325 matches found
Arq 5.10 - Local Privilege Escalation (2)
Arq 5.10 - Local Privilege Escalation 2 !/bin/bash Arq payload.sh EOF !/bin/bash rm -rf $HOME/.arq510privescexp while : do pid=\ps auxwww |grep '$app/Contents/MacOS/Arq' |grep -v grep |xargs \ |cut -d ' ' -f2\ if "$pid" != "" ; then kill -9 $pid...
Fixing the Meltdown and Spectre vulnerabilities
Two days ago, Graz University of Technology published a paper describing a pair of attacks on common microprocessors. The underlying vulnerability affects Intel, AMD, and ARM processors. All contemporary microprocessors pre-execute instructions. In other words, the vulnerability bypasses address...
Signature Auto Update Feature of Application Firewall
The Signature Auto Update functionality in Application Firewall allows the user to get the latest signatures to protect against the new vulnerabilities, thereby providing better protection without the need for ongoing manual intervention to get the latest updates. The signatures are auto updated ...
BSA-2017-398
Security Advisory ID : BSA-2017-398 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromis...
Citrix Receiver Updates Troubleshooting Guide
This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the...
CVE-2017-10125
Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly...
CVE-2017-10125
CVE-2017-10125 is described in the initial document as a vulnerability in the Oracle Java SE Deployment component affecting Java SE 7u141 and 8u131. The impact is stated as potentially allowing takeover of Java SE, with CVSS 3.0/3.1 metrics indicating a physical access prerequisite (HPC: PHYSICAL...
CVE-2017-10125
Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly...
WordPress Companion Auto Update plugin <=2.9.3 - Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerabilities
WordPress Companion Auto Update plugin Cross-Site Request Forgery CSRF and Cross-Site Scripting XSS vulnerability. The CSRF occurs when you try to change the plugin’s settings. There's no nonce to validate the request. The XSS vulnerability appears for "Email address" input field, the output is n...
Dell Customer Connect 1.3.28.0 Privilege Escalation
Exploit Dell Customer Connect 1.3.28.0 Privilege Escalation Date: 25.04.2017 Software Link: http://www.dell.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1. Description DCCService.exe is running on autostart as...
Dell Customer Connect 1.3.28.0 - Local Privilege Escalation
Dell Customer Connect 1.3.28.0 - Local Privilege Escalation Exploit Dell Customer Connect 1.3.28.0 Privilege Escalation Date: 25.04.2017 Software Link: http://www.dell.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local...
Dell Customer Connect 1.3.28.0 Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits Exploit Dell Customer Connect 1.3.28.0 Privilege Escalation Date: 25.04.2017 Software Link: http://www.dell.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1...
Dell Customer Connect 1.3.28.0 - Local Privilege Escalation
Exploit Dell Customer Connect 1.3.28.0 Privilege Escalation Date: 25.04.2017 Software Link: http://www.dell.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1. Description DCCService.exe is running on autostart as...
PloitKit - The Hacker's ToolBox
PloitKit is a Python based GUI tool designed as one-stop for all other softwares. I was facing these kinds of problem, when I need to switch to different system, or I lost my pen-drive. I have to go to google, and search every tool and download every tool and so on. So I decided to create a tool,...
OpenElec 6.0.3 / 7.0.1 Code Execution Vulnerability
Exploit for linux platform in category local exploits During my research about update mechanisms of open-source software I discovered vulnerabilities in OpenElec. == OVERVIEW == System affected: OpenElec CVE: CVE-2017-6445 Vulnerable component: auto-update feature Software-Version: 6.0.3, 7.0.1...
OpenElec 6.0.3 / 7.0.1 Code Execution
During my research about update mechanisms of open-source software I discovered vulnerabilities in OpenElec. == OVERVIEW == System affected: OpenElec CVE: CVE-2017-6445 Vulnerable component: auto-update feature Software-Version: 6.0.3, 7.0.1 User-Interaction: Reboot required Impact: Remote Code...
CVE-2017-6445
The auto-update feature of Open Embedded Linux Entertainment Center OpenELEC 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely...
Design/Logic Flaw
The auto-update feature of Open Embedded Linux Entertainment Center OpenELEC 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely...
CVE-2017-6445
The auto-update feature of Open Embedded Linux Entertainment Center OpenELEC 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely...
CVE-2017-6445
The auto-update feature of Open Embedded Linux Entertainment Center OpenELEC 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely...