Lucene search
K

8 matches found

Rapid7 Blog
Rapid7 Blog
added 2021/07/30 6:4 p.m.314 views

Metasploit Wrap-Up

New Olympic Discipline: Hive Hunting This week, community contributor Hakyac added a new Olympic discipline to Metasploit exploit sport category, which is based on the work of community security researchers @jonasLyk and Kevin Beaumont. The rules are simple: You need to abuse a flaw in Windows 10...

8.3CVSS0.6AI score0.88158EPSS
Exploits36
Packet Storm
Packet Storm
added 2021/07/30 12:0 a.m.298 views

Pi-Hole Remove Commands Linux Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pi-Hole Remove Commands Linux Priv Esc', 'Description' = %q Pi-Hole versions 3.0 - 5.3 allows for command line input to the removecustomcname,...

7.8CVSS0.8AI score0.01863EPSS
Exploits4
0day.today
0day.today
added 2021/07/30 12:0 a.m.209 views

Pi-Hole Remove Commands Linux Privilege Escalation Exploit

Pi-Hole versions 3.0 through 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since...

7.8CVSS8.1AI score0.01863EPSS
Exploits4
Metasploit
Metasploit
added 2021/07/29 5:43 p.m.95 views

Pi-Hole Remove Commands Linux Priv Esc

Pi-Hole versions 3.0 - 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since www-data is...

7.8CVSS7.5AI score0.01863EPSS
Exploits4
Circl
Circl
added 2021/07/29 4:46 p.m.25 views

CVE-2021-29449

creationtimestamp| type| source ---|---|--- 2021-07-29 16:46:46+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/piholeremovecommandslpe.rb 2021-09-21 04:42:01+00:00| seen| https://t.me/pwnwikizhchannel/807 2025-02-06 03:13:45+00:00| seen|...

7.8CVSS7.1AI score0.01863EPSS
Exploits4References3
OpenVAS
OpenVAS
added 2021/04/16 12:0 a.m.24 views

Pi-hole Core < 5.3 Multiple Privilege Escalation Vulnerabilities

Pi-hole Core is prone to multiple privilege escalation vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.8CVSS8.7AI score0.01863EPSS
Exploits4References2
OSV
OSV
added 2021/04/14 10:15 p.m.21 views

CVE-2021-29449

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details...

7.8CVSS7.5AI score
Exploits0References3
CVE
CVE
added 2021/04/14 10:5 p.m.117 views

CVE-2021-29449

Pi-hole core up to 5.3 is affected by multiple privilege-escalation vulnerabilities. The root cause is improper validation of command-line parameters passed to sed in removecustomcname, removecustomdns, and removestaticdhcp, which can be exploited when executed as the www-data user in the sudoers...

7.8CVSS7.5AI score0.01863EPSS
Exploits4References3Affected Software1
Rows per page
Query Builder