543 | Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI |
Windows
Cryptographic issues |
Microsoft |
Tomer Peled |
Bug Bounty | 2023-01-25 | 2023-06-13 |
520 | Can%27t Wait to Shut You Down — Remote DoS Using Wininit.exe |
DoS
MS-RPC
Windows |
Microsoft |
Stiv Kupchik (@kupsul) |
Bug Bounty | 2023-01-31 | 2023-06-13 |
506 | Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 1 |
Local Privilege Escalation
Windows
Thick client |
Docker |
Eviatar Gerzi |
Bug Bounty | 2023-02-02 | 2023-06-13 |
487 | Post-Exploitation: Abusing the KeePass Plugin Cache |
Local Privilege escalation
Windows |
KeePass |
Kevin Minacori |
Bug Bounty | 2023-02-07 | 2023-06-13 |
470 | LocalPotato - When Swapping The Context Leads You To SYSTEM |
Windows
NTLM
Local Privilege Escalation |
Microsoft |
Andrea Pierini (@decoder_it) |
Bug Bounty | 2023-02-10 | 2023-06-13 |
453 | LPE via StorSvc |
Local Privilege Escalation
DLL Hijacking |
Microsoft (Windows) |
Antón Ortigueira (@antuache) |
Bug Bounty | 2023-02-13 | 2023-06-13 |
446 | Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day). |
RCE |
Microsoft (Windows) |
j00sean (@j00sean) |
Bug Bounty | 2023-02-15 | 2023-06-13 |
440 | EoP via Arbitrary File Write/Overwite in Group Policy Client “gpsvc” – CVE-2022-37955 |
Local Privilege Escalation |
Microsoft (Windows) |
ap (@decoder_it) |
Bug Bounty | 2023-02-16 | 2023-06-13 |
396 | From CVE-2022-33679 to Unauthenticated Kerberoasting |
Kerberos
MiTM
Local Privilege Escalation
Downgrade attack |
Microsoft (Windows) |
Trampas Howe (@trampashowe) |
Bug Bounty | 2023-02-25 | 2023-06-13 |
370 | Introducing Aladdin |
Insecure deserialization |
Microsoft (Windows) |
Lefteris Panos (@lefterispan) |
Bug Bounty | 2023-03-01 | 2023-06-13 |
300 | AD Security Research: Breaking Trust Transitivity |
Active Directory Privilege Escalation |
Microsoft (Windows) |
Charlie Clark (@exploitph) |
Bug Bounty | 2023-03-14 | 2023-06-13 |
287 | Bypassing PPL in Userland (again) |
Kernel hacking
PPL bypass |
Microsoft (Windows) |
Clément Labro (@itm4n) |
Bug Bounty | 2023-03-17 | 2023-06-13 |
276 | Windows Installer EOP (CVE-2023-21800) |
Local Privilege Escalation |
Microsoft (Windows) |
Adrian Denkiewicz |
Bug Bounty | 2023-03-21 | 2023-06-13 |
242 | Protected Users: you thought you were safe uh? |
Active Directory
Kerberos
NTLM
Internal pentest |
Microsoft (Windows) |
Aurélien CHALOT (@Defte_) |
Bug Bounty | 2023-03-31 | 2023-06-13 |
228 | Windows Task Scheduler Application, Version 19044.1706 Advisory |
Unquoted search path
Local Privilege Escalation |
Microsoft (Windows) |
Ben Lincoln (@0x00C651E0) |
Bug Bounty | 2023-04-04 | 2023-06-13 |
221 | Escaping Adobe Sandbox: Exploiting an Integer Overflow in Microsoft Windows Crypto Provider |
Integer overflow
Memory corruption |
Microsoft |
Michele Campa (@s1ckb017) |
Bug Bounty | 2023-04-06 | 2023-06-13 |
146 | Privilege Escalation in Microsoft Windows |
Local Privilege Escalation |
Microsoft (Windows) |
Tobias Neitzel (@qtc_de) |
Bug Bounty | 2023-04-28 | 2023-06-13 |
134 | CVE-2023-28231: RCE In The Microsoft Windows DHCPv6 Service |
RCE
Buffer Overflow
Memory corruption |
Microsoft (Windows) |
Guy Lederfein (@glederfein) |
Bug Bounty | 2023-05-02 | 2023-06-13 |
127 | The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component |
Out-of-bounds Read
Memory corruption |
Microsoft (Windows) |
Bing Sun |
Bug Bounty | 2023-05-03 | 2023-06-13 |
105 | From One Vulnerability to Another: Outlook Patch Analysis Reveals Important Flaw in Windows API |
Privilege escalation
NTLM |
Microsoft (Outlook) |
Ben Barnea (@nachoskrnl) |
Bug Bounty | 2023-05-10 | 2023-06-13 |
81 | DLL Hijacking Strikes Back: Exploiting Windows on ARM RDP Client (CVE-2023-24905) |
DLL Hijacking
Local Privilege Escalation |
Microsoft (Windows) |
Dor Dali |
Bug Bounty | 2023-05-17 | 2023-06-13 |
52 | Exploring Three Remote Code Execution Vulnerabilities in RPC Runtime |
RCE
MS-RPC
Integer overflow
Memory corruption |
Microsoft (Windows) |
Ben Barnea (@nachoskrnl) |
Bug Bounty | 2023-05-26 | 2023-06-13 |
36 | CVE-2023-24941: Microsoft Network File System Remote Code Execution |
RCE
NFS |
Microsoft (Windows) |
Quinton Crist |
Bug Bounty | 2023-06-01 | 2023-06-13 |