Previously, the APC mechanism used to inject the agent in another process was done using an exe file written into the filesystem. This file could potentialy be detected with an AV. For this reason, its execution was changed to be from memory (using Impact's Dynamic Forking mechanism).
The Group Policy implementation in Microsoft Windows does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share.
A vulnerability in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to trigger buffer overflow.
This allows unprivileged local users to cause an invalid dereference in kernel mode, which produces a BSoD.
This allows unprivileged local users to cause an invalid dereference in kernel mode, which produces a BSoD.
Jenkins is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution.
This update adds proper CVE number, support for Jenkins with HTTPS enabled, and DNS channel support. It also extends on the supported platforms, improves IPv6 functionality and removes redundant code.
This update adds proper CVE number, support for Jenkins with HTTPS enabled, and DNS channel support. It also extends on the supported platforms, improves IPv6 functionality and removes redundant code.
The EnableNetwork method in the org.blueman.Mechanism D-Bus service of Blueman, a Bluetooth Manager, receives untrusted Python code provided by unprivileged users and evaluates it as root.
This can be leveraged by a local unprivileged attacker to gain root privileges.
This can be leveraged by a local unprivileged attacker to gain root privileges.
This module exploits a vulnerability in win32k.sys by calling to SetParent function with crafted parameters.
This module exploits a vulnerability in "atmfd.dll" Windows driver by loading a crafted OTF font.
This update adds support to "Low Integrity Level" bypass for "Windows 8.1" 32 bits by using a kernel memory leak (CVE-2015-2433).
This update adds support to "Low Integrity Level" bypass for "Windows 8.1" 32 bits by using a kernel memory leak (CVE-2015-2433).
This module exploits a vulnerability in Linux. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.
This module exploits a vulnerability in "atmfd.dll" Windows driver by loading a crafted OTF font.
This update adds support to "Low Integrity Level" bypass for "Windows 8.1" 64 bits and "Windows 2012" R2 by using a kernel memory leak (CVE-2015-2433).
Besides, this updates improves AV evasion.
This update adds support to "Low Integrity Level" bypass for "Windows 8.1" 64 bits and "Windows 2012" R2 by using a kernel memory leak (CVE-2015-2433).
Besides, this updates improves AV evasion.
This module exploits a COM Server-based Binary Planting vulnerability on Microsoft Word to deploy an agent.