GitKraken GitLens versions prior to 14.0.0 allow an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10.
b8273beeca3962657f6a9b1d3bfeafcc468090839b20a36ae8bb674024aa42cepgAdmin versions 8.3 and below have a path traversal vulnerability within their session management logic that can allow a pickled file to be loaded from an arbitrary location. This can be used to load a malicious, serialized Python object to execute code within the context of the target application. This exploit supports two techniques by which the payload can be loaded, depending on whether or not credentials are specified. If valid credentials are provided, Metasploit will login to pgAdmin and upload a payload object using pgAdmin's file management plugin. Once uploaded, this payload is executed via the path traversal before being deleted using the file management plugin. This technique works for both Linux and Windows targets. If no credentials are provided, Metasploit will start an SMB server and attempt to trigger loading the payload via a UNC path. This technique only works for Windows targets. For Windows 10 v1709 (Redstone 3) and later, it also requires that insecure outbound guest access be enabled. Tested on pgAdmin 8.3 on Linux, 7.7 on Linux, 7.0 on Linux, and 8.3 on Windows. The file management plugin underwent changes in the 6.x versions and therefore, pgAdmin versions below 7.0 cannot utilize the authenticated technique whereby a payload is uploaded.
841d670fe90193388942d1169f9624f5fb5ef8dcf21530ef2dc60444dccc5377Backdoor.Win32.Dumador.c malware suffers from a buffer overflow vulnerability.
32edf47bda897a0471a7ffbf6db742832e71820e9d55f2a6b95b5e7a897a6cc8The Windows Kernel suffers from a subkey list use-after-free vulnerability due to a mishandling of partial success in CmpAddSubKeyEx.
371f9505662bb6a768bb624f24a62e46fef4ad9feab889c6189fe75092e31989Trojan.Win32.Razy.abc malware suffers from an insecure permissions vulnerability.
f42f962b787317ec42e0f8896a6024f38f8e96776bcebf7c0600a7ee39d21c1fSUPERAntiSpyware Professional X versions 10.0.1264 and below suffer from a privilege escalation vulnerability via dll hijacking.
51e69d31c1c8fb597a06f072d218ce2b5cab6a6aa62de2abc66818247fc4d320Microsoft Windows version 10.0.17763.5458 kernel IOCTL privilege escalation exploit.
8707efbb61bde9a6bad7e9f41e2e2aa406ec325770b5e4cf2822308facf677cbWireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
46bd0f4474337144b30816fb2d8f14e72a26d0391f24fe0b7b619acdcdad8c0cWin32.STOP.Ransomware (smokeloader) malware suffers from both local and remote code execution vulnerabilities. The remote code execution can be achieved by leveraging a man-in-the-middle attack.
9740a4e0b25da98023aa4b00d3dc186e1ae19f18ff322ffbd1efa8acd634f49aRed Hat Security Advisory 2024-1325-03 - Red Hat JBoss Web Server 6.0.1 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include HTTP request smuggling, denial of service, and open redirection vulnerabilities.
540b7b318053beca6c43ca6421f58215e773d779e7565d7f8f9ce37a4534795fRed Hat Security Advisory 2024-1319-03 - Red Hat JBoss Web Server 5.7.8 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
deeb75081668151356b5819e0c3c816565bd06d4cde4092321e55c63446fff67This post details the story and technical details of the non-secure Hypervisor-Protected Code Integrity (HVCI) configuration vulnerability disclosed and fixed with the January 9th update on Windows. This vulnerability, CVE-2024-21305, allowed arbitrary kernel-mode code execution, effectively bypassing HVCI within the root partition.
9d64188a47060dad96a12b2b5fc06e5f3f52c1141722943d26696fa195cc355bBackdoor.Win32.Emegrab.b malware suffers from a buffer overflow vulnerability.
c0d8137645859e14608a0b7a84c3cadd70d3be3e7d59a937b20c600dbcc88162Backdoor.Win32.Beastdoor.oq malware suffers from a remote command execution vulnerability.
72378386669ae9759edcef742e72bbceb8bebb4fef342a5fb8f58cf8290dd75aRed Hat Security Advisory 2024-1203-03 - The components for Red Hat OpenShift for Windows Containers 9.0.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.
949fbe611112995312a21e905528d00484f0a440915ad36ba225e2cb84799929SumatraPDF version 3.5.2 suffers from a DLL hijacking vulnerability using CRYPTBASE.DLL. DLL hijacking in this version was already discovered by Ravishanka Silva in February of 2024 but the findings did not include this DLL.
b54fc4aa8aa9cd1b68c0fee0e8f8f071f44a503ec283e0947fb0c29cce53475aQognify VMS Client Viewer version 7.1 suffers from a local privilege escalation vulnerability via DLL hijacking.
fdb1bbc1d16c28cae32902f7d1fe190a3d993b678a937d26c6c7a57c07f09736Backdoor.Win32.Agent.amt malware suffers from bypass and code execution vulnerabilities.
b6b18194f2e689d34f31467983fac3c6ef3ca487f56d307bb7a3aba5b961cffdBackdoor.Win32.Jeemp.c malware suffers from a hardcoded credential vulnerability.
5e4ddaa4fb20fd54762a11e5e3b4f3336161f26cd683100a9b9009e19ba332e0Red Hat Security Advisory 2024-0954-03 - The components for Red Hat OpenShift for Windows Containers 10.15.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.
b30c62396fd2061eed0ac23a59b4a56c6bf20a79bab17aaa66538177c1f1e0e8Backdoor.Win32.AutoSpy.10 malware suffers from a remote command execution vulnerability.
01433d0ad222e5da0927202b151b19c29afd6ce5f59f4e0b3302a97ed91a29bbTosibox Key Service versions 3.3.0 and below suffer from an unquoted search path issue impacting the service Tosibox Key Service for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
7820f9f7d9af81913956c26707d4acc215ad499c129864227adf8ac1f2345e47Backdoor.Win32.Armageddon.r malware suffers from a hardcoded credential vulnerability.
a63aee2a17b2de0fd0b66bd203d4a2c97938d4d3f44312228c88c11909ae9131Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this post.
7ab1d57cbbb29f8168521971a747af06eab9ef184d9f61ee316413db3f71e0c9This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.
59fee3164e2fd340144dd80b39280328ebce07f8d7f86686261fc6d4a98c71eb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed