11 - 2015 - :: Deepquest ::

>> Windows NtCreateLowBoxToken Handle Capture Local DoS/Elevation Of Privilege

USER: deepcore // 2015-11-03 // 0 CMT

The NtCreateLowBoxToken API allows the capture of arbitrary handles which can lead to to local denial of service or elevation of privilege.

[EXPLOIT]

>> Milton Webdav 2.7.0.1 XXE Injection

USER: deepcore // 2015-11-03 // 0 CMT

Milton Webdav version 2.7.0.1 suffers from an XXE injection vulnerability.

[EXPLOIT]

>> Python 2.7 strop.replace() Integer Overflow

USER: deepcore // 2015-11-03 // 0 CMT

Python version 2.7 strop.replace() method suffers from an integer overflow that can be exploited to write outside the bounds of the string buffer and potentially achieve code execution. The issue…

[EXPLOIT]

>> Python 2.7 array.fromstring Use After Free

USER: deepcore // 2015-11-03 // 0 CMT

Python 2.7 array.fromstring() method suffers from a use after free caused by unsafe realloc use. The issue is triggered when an array is concatenated to itself via fromstring() call.

[EXPLOIT]

>> Python 2.7 Hotshot pack_string Heap Buffer Overflow

USER: deepcore // 2015-11-03 // 0 CMT

Python version 2.7 hotshot module suffers from a heap buffer overflow due to a memcpy in the pack_string function at line 633.

[EXPLOIT]

>> Spetnik TCPing Utility 2.1.0 Buffer Overflow

USER: deepcore // 2015-11-03 // 0 CMT

If TCPing is called with an specially crafted CL argument it will cause an exception and overwrite the pointers to next SEH record and SEH handler with our buffer and…

[EXPLOIT]

>> actiTIME 2015.2 Privilege Escalation / Open Redirect

USER: deepcore // 2015-11-03 // 0 CMT

actiTIME 2015.2 suffers from multiple security vulnerabilities including open redirection, HTTP response splitting, and unquoted service path elevation of privilege.