PT-2026-40614

Date: May 13, 2026 Status: ACTIVE GLOBAL EXPLOITATION / CORE INFRASTRUCTURE SHATTER Target: Microsoft Message Queuing MSMQ, all versions through Windows Server 2025 Severity: 9.8 MAXIMUM CRITICAL Unauthenticated Remote Code Execution 1. Analysis: Why "Queue-Shatter" is Today's Apex Threat While t...

Bypassing Administrator Protection by Abusing UI Access

Posted by James Forshaw In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didn’t exist. I described one of the ways I was able to bypass the feature before it was released. In total I found 9 bypasses...

EUVD-2008-1477

Malware in sbrugna...

EUVD-2003-0898

Malware in sbrugna...

CVE-2025-20094

Unprotected Windows messaging channel 'Shatter' issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary code may be executed with SYSTEM privilege...

PT-2025-5804

Name of the Vulnerable Software and Affected Versions: Defense Platform Home Edition versions 3.9.51.x and earlier Description: The issue is related to an unprotected Windows messaging channel, also known as 'Shatter'. This allows an attacker to send a specially crafted message to a specific...

PT-2025-5803

Name of the Vulnerable Software and Affected Versions: Defense Platform Home Edition versions 3.9.51.x and earlier Description: The issue exists due to an unprotected Windows messaging channel, also known as 'Shatter'. If an attacker sends a specially crafted message to the specific process of th...

OracleVM 3.4 : xen (OVMSA-2019-0054)

The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=a3ec6768f487946b7316364bc9bd17ce4d752af5 - BUILDINFO: QEMU upstream...

MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (8)

No description provided by source. source: http://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely affects almost every Win32 window-based...

MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (5)

No description provided by source. source: http://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely affects almost every Win32 window-based...

MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (7)

No description provided by source. source: http://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely affects almost every Win32 window-based...

MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (4)

No description provided by source. source: http://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely affects almost every Win32 window-based...

Team SHATTER Security Advisory: Elevated roles through DBCC

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Elevated roles through DBCC Risk Level: High Affected versions: Sybase ASE 15.0, 15.5, 15.7 Remote exploitable: No Credits: This vulnerability was discovered and researched by Martin Rakhmanov of Application...

Team SHATTER Security Advisory: Multiple SQL Injection in Oracle Enterprise Manager (SQL Tunning Sets components)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Multiple SQL Injection in Oracle Enterprise Manager SQL Tunning Sets components. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.3 and previous patchsets Remote...

Oracle Enterprise Manager SQL injection Vulnerability

Exploit for jsp platform in category web applications -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory SQL Injection in Oracle Enterprise Manager compareWizFirstConfig web page. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control...

Kaspersky Antivirus privilege escalation

Antivirus windows is vulnerable to shatter attack...

Command injection

The ListView control in the Client GUI AClient.exe in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to 1 overwrite the CommandLine...

CVE-2008-6827

The ListView control in the Client GUI AClient.exe in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to 1 overwrite the CommandLine...

PT-2009-2296 · Symantec +1 · Symantec Altiris Deployment Solution +1

Name of the Vulnerable Software and Affected Versions: Symantec Altiris Deployment Solution versions prior to 6.9.355 SP1 Description: The issue allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack. This attack targets the CommandLine parameter ...

Oracle 10g SYS.LT.MERGEWORKSPACE SQL Injection Exploit

// /Oracle 10g SYS.LT.MERGEWORKSPACE SQL Injection Exploit/ /grant DBA and create new OS user java/ // /exploit grant DBA to scott/ /and execute OS command "net user"/ /using java procedures / // /tested on oracle 10.1.0.5.0/ // // / Date of Public EXPLOIT: January 6, 2009 / / Written by: Alexand...