CVE-2020-10867

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service AvastSvc.exe allows attackers to bypass intended access restrictions on tasks from an untrusted process, when Self Defense is enabled...

CVE-2020-10868

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service AvastSvc.exe allows attackers to launch the Repair App RPC call from a Low Integrity process...

CVE-2020-10864

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service AvastSvc.exe allows attackers to trigger a reboot via RPC from a Low Integrity process...

Code injection

When a device was changed while a stream was about to be destroyed, the stream-reinit task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird 68.6, Firefox 74, Firefox ESR68.6, and Firefox ESR...

Win2016LPE

Win2016LPE Windows10 & Windows Server 2016 LPE Exploit 利用 schedsvc!SchRpcSetSecurity 漏洞 目录说明 bin-x86 为支持Win10 x86系统的Bin bin-x64 为支持Win10 x64 、 Win2016系统的Bin Win2016LPE 为提权主程序 ALPC-TaskSched-LPE 漏洞利用DLL ExpDLL exploit dll 编译生成之后放置于ALPC-TaskSched-LPE\resource目录 更新历史 2018-09-28...

kafka: Connect REST API exposes plaintext secrets in tasks endpoint

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value,...

[SECURITY] Fedora 32 Update: ansible-2.9.6-1.fc32

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

CVE-2020-1738

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branch...

PYSEC-2020-10

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branch...

[SECURITY] Fedora 31 Update: ansible-2.9.6-1.fc31

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Moderate: Red Hat Bug Fix Advisory: Ansible 2.9.6 release for Ansible Engine 2.9

Ansible 2.9.6 release for Ansible Engine 2.9 Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in...

Privilege-Escalation-Tater

It is an offensive tool for Windows Privilege Escalation. The primary CVE ID is not present in the provided context, but it is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit. The target product/service or framework is Windows, and the vulnerability class/vector...

Security Bulletin: Privilege escalation vulnerability affects IBM® Db2® Administrative Task Scheduler (CVE-2018-1711).

Summary Db2 Administrative Task Scheduler ATS is vulnerable to a privilege escalation attack. A user with appropriate authorization can modify the contents of the control tables used by the ATS to permit unauthorized access to user data. Unauthorized access includes both access to authorizations...

Task Scheduler S4U Logon Elevation of Privilege

The windows task scheduler allows a split token administrator to register a task which runs as a batch job from a limited privilege context. This doesn’t require a user’s password to accomplish as the task will be run non-interactively and so doesn’t need access to the password in order to access...

Free Download: The Ultimate Security Pros' Checklist

You are a cybersecurity professional with the responsibility to keep your organization secured, you know your job chapter and verse, from high level reporting duties to the bits and bytes of what malware targeted your endpoints a week ago. But it's a lot to hold in one's mind, so to make your lif...

TaskManager-Button-Disabler - Simple Way To Disable/Rename Buttons From A Task Manager

Simple way to disable/rename buttons from a task manager. Installation git clone https://github.com/Mrakovic-ORG/TaskManager-Button-Disabler cd TaskManager-Button-Disabler\TaskManager Button Disabler dotnet build Features Rename kill proccess button Disable kill proccess button Works in TaskMgr,...

CVE-2020-0697

An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a specif...

Microsoft Office Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM. To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a...

Privilege Escalation

github.com/hashicorp/nomad is vulnerable to privilege escalation. The vulnerability exists as nomad improperly invokes the rawexec driver even if it was disabled on the client, allowing an authorized user to run a task with higher privileges...

Project-Black - Pentest/BugBounty Progress Control With Scanning Modules

Scope control, scope scanner and progress tracker for easier working on a bug bounty or pentest project. What is this tool for? The tools encourages more methodical work on pentest/bugbounty, tracking the progress and general scans information. It can launch masscan nmap dirsearch amass patator...