Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Win32k NtGdiResetDC Use-After-Free / Local Privilege Escalation: Win32k NtGdiResetDC Use-After-Free / Local Privilege Escalation ≈ Packet Storm

A use after free vulnerability exists in the NtGdiResetDC() function of Win32k which can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists due to the fact that this function calls hdcOpenDCW(), which performs a user mode callback. During this callback, attackers can call the NtGdiResetDC() function again with the same handle as before, which will result in the PDC object that is referenced by this handle being freed. The attacker can then replace the memory referenced by the handle with their own object, before passing execution back to the original NtGdiResetDC() call, which will now use the attacker's object without appropriate validation. This can then allow the attacker to manipulate the state of the kernel and, together with additional exploitation techniques, gain code execution as NT AUTHORITY\SYSTEM. This Metasploit module has been tested to work on Windows 10 x64 RS1 (build 14393) and RS5 (build 17763), however previous version...

Packet Storm
Open in Source
#vulnerability#mac#windows#microsoft#git
Microsoft OMI Management Interface Authentication Bypass

This Metasploit module demonstrates that by removing the authentication exchange, an attacker can issue requests to the local OMI management socket that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 (released September 8th 2021).

Dolibarr ERP / CRM 13.0.2 Remote Code Execution

Dolibarr ERP and CRM version 13.0.2 suffer from a remote code execution vulnerability.

Dolibarr ERP / CRM 13.0.2 Cross Site Scripting

Dolibarr ERP and CRM version 13.0.2 suffer from a persistent cross site scripting vulnerability.

AIoTS 4th Annual Workshop Call For Papers

The call for papers has been announced for the 4th international workshop in Artificial Intelligence and Industrial Internet-of-Things Security (AIoTS). It will be co-located with the ACNS2022 conference June 20 through the 23rd in Rome, Italy.

Employee Daily Task Management System 1.0 Cross Site Scripting

Employee Daily Task Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

Red Hat Security Advisory 2021-4593-04

Red Hat Security Advisory 2021-4593-04 - Annobin provides a compiler plugin to annotate and tools to examine compiled binary files.

Red Hat Security Advisory 2021-4589-03

Red Hat Security Advisory 2021-4589-03 - Annobin provides a compiler plugin to annotate and tools to examine compiled binary files.