This proof of concept exploit is based on a vulnerability in the Cisco AnyConnect Secure Mobility Client. The vulnerability allows an attacker to elevate privileges by exploiting the install-dmg.sh script. The exploit creates a malicious DMG file and executes it with elevated privileges.
This module allows remote command execution on the w3tw0rk / Pitbul IRC Bot.
Refbase v 0.9.6 and earlier versions have an SQL injection vulnerability because of the insufficient validation when passing user supplied input to be passed to the database. The GET parameter 'where' is vulnerable to SQL injection despite being filtered by a custom function called extractWHEREclause() it’s still can be bypassed to inject other queries.
The fix for CVE-2015-4211 is insufficient which allows a local application to elevate to local system through the CMainThread::launchDownloader command. The downloader loads a lot of DLLs from the executable directory first, so by copying the vpndownloader.exe file from Program Files to a temporary directory and dropping an appropriately named DLL one can get code execution as SYSTEM. Even if by luck the executable wasn’t vulnerable to DLL planting there’s many other potential issues, for example even though a lock is made on the executable file during signature verification it’s possible to use symbolic links to exploit this as a race condition and switch the executable file after verification has completed.
A remotely exploitable stack buffer overflow vulnerability exists in ThinApp container parsing. Kaspersky Antivirus (version 15 and 16) and other products using the Kaspersky Engine (such as ZoneAlarm) are affected. A proof of concept exploit is available at https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38287.zip
A buffer overflow vulnerability was discovered when fuzzing CHM files with Kaspersky Antivirus. The destination buffer was a fixed size stack buffer of 512 bytes, so if the input was larger than that, it would overflow the buffer.
A vulnerability was discovered in packed executables due to an integer overflow. The vulnerability occurs when an attacker is able to control the value of the index variable, which is then added to the base variable and a constant value of 0x400. If the bounds check fails, the attacker can read a byte from an arbitrary memory location.
A vulnerability was discovered in packed executables which could be used as an information leak as part of another bug. The vulnerability was found when the ExeCryptor unpacker was being used. The code was searching for a jmp opcode and trying to pull out the branch target, but was jumping to the wrong place.
This vulnerability occurs when a program attempts to write data beyond the boundaries of a fixed-length buffer. This can be exploited to corrupt memory and potentially execute arbitrary code.
Multiple pool buffer overflows can be triggered through the NtGdiStretchBlt system call. The attached PoC demonstrates a write overflow and another read over flow issue which is likely to be usable for memory leaks (enabled by uncommenting the first NtGdiStretchBlt call).
Services By CQR