JMcPeters // Vulnerable Software : FUDForum 3.0.9 // Vendor Homepage : https://sourceforge.net/projects/fudforum/ // Version : 3.0.9 // Software Link :...
Adaudit - Powershell Script To Do Domain Auditing Automation
PowerShell Script to perform a quick AD audit | | \ | | | || | | | | | | | | | . | | | |||/ ||||||| by phillips321 If you have any decent powershell one liners that could be used in the script please let me know. I'm trying to keep this script as a single file with no requirements on external too...
Microsoft works with researchers to detect and protect against new RDP exploits
On November 2, 2019, security researcher Kevin Beaumont reported that his BlueKeep honeypot experienced crashes and was likely being exploited. Microsoft security researchers collaborated with Beaumont as well as another researcher, Marcus Hutchins, to investigate and analyze the crashes and...