Subscribe via feed.
Archive for September, 2016

AnyDesk 2.5.0 Privilege Escalation

Posted by deepcore under exploit (No Respond)

AnyDesk version 2.5.0 unquoted service path suffers from a privilege escalation vulnerability.

Microsoft Windows RegLoadAppKey Privilege Elevation

Posted by deepcore under exploit (No Respond)

RegLoadAppKey is documented to load keys in a location which can’t be enumerated and also non-guessable. However it’s possible to enumerate loaded hives and find ones which can be written to which might lead to elevation of privilege.

TeemIp 2.0.2 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

TeemIp version 2.0.2 suffers from a cross site scripting vulnerability.

3GP Player 4.7.0 DLL Hijacking

Posted by deepcore under exploit (No Respond)

3GP Player version 4.7.0 suffers from a dll hijacking vulnerability.

Microsoft Windows NtLoadKeyEx User Hive Attachment Point Privilege Elevation

Posted by deepcore under exploit (No Respond)

The NtLoadKeyEx system call allows an unprivileged user to load registry hives outside of the RegistryA hidden attachment point which can be used to elevate privileges.

Adobe Flash Memory Freeing Crash

Posted by deepcore under exploit (No Respond)

There is a crash when the AVC decoder in Adobe Flash attempts to free memory, likely indicating memory corruption.

Kerberos Security Feature Bypass

Posted by deepcore under exploit (No Respond)

Kerberos in Microsoft Windows suffers from a security feature bypass vulnerability.

Wise Care 365 4.27 / Wise Disk Cleaner 9.29 Privilege Escalation

Posted by deepcore under exploit (No Respond)

Wise Care 365 version 4.27 and Wise Disk Cleaner version 9.29 suffer from an unquoted service path privilege escalation vulnerability.

RealEstate CMS 3.00.50 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

RealEstate CMS version 3.00.50 suffers from a cross site scripting vulnerability.

Zortam MP3 Media Studio 21.15 Privilege Escalation

Posted by deepcore under exploit (No Respond)

Zortam MP3 Studio version 21.15 suffers from an insecure file permission privilege escalation vulnerability.