Смотрите также связанные темы
08.02.2018 MS13-005 (win32k.sys) exploit POC
MS13-005 (win32k.sys) The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application. This security update is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT. For more information, see the subsection, Affected and Non-Affected Software, in this section. include <windows.h> #include <stdio.h> int main() { nbsp; STARTUPINFO si = {0}; nbsp; PROCESS_INFORMATION pi = {0}; nbsp; PC...
27.08.2018 CVE-2008-3851
Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a .. (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.html; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.html. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194.
16.10.2018 MS Windows XP/2003 AFD.sys Privilege Escalation Exploit (K-plugin)
Цель: Microsoft Windows XP/2003 Воздействие: Повышение привилегий
23.03.2018 CVE-2009-1046
The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "an off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries.
10.03.2018 CVE-2009-0083
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
12.06.2018 CVE-2012-0217
The User Mode Scheduler in the kernel in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 on the x64 platform does not properly handle system requests, which allows local users to gain privileges via a crafted application, aka "User Mode Scheduler Memory Corruption Vulnerability."
26.02.2018 Linux Kernel 3.x Privilege Escalation Exploit
#include <unistd.h> #include <sys/socket.h> #include <linux/netlink.h> #include <netinet/tcp.h> #include <errno.h> #include <linux/if.h> #include <linux/filter.h> #include <string.h> #include <stdio.h> #include <stdlib.h> #...
02.09.2018 Windows Vulnerabilities Prove a Popular Target for Cybercriminals in August
August saw a dramatic growth in malware targeting the Windows CVE-2010-2568 vulnerability according to Kaspersky Lab, who has just announced the publication of its Monthly Malware Statistics for August 2010
30.04.2018 Обход защиты от ROP в Windows 8
В Windows 8 было добавлено ряд нововведений, касающихся защиты от эксплоитов, включая защиту пользовательской кучи (userland heap) и кучи ядра (kernel heap), защиту от использования разыменований нулевого указателя в режиме ядра (kernel-mode) и защиту от неправильной эксплуатации таблиц указателей на виртуальные функции. Одно из нововведений связано с защитой от эксплоитов, использующих возвратно-ориентированное программирование (Return-oriented programming, ROP).
25.02.2018 CVE-2010-0705
Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
|
