Micro Focus (HPE) Data Protector - SUID Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Micro Focus HPE Data Protector SUID Privilege Escalation', 'Description' = %q This module exploits the trusted $PATH environment variable of the...

Micro Focus (HPE) Data Protector SUID Privilege Escalation Exploit

This Metasploit module exploits the trusted $PATH environment variable of the SUID binary omniresolve in Micro Focus HPE Data Protector versions A.10.40 and below. The omniresolve executable calls the oracleasm binary using a relative path and the trusted environment $PATH, which allows an attack...

Micro Focus (HPE) Data Protector SUID Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Micro Focus HPE Data Protector SUID Privilege Escalation', 'Description' = %q This module exploits the trusted $PATH environment variable of the...

Firefox DNS over HTTPS (DoH) and Enterprise Threat Protector

Recursive DNS communications are normally unencrypted between a client and a resolver. In an effort to improve user privacy and address security concerns, Mozilla announced it would begin enabling DNS over HTTPS DoH by default in its Firefox browser. However, Mozilla recognized it would be...

CVE-2019-17668

Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector...

Code injection

Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector...

CVE-2019-17668

CVE-2019-17668 affects Samsung Galaxy S10 and Note10 devices. The vulnerability allows unlock operations using unregistered fingerprints in certain scenarios involving a third‑party screen protector, describing a flaw in the fingerprint authentication flow. The underlying root cause is not detail...

CVE-2019-17668

Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector...

Linux/ARM - Fork Bomb Shellcode (20 bytes)

Title: Linux/ARM - Fork Bomb Shellcode 20 bytes Category: Shellcode Tested: armv7l 32-bitRaspberry Pi 2 Model B OS: Raspbian Buster Lite Author: CJHackerz Description: This shellcode creates new processes in infinite loop to exhaust CPU resources leading to crash / Compilation instruction...

Micro Focus (HPE) Data Protector SUID Privilege Escalation

This module exploits the trusted $PATH environment variable of the SUID binary omniresolve in Micro Focus HPE Data Protector A.10.40 and prior. The omniresolve executable calls the oracleasm binary using a relative path and the trusted environment $PATH, which allows an attacker to execute a cust...

CVE-2019-11660

Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges...

CVE-2019-11660

Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges...

Code injection

Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges...

CVE-2019-11660

Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges...

CVE-2019-11660

CVE-2019-11660 affects Micro Focus Data Protector (versions 10.00–10.40). A low-privilege user can abuse the SUID binary omniresolve, which calls oracleasm via a relative path using a trusted PATH, to execute a custom binary with root privileges. Impact is local privilege escalation (affecting co...

CVE-2019-11660

Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges. Recent assessments: pbarry-r7 at November 20, 2019 3:15p...

PT-2019-12462 · Micro Focus · Hp Data Protector

Name of the Vulnerable Software and Affected Versions: Micro Focus Data Protector versions 10.00 through 10.40 Description: The issue allows for privileges manipulation, potentially enabling a low-privileged user to execute a custom binary with higher privileges. Recommendations: For versions 10....

DNS Protection: A "Must" in Security Solutions for any Company

Domain name system DNS services are often a point of vulnerability for businesses, so DNS security has become a growing concern for many of them. DNS is a critical element for all companies because it turns domain names into internet protocol IP addresses. Cyber criminals have been digging into D...

Linux/MIPS64 - Reverse (localhost:4444/TCP) Shell Shellcode (157 bytes)

/ Reverse shell shellcode for Linux MIPS64 mips64el Default port: tcp/4444 Host: localhost Date: August 19 - 2019 Author: Antonio de la Piedra Tested on: MIPS Malta - Linux debian-mips64el 4.9.0-3-5kc-malta Size: 157 bytes Compile with: gcc -fno-stack-protector -z execstack main.c -o main -g /...

java-1.8.0-openjdk security update

1:1.8.0.212.b04-1 - Remove additions to EXTRACFLAGS and EXTRACPPFLAGS which are now made by upstream. - Resolves: rhbz1693468 1:1.8.0.212.b04-1 - Add JDK-8223219 to avoid -fstack-protector overriding -fstack-protector-strong - Resolves: rhbz1693468 1:1.8.0.212.b04-0 - Update to...