8 matches found
Metasploit Wrap-Up
New Olympic Discipline: Hive Hunting This week, community contributor Hakyac added a new Olympic discipline to Metasploit exploit sport category, which is based on the work of community security researchers @jonasLyk and Kevin Beaumont. The rules are simple: You need to abuse a flaw in Windows 10...
Pi-Hole Remove Commands Linux Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pi-Hole Remove Commands Linux Priv Esc', 'Description' = %q Pi-Hole versions 3.0 - 5.3 allows for command line input to the removecustomcname,...
Pi-Hole Remove Commands Linux Privilege Escalation Exploit
Pi-Hole versions 3.0 through 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since...
Pi-Hole Remove Commands Linux Priv Esc
Pi-Hole versions 3.0 - 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since www-data is...
CVE-2021-29449
creationtimestamp| type| source ---|---|--- 2021-07-29 16:46:46+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/piholeremovecommandslpe.rb 2021-09-21 04:42:01+00:00| seen| https://t.me/pwnwikizhchannel/807 2025-02-06 03:13:45+00:00| seen|...
Pi-hole Core < 5.3 Multiple Privilege Escalation Vulnerabilities
Pi-hole Core is prone to multiple privilege escalation vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2021-29449
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details...
CVE-2021-29449
Pi-hole core up to 5.3 is affected by multiple privilege-escalation vulnerabilities. The root cause is improper validation of command-line parameters passed to sed in removecustomcname, removecustomdns, and removestaticdhcp, which can be exploited when executed as the www-data user in the sudoers...