From version 2.4.17 (Oct 9, 2015) to version 2.4.38 (Apr 1, 2019), Apache HTTP suffers from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call. The vulnerability is triggered when Apache gracefully restarts (apache2ctl graceful). In standard Linux configurations, the logrotate utility runs this command once a day, at 6:25AM, in order to reset log file handles
https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html
The vulnerability affects mod_prefork, mod_worker and mod_event. The following bug description, code walkthrough and exploit target mod_prefork
#exploit #vulnerability #apache
https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html
The vulnerability affects mod_prefork, mod_worker and mod_event. The following bug description, code walkthrough and exploit target mod_prefork
#exploit #vulnerability #apache
Analysis of CVE-2019-0708 (BlueKeep)
I held back this write-up until a proof of concept (PoC) was publicly available, as not to cause any harm. Now that there are multiple denial-of-service PoC on github, I’m posting my analysis.
https://www.malwaretech.com/2019/05/analysis-of-cve-2019-0708-bluekeep.html
#vulnerability #rdp #windows
I held back this write-up until a proof of concept (PoC) was publicly available, as not to cause any harm. Now that there are multiple denial-of-service PoC on github, I’m posting my analysis.
https://www.malwaretech.com/2019/05/analysis-of-cve-2019-0708-bluekeep.html
#vulnerability #rdp #windows
Malwaretech
Analysis of CVE-2019-0708 (BlueKeep) – MalwareTech
I held back this write-up until a proof of concept (PoC) was publicly available, as not to cause any harm. Now that there are multiple denial-of-service PoC on github, I’m posting my analysis.
Resource: Exploit Development Tutorials and Guides
I found this list in one of my documents and i decided to share it with you. I am looking for the reference of it since i forgot if i collected them by my self or i pasted them from a source. If i find a reference i will add it to this post.
https://www.peerlyst.com/posts/resource-exploit-development-tutorials-and-guides-chiheb-chebbi
#exploitation #vulnerability
I found this list in one of my documents and i decided to share it with you. I am looking for the reference of it since i forgot if i collected them by my self or i pasted them from a source. If i find a reference i will add it to this post.
https://www.peerlyst.com/posts/resource-exploit-development-tutorials-and-guides-chiheb-chebbi
#exploitation #vulnerability
CVE-2019-0752 (vbscript exploit)
Pop up a calculator - tested on non updated Internet Explorer 11 Windows 7-10 (a bit slow on win10)
https://github.com/smgorelik/Windows-RCE-exploits/tree/master/Web/VBScript
#windows #exploit #vulnerability
Pop up a calculator - tested on non updated Internet Explorer 11 Windows 7-10 (a bit slow on win10)
https://github.com/smgorelik/Windows-RCE-exploits/tree/master/Web/VBScript
#windows #exploit #vulnerability
GitHub
Windows-RCE-exploits/Web/VBScript at master · smgorelik/Windows-RCE-exploits
The exploit samples database is a repository for **RCE** (remote code execution) exploits and Proof-of-Concepts for **WINDOWS**, the samples are uploaded for education purposes for red and blue tea...
Case Study of JavaScript Engine Vulnerabilities
A collection of JavaScript engine CVEs with PoCs
https://github.com/tunz/js-vuln-db
#vulnerability #bugs #javascript #exploitation #poc
A collection of JavaScript engine CVEs with PoCs
https://github.com/tunz/js-vuln-db
#vulnerability #bugs #javascript #exploitation #poc
GitHub
GitHub - tunz/js-vuln-db: A collection of JavaScript engine CVEs with PoCs
A collection of JavaScript engine CVEs with PoCs. Contribute to tunz/js-vuln-db development by creating an account on GitHub.
CVE-2019-10392 — Yet Another 2k19 Authenticated Remote Command Execution in Jenkins
Two weeks ago I saw on GitHub a nice repository about pentesting Jenkins. I downloaded the latest alpine LTS build from Docker Hub and I started to play with it, ending up finding an authenticated Remote Command Execution by having an user with the Job\Configure (USE_ITEM) privilege.
https://iwantmore.pizza/posts/cve-2019-10392.html
#jenkins #rce #vulnerability
Two weeks ago I saw on GitHub a nice repository about pentesting Jenkins. I downloaded the latest alpine LTS build from Docker Hub and I started to play with it, ending up finding an authenticated Remote Command Execution by having an user with the Job\Configure (USE_ITEM) privilege.
https://iwantmore.pizza/posts/cve-2019-10392.html
#jenkins #rce #vulnerability
Oh, so you have an antivirus… name every bug
In this blog I will be disclosing about 8 0-day vulnerability and all of them are still unknow to the vendors, don’t expect those bugs to be working for more than a week or two cause probably they will release an emergency security patches to fix those bugs.
https://halove23.blogspot.com/2020/12/oh-so-you-have-antivirus-nameevery-bug.html
#windows #lpe #av #vulnerability
In this blog I will be disclosing about 8 0-day vulnerability and all of them are still unknow to the vendors, don’t expect those bugs to be working for more than a week or two cause probably they will release an emergency security patches to fix those bugs.
https://halove23.blogspot.com/2020/12/oh-so-you-have-antivirus-nameevery-bug.html
#windows #lpe #av #vulnerability