Shell in the Ghost: Ghostscript CVE-2023-28879 writeup
Published on Tue 11 April 2023 by @sigabrt9
This write-up details how CVE-2023-28879 - an RCE in Ghostscript - was found and exploited. Due to the prevalence of Ghostscript in PostScript processing, this vulnerability may be reachable in many applications that process images or PDF files (think ImageMagick, PIL, etc.), making this an important one to patch and look out for.
DisplayLink USB Graphics Software arbitrary file write Elevation of Privilege
Published on Wed 01 July 2020 by Yannick Méheut
Due to overpermissive access rights on a logging folder, the DisplayLink USB Graphics software can be abused to perform privileged file operations, such as arbitrary file creation. This can be exploited, e.g. via DLL hijacking on the privileged DisplayLink process, to obtain SYSTEM privileges on the local machine.
Playing with GZIP: RCE in GLPI (CVE-2020-11060)
Published on Tue 12 May 2020 by myst404 (@myst404_)
GLPI is vulnerable to a Remote Code Execution (RCE) via the backup feature (CVE-2020-11060).
Multiple vulnerabilities in GLPI
Published on Tue 12 May 2020 by myst404 (@myst404_)
Multiple vulnerabilities affect GLPI (CVE-2020-5248, CVE-2020-11034, CVE-2020-11035, CVE-2020-11036 and CVE-2020-11062), including static key used to encrypt sensitive data, Open Redirect, and several XSS.
Windows Error Reporting Manager arbitrary file move Elevation of Privilege (CVE-2019-1315)
Published on Tue 08 October 2019 by @clavoillotte
The privileged file operations performed by the Windows Error Reporting service on user-writable files can be abused to rename/move arbitrary files with SYSTEM privileges. This can be used by an unprivileged user to obtain SYSTEM privileges.
Osquery for Windows access right misconfiguration Elevation of Privilege (CVE-2019-3567)
Published on Tue 04 June 2019 by @clavoillotte
An access right misconfiguration in Osquery for Windows can be abused to load run arbitrary programs or load arbitrary DLLs. This can be used by an unprivileged user to obtain SYSTEM privileges on the local machine.
F-Secure SAFE arbitrary file copy Elevation of Privilege
Published on Wed 20 March 2019 by @clavoillotte
A privileged file copy performed by SAFE when an infected file is detected can be abused to overwrite an arbitrary file. This can be used by an unprivileged user to obtain SYSTEM privileges on the local machine.
McAfee Endpoint Security arbitrary file write Elevation of Privilege (CVE-2019-3582)
Published on Wed 20 March 2019 by @clavoillotte
The permissive access rights on logs and quarantine (files / folders and configuration), and the privileged file manipulation performed by McAfee Endpoint Security on these files can be abused to create or delete arbitrary files, or to create arbitrary registry keys. This can be used by an unprivileged user to obtain SYSTEM privileges on the local machine.
Pulse Secure client arbitrary file write Elevation of Privilege (CVE-2018-11002)
Published on Wed 20 March 2019 by @clavoillotte
The permissive access rights on log folder, files and shared memory section, as set by the Pulse Secure client’s logging service, can be abused to create arbitrary files with write access. This can be used by an unprivileged user to obtain SYSTEM privileges on the local machine.