Apple macOS - IOHIDSystem Kernel Read/Write

Sources: https://siguza.github.io/IOHIDeous/ https://github.com/Siguza/IOHIDeous/ IOHIDeous A macOS kernel exploit based on an IOHIDFamily 0day. Write-up here: https://siguza.github.io/IOHIDeous/ Notice The prefetch timing attack I'm using for hid for some reason doesn't work on High Sierra 10.13...

Cambium cnPilot r200/r201 Command Execution as 'root'

Cambium cnPilot r200/r201 device software versions 4.2.3-R4 to 4.3.3-R4, contain an undocumented, backdoor 'root' shell. This shell is accessible via a specific url, to any authenticated user. The module uses this shell to execute arbitrary system commands as 'root'. This module requires...

CVE-2017-14380

In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin compadmin account user could exploit a vulnerability in isigetitrace or isigetprofile maintenance scripts to run any shell script as system root on a cluster in...

CVE-2017-12243

A vulnerability in the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The...

Command injection

A vulnerability in the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The...

CVE-2017-12243

A vulnerability in the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The...

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Command Injection Vulnerability

A vulnerability in the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device. The vulnerability is due to imprope...

MitraStar DSL-100HN-T1/GPT-2541GNAC Privilege Escalation

Exploit Title: Privilege escalation MitraStar routers Date: 28-10-2017 Exploit Author: j0lama Vendor Homepage: http://www.mitrastar.com/ Provider Homepage: https://www.movistar.com/ Models affected: MitraStar DSL-100HN-T1 and MitraStar GPT-2541GNAC HGU Software versions: ES113WJY0b16 DSL-100HN-T1...

CVE-2017-14329

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell...

Design/Logic Flaw

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process...

CVE-2017-14330

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process...

Design/Logic Flaw

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell...

CVE-2017-14329

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell...

CVE-2017-14329

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell...

CVE-2017-14329

The CVE-2017-14329 entry affects Extreme EXOS 16.x, 21.x, and 22.x. Multiple connected documents confirm an elevation-of-privilege issue that can yield a root shell via vectors involving an exsh debug shell. Impact is described as gaining root-level access on affected EXOS versions; the vulnerabi...

CVE-2017-14330

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process...

HashiCorp Vagrant VMware Fusion Plugin Local Root Vulnerability

HashiCorp Vagrant VMware Fusion plugin is a tool for building and managing virtual machine environments on VMware virtual machines developed by HashiCorp, USA. A security vulnerability exists in the insecure suid wrapper binary in HashiCorp Vagrant VMware Fusion plugin version 4.0.24 and earlier...

Linux Kernel 4.14.0-rc4+ - waitid() Privilege Escalation Exploit

Exploit for linux platform in category local exploits define GNUSOURCE include include include include include include include struct cred; struct taskstruct; typedef struct cred preparekernelcredt struct taskstruct daemon attributeregparm3; typedef int commitcredst struct cred new...

Extreme EXOS Elevation of Privilege Vulnerability

Extreme EXOS is a new generation modular switch operating system from Extreme Networks. An elevation of privilege vulnerability exists in Extreme EXOS versions 16.x, 21.x, and 22.x. The vulnerability can be exploited to obtain a root shell. An attacker can exploit this vulnerability to obtain a...

Extreme EXOS elevation of privilege vulnerability (CNVD-2017-32702)

Extreme EXOS is a new generation modular switch operating system from Extreme Networks. An elevation of privilege vulnerability exists in Extreme EXOS versions 16.x, 21.x, and 22.x. The vulnerability can be exploited to obtain a root shell. An attacker can exploit this vulnerability to obtain a...