CVE-2017-6900

An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to...

CVE-2019-19041

An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by...

Ubuntu 18.04 lxd Privilege Escalation

!/usr/bin/env bash ---------------------------------- Authors: Marcelo Vazquez S4vitar Victor Lasa vowkin ---------------------------------- Step 1: Download build-alpine = wget https://raw.githubusercontent.com/saghul/lxd-alpine-builder/master/build-alpine Attacker Machine Step 2: Build alpine =...

Malicious Package

destroyer-of-worlds is a malicious package. A malicious bash script resides in the package which will execute as a postinstall script. The script deletes system files and creates a large file, fork bomb and an endless loop in an attempt to crash the host...

Malicious Package

Overview The package destroyer-of-worlds contained malicious code. The package contained a bash script that was run as a postinstall script. The script deleted system files and attempted to exhaust resources by creating a large file, a fork bomb and an endless loop. The script targeted UNIX...

CVE-2019-9804

In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash o...

Immunity Canvas: SNAPD_UID_OVERWRITE

Name| snapduidoverwrite ---|--- CVE| CVE-2019-7304 Exploit Pack| CANVAS Description| snapduidoverwrite Notes| CVE Name: CVE-2019-7304 VENDOR: snapd team NOTES: The snapd service runs as an REST API using a Unix Domain Socket, is possible to send request when the uid is 0 root, the vulnerability i...

PRTG Network Monitor 18.2.38 - (Authenticated) Remote Code Execution

!/bin/bash echo -e "\n\e00;33m++ \e00m" echo -e "\e00;32m Authenticated PRTG network Monitor remote code execution \e00m" echo -e "\e00;33m++ \e00m" echo -e "\e00;32m Date: 11/03/2019 \e00m" echo -e "\e00;33m++ \e00m" echo -e "\e00;32m Author: https://github.com/M4LV0 [email protected]...

HT-WPS Breaker - High Touch WPS Breaker

High Touch WPS Breaker HT-WB is a small tool based on the bash script language, it can help you to extract the WPS pin of many vulnerable routers and get the password, in the last you want to notice that HT-WPS Breaker in its process is using these tools : "Piexiewps" "Reaver" "Bully" "Aircrack...

Exploit for OS Command Injection in Docker

RunC-CVE-2019-5736 Two PoCs for CVE-2019-5736. See Twistlock...

Apache CouchDB 2.3.0 Cross Site Request Forgery Vulnerability

Apache CouchDB version 2.3.0 suffers from cross site request forgery vulnerabilities providing there's a loose CORs policy. Exploit Title: Apache CouchDB 2.3.0 Cross Site Request Forgery Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link:...

Apache CouchDB 2.3.0 Cross Site Request Forgery

Exploit Title: Apache CouchDB 2.3.0 Cross Site Request Forgery Date: 21.12.2018 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.0 Introduction Apache CouchDB is open source database software that focuses on ease ...

Crypto currency mining machine using Elasticsearch vulnerability propagation-vulnerability warning-the black bar safety net

ElasticSearch is based on Lucene search server. It provides a distributed multi-user capability of the full-text search engine, based on the RESTful web interface. Elasticsearch is developed in Java, and as the Apache license under the terms of the open source release, is the current popular...

ImageMagick - Memory Leak

!/bin/bash help echo "Usage poc generator: basename $0 gen WIDTHxHEIGHT NAME.xbm minimal" echo " Example gen: basename $0 gen 512x512 poc.xbm" echo "Usage result recovery: basename $0 recover SAVEDPREVIEW.png|jpeg|gif|etc" echo " Example recovery: basename $0 recover avatar.png" if "$1" == "-h" ;...

Swap Digger - Tool That Automates Swap Extraction And Searches For Linux User Credentials, Web Forms Credentials, Web Forms Emails, Http Basic Authentication, Wifi SSID And Keys, Etc

swapdigger is a bash script used to automate Linux swap analysis for post-exploitation or forensics purpose. It automates swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, HTTP basic authentication, WiFi SSID and keys, etc. Download and run the tool O...

Qutebrowser CSRF Vulnerability

qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access qute:// URLs. A malicious website could exploit this to load a qute://settings/set URL, which then sets editor.command to a bash script, resulting in arbitrary code execution...

Network-Attacker - WiFi Stress Testing Beacon Flooding & Deauthentication Attack

network-attacker V0.1 is a Wifi Stress Testing Bash Script Program Based on Mdk3 Beacon Flooding & Deauthentication Attack Created To Help Beginners And even Professionals For a eacon Flooding Or Deauthentication Attack On Networks Installation sudo apt-get install git sudo git clone...

Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild

It was only a matter of time before attacks were seen in the wild, and now it’s happened. A known threat actor has mounted a large cryptomining campaign using the recently disclosed Apache Struts 2 critical remote code-execution vulnerability. It uses a new malware designed for persistence and...

2016PilotOneClick

This is a collection of utilities and scripts to gain root access on a 2016 model Honda Pilot head unit and simplify the installation of third-party non-Honda apps. The scripts implement a dirtyCOW exploit to gain root access and use a bash script to automate the installation process. The scripts...

PYSEC-2018-27

qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution...