Ps-Tools - An Advanced Process Monitoring Toolkit For Offensive Operations

Having a good technical understanding of the systems we land on during an engagement is a key condition for deciding what is going to be the next step within an operation. Collecting and analysing data of running processes from compromised systems gives us a wealth of information and helps us to...

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists as /proc/PID/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to...

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists as a flaw was found in the AGPGART driver. The agpgenericallocpage and agpgenericallocpages functions did not zero out the memory pages they allocate, which may later be available to user-space processes. This flaw could...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the handling of zombie processes. A local user could create processes that would not be properly reaped, possibly causing a denial of service...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as the Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and caus...

Avira Operations Free Antivirus Code Injection Vulnerability

Avira Operations Free Antivirus is a suite of antivirus programs from Avira Operations. A security vulnerability exists in Avira Operations Free Antivirus versions prior to 15.0.2004.1825, which stems from a self-protection feature that does not prohibit write operations by external processes. Th...

Update Rollup 6 for System Center 2012 R2 Operations Manager

Update Rollup 6 for System Center 2012 R2 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 6 for Microsoft System Center 2012 R2 Operations Manager. Additionally, this article contains the installation instructions for Update Rollup 6 for System...

CVE-2017-18671

An issue was discovered on Samsung mobile devices with L5.0/5.1, M6.0, and N7.x software. Intents related to Wi-Fi have incorrect exception handling, leading to a crash of system processes. The Samsung ID is SVE-2017-8389 May 2017...

Code injection

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.x software. An attacker can crash system processes via a Serializable object because of missing exception handling. The Samsung IDs are SVE-2017-8109, SVE-2017-8110, SVE-2017-8115, SVE-2017-8118, and SVE-2017-811...

CVE-2017-18659

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.x software. Attackers can crash system processes via a broadcast to AdaptiveDisplayColorService. The Samsung ID is SVE-2017-8290 July 2017...

CVE-2017-18671

The CVE affects Samsung mobile devices running Android L/M/N. Root cause: Wi‑Fi related intents with incorrect exception handling. Consequence: crash of system processes. No exploitation details are provided in the documents. Samsung lists a security update reference (SVE-2017-8389) as context fo...

kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception

A flaw in the Linux kernel on the PowerPC platform, was found where a local user can read vector registers of other user processes via a Facility Unavailable exception. An attacker must start a transaction when the FPU operation begins or there is no leakage. Vector registers will become corrupte...

CVE-2020-11587

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server...

CVE-2020-11587

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server...

Design/Logic Flaw

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server...

CVE-2020-11587

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server...

CVE-2020-11587

CVE-2020-11587 affects CIPPlanner CIPAce 9.1 Build 2019092801, where an unauthenticated attacker can issue an API request and read the contents of ETL Processes running on the server. The connected records consistently describe this exposure but do not provide a vendor-provided fix or version-spe...

The vulnerability of the apport operating system’s error registration service, related to deficiencies in access control, allows a malicious actor to create a publicly accessible report of the software bug for privileged processes.

The vulnerability of the apport system’s error reporting service in the Ubuntu operating system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to create a publicly accessible report of the software bug for privileged processes...

Windows Unquoted Service Path Privilege Escalation

This module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths:...

FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG

As developers of the network simulation tool FakeNet-NG, reverse engineers on the FireEye FLARE team, and malware analysis instructors, we get to see how different analysts use FakeNet-NG and the challenges they face. We have learned that FakeNet-NG provides many useful features and solutions of...