53 matches found
Windows Escalate UAC Execute RunAs Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Execute RunAs', 'Description' = %q This module will attempt to elevate execution level using the ShellExecute undocumented...
Windows Escalate UAC Execute RunAs
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Execute RunAs', 'Description' = %q This module will attempt to elevate execution level using the ShellExecute undocumented...
Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)
Exploit Title: Microsoft Excel 365 MSO Version 2302 Build 16.0.16130.20186 64-bit - Remote Code Execution RCE Exploit Author: nu11secur1ty Date: 03.16.2023 Vendor: https://www.microsoft.com/en-us/microsoft-365/excel Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...
OffensiveVBA - Code Execution And AV Evasion Methods For Macros In Office Documents
In preparation for a VBS AV Evasion Stream/Video I was doing some research for Office Macro code execution methods and evasion techniques. The list got longer and longer and I found no central place for offensive VBA templates - so this repo can be used for such. It is very far away from being...
CVE-2021-25631
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...
CVE-2021-25631
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...
CVE-2021-25631
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...
CVE-2021-25631
CVE-2021-25631 affects LibreOffice 7-1 (before 7.1.2) and 7-0 (before 7.0.5). The issue allows bypassing the denylist by manipulating a link so it no longer matches the denylist but triggers ShellExecute to launch an executable type, enabling arbitrary code execution under Windows. Affected produ...
CVE-2021-25631
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...
CVE-2021-25631
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...
ezEmu - Simple Execution Of Commands For Defensive Tuning/Research
ezEmu enables users to test adversary behaviors via various execution techniques. Sort of like an "offensive framework for blue teamers ", ezEmu does not have any networking/C2 capabilities and rather focuses on creating local test telemetry. Windows See /Linux for ELF ezEmu is compiled as...
TrendMicro Password Manager node.js Unsafe API Calls
When you install TrendMicro Antivirus on Windows, by default a component called Password Manager is also installed and automatically launched on startup. This product is primarily written in JavaScript with node.js, and opens multiple HTTP RPC ports for handling API requests. It took about 30...
Intel Processor Identification Utility 6.0.0211 Privilege Escalation
Hi @ll, Intel® Processor Identification Utility - Windows Version, version 6.0.0211 from 2019-02-11, available from via , and earlier versions 6.0. are vulnerable: in default installations of all supported versions of Windows really: Windows Vista and later, they allows arbitrary code execution...
Intel Processor Identification Utility 6.0.0211 Privilege Escalation Vulnerability
Intel® Processor Identification Utility - Windows Version, version 6.0.0211 from 2019-02-11, available from via , and earlier versions 6.0. are vulnerable: in default installations of all supported versions of Windows really: Windows Vista and later, they allows arbitrary code execution WITH...
Microsoft Windows x64 – Privilege Escalation (UAC Protection Bypass printui.exe) Exploit
include include include include "resource.h" include include include define err -1 define dis 0 define def 1 define max 2 define BUFFER 8192 int CheckUac int ConsentAdmin; int EnableLua; DWORD BufferSize = BUFFER; RegGetValueHKEYLOCALMACHINE,...
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 10 UAC Protection Bypass Via Windows Store WSReset.exe', 'Description' = %q This module exploits a flaw in the WSReset.exe Windows Store...
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 10 UAC Protection Bypass Via Windows Store WSReset.exe', 'Description' = %q This module exploits a flaw in the WSReset.exe Windows Store...
EA Origin < 10.5.38 - Remote Code Execution Vulnerability
Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on: Windows 7, Windows 8, Windows 10 CVE :...
EA Origin 10.5.38 - Remote Code Execution
EA Origin 10.5.38 - Remote Code Execution Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on:...
EA Origin Remote Code Execution
Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on: Windows 7, Windows 8, Windows 10 CVE :...