87 matches found
CVE-2025-63680
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...
EUVD-2005-1048
Malware in sbrugna...
EUVD-2021-12527
Malware in sbrugna...
Windows Escalate UAC Execute RunAs Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Execute RunAs', 'Description' = %q This module will attempt to elevate execution level using the ShellExecute undocumented...
Windows Escalate UAC Execute RunAs
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Execute RunAs', 'Description' = %q This module will attempt to elevate execution level using the ShellExecute undocumented...
Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)
Exploit Title: Microsoft Excel 365 MSO Version 2302 Build 16.0.16130.20186 64-bit - Remote Code Execution RCE Exploit Author: nu11secur1ty Date: 03.16.2023 Vendor: https://www.microsoft.com/en-us/microsoft-365/excel Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...
SUSE CVE-2021-25631
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...
OffensiveVBA - Code Execution And AV Evasion Methods For Macros In Office Documents
In preparation for a VBS AV Evasion Stream/Video I was doing some research for Office Macro code execution methods and evasion techniques. The list got longer and longer and I found no central place for offensive VBA templates - so this repo can be used for such. It is very far away from being...
CVE-2021-25631
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...
CVE-2021-25631
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...
CVE-2021-25631
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...
CVE-2021-25631
CVE-2021-25631 affects LibreOffice 7-1 (before 7.1.2) and 7-0 (before 7.0.5). The issue allows bypassing the denylist by manipulating a link so it no longer matches the denylist but triggers ShellExecute to launch an executable type, enabling arbitrary code execution under Windows. Affected produ...
CVE-2021-25631
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...
CVE-2021-25631
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...
ezEmu - Simple Execution Of Commands For Defensive Tuning/Research
ezEmu enables users to test adversary behaviors via various execution techniques. Sort of like an "offensive framework for blue teamers ", ezEmu does not have any networking/C2 capabilities and rather focuses on creating local test telemetry. Windows See /Linux for ELF ezEmu is compiled as...
.NET Partial-Trust bypass via browser command-line injection in System.Windows.Forms.Help
A command-line injection vulnerability exists in the core .NET class System.Windows.Forms.Help::ShowHelp function allowing an attacker without “UnmanagedCode” permission to nevertheless directly control arguments passed to a “ShellExecute” invocation of the users’ default browser. This...
TrendMicro Password Manager node.js Unsafe API Calls
When you install TrendMicro Antivirus on Windows, by default a component called Password Manager is also installed and automatically launched on startup. This product is primarily written in JavaScript with node.js, and opens multiple HTTP RPC ports for handling API requests. It took about 30...
Intel Processor Identification Utility 6.0.0211 Privilege Escalation Vulnerability
Intel® Processor Identification Utility - Windows Version, version 6.0.0211 from 2019-02-11, available from via , and earlier versions 6.0. are vulnerable: in default installations of all supported versions of Windows really: Windows Vista and later, they allows arbitrary code execution WITH...
Intel Processor Identification Utility 6.0.0211 Privilege Escalation
Hi @ll, Intel® Processor Identification Utility - Windows Version, version 6.0.0211 from 2019-02-11, available from via , and earlier versions 6.0. are vulnerable: in default installations of all supported versions of Windows really: Windows Vista and later, they allows arbitrary code execution...
Microsoft Windows x64 – Privilege Escalation (UAC Protection Bypass printui.exe) Exploit
include include include include "resource.h" include include include define err -1 define dis 0 define def 1 define max 2 define BUFFER 8192 int CheckUac int ConsentAdmin; int EnableLua; DWORD BufferSize = BUFFER; RegGetValueHKEYLOCALMACHINE,...