Lucene search
K

137 matches found

exploitpack
exploitpack
added 2019/12/03 12:0 a.m.27 views

ComputerDefaults

Auto-Elevate process using ComputerDefaults.exe Author: jsacco How to use: 1. Copy the batch into run.bat 2. Run it! 3. Admin Tested on Windows 10 @echo off echo UAC-Bypass by jsacco reg add "HKCU\Software\Classes\ms-settings\shell\open\command" /d "cmd.exe /c" /f && reg add...

1.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/09/26 11:59 a.m.138 views

CB TAU Threat Intelligence Notification: Qbot/Qakbot Attempts to Evade Detection By Overwriting Itself

Qbot, or Qakbot, is a banking trojan that has been seen in the wild for at least 10 years. Recent campaigns have been often delivered by exploit kits and weaponized documents delivered via context-aware phishing campaigns. Qbot has also been suspected of delivering MegaCortex ransomware. Many...

1.1AI score
Exploits0
myhack58
myhack58
added 2019/08/12 12:0 a.m.52 views

Steam 0 day vulnerability affects 1 billion users-vulnerability warning-the black bar safety net

! The Steam platform is currently the most popular game platform steam has over 1 million registered users, with millions of users simultaneously participate in the game. Researchers in the Steam games Windows the client found a 0-day privilege escalation vulnerability, exploit the vulnerability...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/06/17 12:0 a.m.206 views

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell) Exploit

Exploit for windows platform in category local exploits Interactive Version: function SluiHijackBypass Param ParameterMandatory=$True String$command, ValidateSet64,86 int$arch = 64 Create registry structure New-Item "HKCU:\Software\Classes\exefile\shell\open\command" -Force Set-ItemProperty -Path...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2019/06/14 9:58 a.m.142 views

Threat Roundup for June 7 to June 14

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 07 and June 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

7.9AI score
Exploits0
exploitpack
exploitpack
added 2019/03/25 12:0 a.m.49 views

VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation

VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation VMware: Host VMX Process COM Class Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15. Class: Elevation of Privilege Summary: COM classes used by th...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2018/07/13 8:23 a.m.16 views

Threat Roundup for July 6-13

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we've observed this week — covering the dates between July 6 and 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed ...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/04 12:0 a.m.56 views

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' class MetasploitModule 'Windows UAC Protection Bypass Via Slui File Handler Hijack', 'Description' =...

7AI score
Exploits0
Metasploit
Metasploit
added 2018/03/28 6:44 p.m.62 views

Windows UAC Protection Bypass (Via Slui File Handler Hijack)

This module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary .exe application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler...

7AI score
Exploits0
Microsoft KB
Microsoft KB
added 2018/03/13 7:0 a.m.67 views

Description of the security update for the Windows Kernel vulnerabilities in Windows Server 2008: March 13, 2018

Description of the security update for the Windows Kernel vulnerabilities in Windows Server 2008: March 13, 2018 Summary An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout...

4.7CVSS5AI score0.02866EPSS
Exploits14
0day.today
0day.today
added 2017/10/18 12:0 a.m.94 views

Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1328 Windows: WLDP/MSHTML CLSID UMCI Bypass Platform: Windows 10 S thought should be anything with UMCI Class: Security Feature Bypass Summary: The enlightened lockdown policy chec...

7.2CVSS8.3AI score0.02556EPSS
Exploits3
exploitpack
exploitpack
added 2017/10/17 12:0 a.m.22 views

Microsoft Windows 10 - WLDPMSHTML CLSID UMCI Bypass

Microsoft Windows 10 - WLDPMSHTML CLSID UMCI Bypass Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1328 Windows: WLDP/MSHTML CLSID UMCI Bypass Platform: Windows 10 S thought should be anything with UMCI Class: Security Feature Bypass Summary: The enlightened lockdown policy che...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/10/17 12:0 a.m.50 views

Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1328 Windows: WLDP/MSHTML CLSID UMCI Bypass Platform: Windows 10 S thought should be anything with UMCI Class: Security Feature Bypass Summary: The enlightened lockdown policy check for COM Class instantiation can be bypassed in...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/07 12:0 a.m.53 views

McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution

Vulnerabilities Summary The following advisory describes a Remote Command Execution found in McAfee McAfee LiveSafe MLS versions prior to 16.0.3. The vulnerability allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response. McAfee...

5.9CVSS6.2AI score0.03176EPSS
Exploits2
exploitpack
exploitpack
added 2017/09/07 12:0 a.m.66 views

McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution

McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution Vulnerabilities Summary The following advisory describes a Remote Command Execution found in McAfee McAfee LiveSafe MLS versions prior to 16.0.3. The vulnerability allows network attackers to modi...

4.3CVSS0.9AI score0.03176EPSS
Exploits2
Metasploit
Metasploit
added 2017/05/22 4:25 p.m.467 views

Windows UAC Protection Bypass (Via FodHelper Registry Key)

This module will bypass Windows 10 UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows fodhelper.exe application is launched. It will spawn a second shell that has the UAC flag turned off. This module...

7AI score
Exploits0
Citrix
Citrix
added 2017/05/22 12:0 a.m.7 views

How to Add Receiver Store Using Registry

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. This article explains how to add Receiver store using registry...

7.1AI score
Exploits0
Prion
Prion
added 2017/03/21 4:59 p.m.26 views

Code injection

Code injection vulnerability in Bitdefender Total Security 12.0 and earlier, Internet Security 12.0 and earlier, and Antivirus Plus 12.0 and earlier allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a...

7.2CVSS6.5AI score0.00752EPSS
Exploits0References3Affected Software3
Citrix
Citrix
added 2016/09/22 12:0 a.m.8 views

Can The Receiver Store Be Disabled In The Storefront Server To Prevent Users From Adding Storefront Sites Manually To The Receiver Client?

Question: Is it possible to prevent users from adding the Storefront Store to Native Receiver via Storefront settings? Answer: You are unable to disable this from the Storefront server. It needs to be configured on the client machine via the registry: Set the AllowAddStore parameter to N under...

7AI score
Exploits0
myhack58
myhack58
added 2016/06/15 12:0 a.m.197 views

Domain penetration--Dump Clear-Text Password after KB2871997 installed-vulnerability warning-the black bar safety net

In penetration testing, the penetration tester will typically use mimikatz from the LSA of the memory to export system's plaintext password, while experienced administrators will often choose to install the patch kb2871997 to limit this behavior. This one relates to what are the interesting...

0.1AI score
Exploits0
Rows per page
Query Builder