This exploit targets Sync Breeze Enterprise version 8.9.24. It allows an attacker to execute arbitrary code and gain NT AUTHORITYSYSTEM privileges on the target system. The exploit does not require authentication and can be used without a valid password. The payload size is 308 bytes.
This exploit targets Disk Pulse Enterprise 9.0.34 and allows an attacker to achieve NT AUTHORITYSYSTEM privileges without authentication. The exploit requires adjusting the IP address, shellcode, and bytes. It has been tested on Windows 7 x86 Enterprise SP1.
This is an exploit for the Windows Animated Cursor Stack Overflow Vulnerability. The vulnerability allows an attacker to execute arbitrary code by creating a specially crafted animated cursor file. This exploit takes advantage of the vulnerability to execute a reverse shell payload.
Windows Firewall Control lacks quotes in filepath, allowing a potential vector of privilege escalation attack. The local attacker can insert an executable file in the path of the service, which will be run with elevated privileges upon service restart or system reboot.
Netgear Genie installs a service called 'NETGEARGenieDaemon' with an unquoted service path running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
This exploit is related to the Microsoft GDI+ library, specifically in the handling of .ICO files. It involves an integer division by zero flaw, which can lead to a denial of service or potentially arbitrary code execution. The exploit is available in the provided link.
This module attempts to exploit a netfilter bug on Linux Kernels befoe 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions have to be met for successful exploitation: Ubuntu: 1. ip_tables.ko (ubuntu), iptable_raw (fedora) has to be loaded (root running iptables -L will do such) 2. libc6-dev-i386 (ubuntu), glibc-devel.i686 & libgcc.i686 (fedora) needs to be installed to compile Kernel 4.4.0-31-generic and newer are not vulnerable. We write the ascii files and compile on target instead of locally since metasm bombs for not having cdefs.h (even if locally installed)
RegLoadAppKey API allows loading of user specified hives without requiring administrator privileges. However, recursive enumeration can be used to enumerate loaded per-app hives, potentially leading to EoP. Immersive applications can read/write settings data from other running applications due to incorrect DACL for settings hive.
This exploit affects the viewer ywcvwr.dll with Yahoo Messenger. The latest version has been tested. The exploit leverages a fixed bug in the last post. The exploit allows an attacker to execute arbitrary code on the target system. The link to the exploit details can be found at http://www.informationweek.com/news/showArticle.jhtml?articleID=199901856.
The Anydesk installs as a service with an unquoted service path running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
Services By CQR