Exploiting DLLs A guide to DLL Hijacking
Abstract As per the recent statistics available Windows still remains the most used operating system for digital devices. Almost 77% of the computers today run Windows operating system. With its GUI based implementation and ease of compatibility with most of the available software, Windows is…
Cleanly Escaping the Chrome Sandbox
This post will explain how we discovered and exploited Issue 1062091, a use-after-free (UAF) in the browser process leading to a sandbox escape in Google Chrome as well as Chromium-based Edge. Background Our goal is to make this post accessible to those unfamiliar with Chrome exploitation,…
CVE 2020-6418 Type confusion in V8 in Google Chrome prior to 80.0.3987.122
CVE-2020-6418 is a type confusion vulnerability in V8, Google Chrome’s open-source JavaScriptand WebAssembly engine. Vulnerability Description On February 25, security updates were released for Google Chrome and Microsoft Edge. The opensource JavaScript and WebAssembly engines in V8 in Google Chrome before 80.0.3987.122 andMicrosoft Edge browser…
Apache Tomcat RCE by deserialization (CVE-2020-9484) – write-up and exploit0
A few days ago, a new remote code execution vulnerability was disclosed for Apache Tomcat. Affected versions are: Apache Tomcat 10.x < 10.0.0-M5 Apache Tomcat 9.x < 9.0.35 Apache Tomcat 8.x < 8.5.55 Apache Tomcat 7.x < 7.0.104 In other words, all versions of tomcat…
Aggah: How to run a botnet without renting a Server (for more than a year)
Experts from Yoroi-Cybaze ZLab have spotted new attack attempts directed to some Italian companies operating in the Retail sector linked to Aggah campaign. Introduction During the last year, we constantly kept track of the Aggah campaigns. We started deepening inside the Roma225 Campaign and went on with the RG Campaign, contributing to the joint effort to…
Siemens SIPROTEC 5 and DIGSI 5 (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely; low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 5 and DIGSI 5 Vulnerabilities: Improper Input Validation 2 UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-190-05 Siemens SIPROTEC 5 and DIGSI 5 (Update A) that…
Vulnerability – Siemens SINAMICS
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINAMICS Image alt attributes: Images on this page do not have alt attributes that reflect the topic of your text. Add your keyphrase or synonyms to the alt tags of relevant images! Keyphrase…
Xorg X11 Server SUID modulepath Privilege Escalation
This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges…
PHP Laravel Framework Token Unserialize Remote Command Execution
This Metasploit module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x up to 5.6.29. Remote command execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header, due to an insecure unserialize call of the decrypt method in Illuminate/Encryption/Encrypter.php. Authentication is not…
Blue Prism Robotic Process Automation (RPA) Privilege Escalation
Blue Prism Robotic Process Automation (RPA) versions prior to 6.5.0.12573 suffer from a privilege escalation vulnerability. ———————————————————————— SySS Security Advisory: Blue Prism Robotic Process Automation (RPA) – Privilege Escalation ———————————————————————— Advisory ID: SYSS-2019-002 Product: Blue Prism Robotic Process Automation (RPA) Manufacturer: Blue Prism Affected Version(s):…
Stay connected