Vulnerabilities
QNAP PhotoStation 5.2.4 and MusicStation 4.8.4 Authentication Bypass
$_COOKIE[STATIONSID] is not escaped.
10-05-2017
1 MIN READ
Vulnerabilities
Dell Customer Connect 1.3.28.0 Privilege Escalation
RunImpersonated() executes given function in the context of currently logged in user.
25-04-2017
3 MIN READ
Vulnerabilities
CyberGhost 6.0.4.2205 Privilege Escalation
CG6Service service has interesting method SetPeLauncherState which allows launch the debugger automatically for every process we want using Image File Execution Options
06-03-2017
1 MIN READ
Vulnerabilities
ShadeYouVPN.com Client v2.0.1.11 for Windows Privilege Escalation
ShadeYou service executes any file without any verification as SYSTEM user.
14-02-2017
1 MIN READ
Vulnerabilities
IVPN Client for Windows 2.6.6120.33863 Privilege Escalation
Inside GenerateConfiguration method there is bug which leads to comand injection
06-02-2017
1 MIN READ
Vulnerabilities
Viscosity for Windows 1.6.7 Privilege Escalation
Only files digitally signed by SparkLabs can use this pipe because of usage of new X509Certificate2. But it's possible to bypass this by injecting our DLL into Viscosity.exe.
30-01-2017
4 MIN READ
Vulnerabilities
WD My Cloud Mirror 2.11.153 RCE and Authentication Bypass
It's possible to execute arbitrary commands using login form because exec() function is used without using escapeshellarg() or escapeshellcmd().
24-01-2017
2 MIN READ
Vulnerabilities
SentryHD 02.01.12e Privilege Escalation
Using Execute Command File we can execute commands on Scheduled system shutdown and because UPSMan is running as SYSTEM we execute them as Priveleged user.
18-01-2017
1 MIN READ
From 0 to pentesting hero
Random vs SecureRandom
Every service that has a login mechanism should also have the option to reset the password. But how to do it right?
26-02-2019
2 MIN READ