Lucene search
+L

156 matches found

zdt
zdt
added 2013/08/27 12:0 a.m.88 views

Mac OS X Sudo Password Bypass Vulnerability

This Metasploit module gains a session with root permissions on versions of OS X with sudo binary vulnerable to CVE-2013-1775. Tested working on Mac OS 10.7-10.8.4, and possibly lower versions. If your session belongs to a user with Administrative Privileges the user is in the sudoers file and is...

6.9CVSS7.9AI score0.03176EPSS
Exploits8
nessus
nessus
added 2012/07/18 12:0 a.m.17 views

Mac OS X Admin Group User List

Using the supplied credentials, Nessus was able to extract the member list of the 'Admin' and 'Wheel' groups. Members of these groups have administrative access to the remote system. TRUSTED...

5.8AI score
Exploits0
metasploit
metasploit
added 2011/12/04 7:44 p.m.46 views

Windows Gather Privileges Enumeration

This module will print if UAC is enabled, and if the current account is ADMIN enabled. It will also print UID, foreground SESSION ID, is SYSTEM status and current process PRIVILEGES. This module requires Metasploit: https://metasploit.com/download Current source:...

7AI score
Exploits0
exploitdb
exploitdb
added 2009/07/27 12:0 a.m.23 views

Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation

!/usr/bin/env python Adobe Acrobat v9.1.2 Local Privilege Escalation Exploit Coded By: DrIDE Discovered by: Nine:Situations:Group Tested On: Windows XP SP2, Requires NOS Package Installed Usage: python DrIDE-Adobe912.py import os, subprocess Should probably have a try block around this as not eve...

7AI score
Exploits0
atlassian
atlassian
added 2009/06/18 7:0 a.m.18 views

XSS vulnerability can be exploited on the WebDAV Configuration page

Steps: Go to WebDAV Configuration Enter 'alert"XSS"' Click on 'Add new regex' button The script will be executed. It will continue to be executed whenever a user clicks on the 'Save' button. This can be done by users in the confluence-admin group, so it could be used by them to gain access to...

1.6AI score
Exploits0Affected Software1
atlassian
atlassian
added 2009/01/28 9:58 p.m.19 views

Ability to grant Import/Export privileges to a group or a user

In our JIRA environment, we have several projects where each of the project admins uploads tasks from a CSV file into their respective project. Inorder for these project admins have the upload permissions, they need to be part of the JIRA System Administration group. This is unacceptable and is a...

1.3AI score
Exploits0Affected Software1
seebug
seebug
added 2007/03/22 12:0 a.m.35 views

Mercur Messaging 2005 IMAP (SUBSCRIBE) Remote Exploit (win2k SP4)

No description provided by source. !/usr/bin/python Remote exploit for the stack overflow vulnerability in Mercur Messaging 2005 SP3 IMAP service. The exploit was tested on windows 2000 server SP4 in a Vmware environment. At the time of overflow EBX points to our shellcode. However this buffer in...

7.1AI score
Exploits0
zdt
zdt
added 2007/03/21 12:0 a.m.24 views

Mercur Messaging 2005 IMAP (SUBSCRIBE) Remote Exploit (win2k SP4)

Exploit for unknown platform in category remote exploits ================================================================= Mercur Messaging 2005 IMAP SUBSCRIBE Remote Exploit win2k SP4 ================================================================= !/usr/bin/python Remote exploit for the stack...

7.1AI score
Exploits0
cvelist
cvelist
added 2007/01/31 2:0 a.m.21 views

CVE-2007-0467

crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/...

7.4AI score0.01745EPSS
Exploits2References10
securityvulns
securityvulns
added 2007/01/29 12:0 a.m.60 views

Mac OS X crashdump symbolic links security vulnerability

Symbolic links problem on creating dump file in user's home. Allows admin group user to escalate privileges to root...

6.2CVSS1.7AI score0.01745EPSS
Exploits2References1Affected Software1
prion
prion
added 2007/01/18 2:28 a.m.18 views

Code injection

The 1 Activity Monitor.app/Contents/Resources/pmTool, 2 Keychain Access.app/Contents/Resources/kcproxy, and 3 ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions writable by admin group, which allows local admin...

6.8CVSS7.1AI score0.00412EPSS
Exploits1References6Affected Software1
securityvulns
securityvulns
added 2007/01/16 12:0 a.m.61 views

MOAB-15-01-2007: Multiple Mac OS X Local Privilege Escalation Vulnerabilities

Summary Multiple binaries inside the /Applications directory tree are setuid root, but remain writable by users in the admin group ex. first user by default in a non-server Mac OS X installation, allowing privilege escalation. A malicious user can overwrite the binaries and perform a disk...

0.3AI score
Exploits0
seebug
seebug
added 2006/11/21 12:0 a.m.132 views

Kerio WebStar本地权限提升漏洞

Kerio WebSTAR是运行在Mac OS X平台上的WEB服务器。 Kerio WebSTAR在不安全的权限安装程序文件,本地攻击者可能利用此提升自己的权限。 在安装Kerio WebSTAR时/Applications中继承了两个setuid二进制程序: kevin-finisterres-computer:/Desktop kf$ find /Applications/Kerio\ WebSTAR -perm -4000 -ls 978790 3016 -rwsrwx--x 1 root admin 1542556 Apr 10 2006 /Applications/Kerio...

7AI score
Exploits0
zdt
zdt
added 2006/11/15 12:0 a.m.28 views

Kerio WebSTAR 5.4.2 (libucache.dylib) Privilege Escalation Exploit (OSX)

Exploit for macOS platform in category local exploits ======================================================================== Kerio WebSTAR 5.4.2 libucache.dylib Privilege Escalation Exploit OSX ======================================================================== !/usr/bin/perl...

6.8AI score
Exploits0
exploitdb
exploitdb
added 2006/11/15 12:0 a.m.33 views

Kerio WebSTAR 5.4.2 (OSX) - 'libucache.dylib' Local Privilege Escalation

!/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom you must have access to the webstar user or be in the admin group This is currently not patched... chmod -s your kerio binaries foreach $key keys %ENV delete $ENV$key; $tgts"0" = "kerio-webstar-5.4.2-mac.bi...

7.4AI score
Exploits0
cvelist
cvelist
added 2002/06/25 4:0 a.m.21 views

CVE-2001-1240

The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access...

6.9AI score0.0184EPSS
Exploits0References1
Rows per page
Query Builder