PT-2026-44089

pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap memory proportional to n devices, a count derived from libxml2 XPath evaluation of the config file, without first enforcing an upper bound. On 32-bit targets armv7l, i686 -...

Service Upstart Persistence

This module will create a service on the box, and mark it for auto-restart. We need enough access to write service files and potentially restart services Targets: CentOS 6 Fedora = 9, = 9.10, use exploit/linux/persistence/initupstart msf exploitinitupstart show targets ...targets... msf...

Malicious code in github.com/shallowmulti/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 25d0e55a48f82ab8ddd5e90d258c133505fa7fea03b775c1987e0dd7f9453f08 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

Exploit for Incorrect Comparison in Dynamic-Linq Linq

Dynamic Linq injection to RCE - CVE-2023-32571 About Dynami...

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ This exploit...

New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal

An analysis of the Linux variant of a new ransomware strain called BlackSuit has covered significant similarities with another ransomware family called Royal. Trend Micro, which examined an x64 VMware ESXi version targeting Linux machines, said it identified an "extremely high degree of similarit...

IBM Aspera Faspex YAML deserialization

Added: 04/13/2023 Background IBM Aspera Faspex is a centralized, high-speed transfer solution using the FASP protocol. Problem A YAML deserialization vulnerability allows remote attackers to execute arbitrary commands by sending a POST request for relaypackage with specially crafted JSON content...

Target Credential Status by Authentication Protocol - Valid Credentials Provided

Nessus was able to determine that valid credentials were provided for an authentication protocol available on the remote target because it was able to successfully authenticate directly to the remote target using that authentication protocol at least once. Authentication was successful because th...

Target Credential Issues by Authentication Protocol - No Issues Found

Valid credentials were provided for an authentication protocol on the remote target and Nessus did not log any subsequent errors or failures for the authentication protocol. When possible, Nessus tracks errors or failures related to otherwise valid credentials in order to highlight issues that ma...

Target Credential Status by Authentication Protocol - Failure for Provided Credentials

Nessus failed to successfully authenticate directly to the remote target on an available authentication protocol. Nessus was able to connect to the remote port and identify that the service running on the port supports an authentication protocol, but Nessus failed to authenticate to the remote...

ManageEngine ServiceDesk Plus Arbitrary File Upload

This module exploits a file upload vulnerability in ManageEngine ServiceDesk Plus. The vulnerability exists in the FileUploader servlet which accepts unauthenticated file uploads. This module has been tested successfully on versions v9 b9000 - b9102 in Windows and Linux. The MSP versions do not...

Knox Arkeia Server Backup 5.3.x Remote Root Exploit

No description provided by source. / Knox Arkiea Server Backup arkiead local/remote root exploit Targets for Redhat 7.2/8.0, Win2k SP2/SP3/SP4, WinXP SP1, Win 2003 EE Works up to current version 5.3.x --------------- Linux x86: ./arksink2 arkeiahost targettype display Exports an xterm to the box ...

Monit 4.2 - Basic Authentication Remote Code Execution

/ THE EYE ON SECURITY RESEARCH GROUP - INDIA http://www.eos-india.net/poc/305monit.c Remote Root Exploit for Monit linuxmailorg - Abhisek Datta abhisekfrontru 06.04.2004 http://www.eos-india.net New Targets : RedHat 9 Fedora Core 2 Slackware 8.1 Update Code :...

Tolis Group BRU 17.0 - Local Privilege Escalation (1)

// source: https://www.securityfocus.com/bid/8215/info It has been reported that BRU may not properly parse commandline arguments, potentially leading to at least two vectors of exploitation. It may be possible for local attackers to conduct format string-based attacks as well as buffer...

Tolis Group BRU 17.0 - Local Privilege Escalation (1)

Tolis Group BRU 17.0 - Local Privilege Escalation 1 // source: https://www.securityfocus.com/bid/8215/info It has been reported that BRU may not properly parse commandline arguments, potentially leading to at least two vectors of exploitation. It may be possible for local attackers to conduct...

Apache mod_ssl OpenSSL 0.9.6d 0.9.7-beta2 - openssl-too-open.c SSL2 KEY_ARG Overflow

Apache modssl OpenSSL 0.9.6d 0.9.7-beta2 - openssl-too-open.c SSL2 KEYARG Overflow / openssl-too-open.c - OpenSSL remote exploit Spawns a nobody/apache shell on Apache, root on other servers. by Solar Eclipse Thanks to Core, HD Moore, Zillion, Dvorak and Black Berry for their help. This code or a...