This Metasploit module exploits CVE-2020-0787, an arbitrary file move vulnerability in outdated versions of the Background Intelligent Transfer Service (BITS), to overwrite C:\Windows\System32\WindowsCoreDeviceInfo.dll with a malicious DLL containing the attacker's payload. To achieve code execution as the SYSTEM user, the Update Session Orchestrator service is then started, which will result in the malicious WindowsCoreDeviceInfo.dll being run with SYSTEM privileges due to a DLL hijacking issue within the Update Session Orchestrator Service. Note that presently this module only works on Windows 10 and Windows Server 2016 and later as the Update Session Orchestrator Service was only introduced in Windows 10. Note that only Windows 10 has been tested, so your mileage may vary on Windows Server 2016 and later.
881389db7516cd93002413a591d878987421d6e664f4be1ea349fe9d3d4000cf
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
8ac19e909bfd2ca54430773844f5e728f0d6f15e18091988e75c838b7343ca34
This is a proof of concept exploit that demonstrates the SMBleed remote kernel memory read vulnerability.
0af6adccbaa14f46fae84ec9b385edc67b8dfd138dd74de61102046328ddd506
This proof of concept exploits a pre-authentication remote code execution vulnerability by combining SMBleed with SMBGhost.
ccd8ef1a4d15dca93a5b578e4d4dbbcff2f63e8252444be08bccf20fe2d7a55d
124 bytes small ASLR deactivation polymorphic shellcode.
f35cfa4088dc8782ee00e5aec94711939df5ad8baab85cfcf1521e6a2ed57337
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. This tool checks for the vulnerability.
74417ee5e3a7179a22e86e5d705efe713b327750125d3e74e051f826677f640c
Red Hat Security Advisory 2020-2529-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Issues addressed include a deserialization vulnerability.
6ea8239ae1b0f8945b80aa7f592e1eb4821f3bd6dba7f94b7ba6dd99688023c6
Red Hat Security Advisory 2020-2530-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Issues addressed include a deserialization vulnerability.
3986f36b9e430d29eba185045adfc2f7f571b61c422bc68975c7ca7df03228f2
Red Hat Security Advisory 2020-2512-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass, cross site scripting, out of bounds read, and traversal vulnerabilities.
b48123594743d0a1863f693ce7f2c17d17d4ea017f6917ad39102d94f52cd13c
Red Hat Security Advisory 2020-2513-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass, cross site scripting, out of bounds read, and traversal vulnerabilities.
a2668962b6b2e043d309bf5d68dd0c0af147e2d10093c6c0608a0cf5de4d0536
Red Hat Security Advisory 2020-2524-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.
fbfa3ba2771ca3d2c3032055cbc5daf2cd75681af6e4354f70742b1030e2f63e
Red Hat Security Advisory 2020-2523-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.
5859bd4dc9842ce8ad71eb33e4bacf18fed875d7b192627c580c22fb4c19d266
Red Hat Security Advisory 2020-2521-01 - The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Issues addressed include an out of bounds read vulnerability.
1a7416767dac8336e19763430399c62f0935e1519c304477470867dc302004ac
Red Hat Security Advisory 2020-2522-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, double free, integer overflow, memory leak, null pointer, and use-after-free vulnerabilities.
e4e407d5d11456415fbd17c67e612fad4cfe0d3826d8690e6621a9db97576147
Red Hat Security Advisory 2020-2519-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include null pointer and use-after-free vulnerabilities.
6cfc0f58090649f9090185b8c992ea7ea3a4d17ae7494207f5a23d75df1ee10a
Red Hat Security Advisory 2020-2520-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an incorrect parsing vulnerability.
d87cfddcf612ac9bf22c26a297c9f8853a61ae1670bca335c161610a7d81e247
Red Hat Security Advisory 2020-2516-01 - The libexif packages provide a library for extracting extra information from image files. Issues addressed include buffer over-read, denial of service, and information leakage vulnerabilities.
ee1a32c1d2278327d43303d387c22a1abeab2f85a6e3bf9c19b247078ac3e55f
Ubuntu Security Notice 4385-2 - USN-4385-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Skylake family from booting successfully. Additionally, on Ubuntu 20.04 LTS, late loading of microcode was enabled, which could lead to system instability. This update reverts the microcode update for the Skylake processor family and disables the late loading option on Ubuntu 20.04 LTS. Please note that the 'dis_ucode_ldr' kernel command line option can be added in the boot menu to disable microcode loading for system recovery. Various other issues were also addressed.
7a5311fd9395be788d4e44d398fc8710567f10630e93a9fd8de402cbc949634b
Red Hat Security Advisory 2020-2515-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass, cross site scripting, out of bounds read, and traversal vulnerabilities.
1c85f7b1237e357aa3d0c7411dc4c64d3dd58bc597ba01c3db3c76df802c3dec
Red Hat Security Advisory 2020-2511-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass, cross site scripting, out of bounds read, and traversal vulnerabilities.
b742dea6ba4231ecf4c41851c05a9bf0158397a8034c4b4a7dd27933da9ab78e
Red Hat Security Advisory 2020-2508-01 - Expat is a C library for parsing XML documents. Issues addressed include buffer overflow and integer overflow vulnerabilities.
9a6d17df60036e1782ffc0e0407b2b4f72d76ef26f8cd29c1c5450d1f3a38fa0
Red Hat Security Advisory 2020-2505-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a buffer overflow vulnerability.
9af881c5b1f38db9041445864403af20a6329e9e571f98946b21abaa0d85dfa2
Red Hat Security Advisory 2020-2509-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.1 serves as a replacement for Red Hat JBoss Web Server 5.3.0, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
ec522dbde4e24e430dfeeda0dd7ff7293535495da966add56394d87e054d2c29
Red Hat Security Advisory 2020-2486-01 - The unzip utility is used to list, test, and extract files from zip archives. Issues addressed include a denial of service vulnerability.
67d45e37d3aca729a801c792b4314ef8504285430b33381e55939eaf735e3e70
Red Hat Security Advisory 2020-2506-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.1 serves as a replacement for Red Hat JBoss Web Server 5.3.0, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
a8ecd6fa2f10502b15c65a9331f1f580113eb942a43faddf5b1bd51c8f250c6b