OpenSSH 7.6p1 SCP Client - Multiple Vulnerabilities (SSHtranger Things) Exploit

Exploit Title: SSHtranger Things Exploit Author: Mark E. Haase Vendor Homepage: https://www.openssh.com/ Software Link: download link if available Version: OpenSSH 7.6p1 Tested on: Ubuntu 18.04.1 LTS CVE : CVE-2019-6111, CVE-2019-6110 ''' Title: SSHtranger Things Author: Mark E. Haase Homepage:...

Information Disclosure

github.com/opencontainers/runc is vulnerable to information disclosure attacks. These attacks are possible because a run exec command can be ptraced by the pid 1 of the container. Using this, it allows attackers to gain access to the file-descriptors of new processes during initialization. It may...

YARA libyara/exec.c file information disclosure vulnerability (CNVD-2019-32348)

YARA is a set of tools used to help software researchers identify and categorize malware samples. A security vulnerability exists in the libyara/exec.c file in YARA version 3.8.1. An attacker can exploit the vulnerability to obtain addresses in the real stack...

PT-2018-15182

Name of the Vulnerable Software and Affected Versions YARA version 3.8.1 Description The issue arises from the design of the YARA virtual machine, where bytecode in a specially crafted compiled rule can expose information about its environment. This occurs in the libyara/exec.c component...

KLA11884 Multiple vulnerability in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in...

CVE-2018-1840

CVE-2018-1840 affects IBM WebSphere Application Server (WAS) 8.5/9.0. The root cause is a privilege-escalation risk when a security domain uses a federated repository other than the global federated repository and the WAS version is migrated to a newer release. Affected products and versions appe...

ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.10), com.alibaba.blink:flink-hcatalog (>=blink-3.2.0 <=blink-3.7.0) +205 more potentially affected by CVE-2018-11777 via org.apache.hive:hive-exec (>=0.10.0 <=2.3.3)

org.apache.hive:hive-exec MAVEN version =0.10.0, =3.18.0.9, =blink-3.2.0, =5.0.0, =1.0.1-migration, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =0.60.0, =4.1.2-RELEASE, =1.0.1, =0.6, =0.6, =0.6, =0.7 and more Source cves: CVE-2018-11777 Source advisory: OSV:GHSA-RRFQ-G5FQ-FC9...

ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.10), com.amazon.emr:hive2-shims (>=5.0.0 <=5.6.0) +106 more potentially affected by CVE-2018-1284 via org.apache.hive:hive-exec (>=0.8.0 <=2.3.2)

org.apache.hive:hive-exec MAVEN version =0.8.0, =3.18.0.9, =5.0.0, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =4.1.2-RELEASE, =0.1.1, =4.0.0-preview22.0.1, =1.0.5, =0.1.5, =0.1.5, =0.3.3 and more Source cves: CVE-2018-1284 Source advisory: OSV:GHSA-RXMR-C9JM-7MM8...

com.amazon.emr:hive2-shims (>=5.0.0 <=5.6.0), com.boozallen.aissemble:extensions-data-delivery-spark (>=1.13.0-rc6 <=2.0.0) +56 more potentially affected by CVE-2018-1315 via org.apache.hive:hive-exec (>=2.1.0 <=2.3.2)

org.apache.hive:hive-exec MAVEN version =2.1.0, =5.0.0, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =4.1.2-RELEASE, =4.0.0-preview22.0.1, =5.6.0, =4.0.00.31.1-prerelease6, =4.0.0, =4.1.0, =4.2.0 and more Source cves: CVE-2018-1315 Source advisory: OSV:GHSA-P639-XXV5-J383...

com.alibaba.blink:flink-hcatalog (>=blink-3.2.0 <=blink-3.7.0), com.bazaarvoice.emodb:emodb-sor-hive (>=1.0.1-migration <=6.2.3) +85 more potentially affected by CVE-2014-0228 via org.apache.hive:hive-exec (>=0.10.0 <=0.13.0)

org.apache.hive:hive-exec MAVEN version =0.10.0, =blink-3.2.0, =1.0.1-migration, =0.60.0, =1.0.1, =0.6, =0.6, =0.6, =0.6, =1.11.2, =1.11.2, =1.11.9 and more Source cves: CVE-2014-0228 Source advisory: OSV:GHSA-W4X9-4F5X-8JJ8...

GHSA-38H8-X697-GH8Q Tmp files readable by other users in sync-exec

Affected versions of sync-exec use files located in /tmp/ to buffer command results before returning values. As /tmp/ is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via sync-exec under a higher privilege...

5aces-service-registry (=1.0.1), 5aces-service-root (>=1.0.1 <=1.0.3) +964 more potentially affected by CVE-2017-16024 via sync-exec (>=0.3.2 <=0.6.2)

sync-exec NPM version =0.3.2, =1.0.1, =3.0.0, =3.2.0, =1.0.0, =1.0.0, =1.0.0, =0.1.5, =2.3.5, =0.1.12-alpha.0, =0.0.2, =0.0.3 and more Source cves: CVE-2017-16024 Source advisory: OSV:GHSA-38H8-X697-GH8Q...

Tmp files readable by other users in sync-exec

Affected versions of sync-exec use files located in /tmp/ to buffer command results before returning values. As /tmp/ is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via sync-exec under a higher privilege...

Information Disclosure

hive-exec is vulnerable to an information disclosure.The library does not properly handle permissions of entities in an EXPLAIN operation, allowing a malicious user to use the operation to gain access to sensitive information in an arbitrary table, view, metadata or statistics...

exec-auto.com XSS vulnerability

Open Bug Bounty ID: OBB-692692 Description| Value ---|--- Affected Website:| exec-auto.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

zsh: Stack-based buffer overflow in exec.c:hashcmd()

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd function. A local attacker could exploit this to cause a denial of service...

PT-2018-14404 · Asuswrt Merlin · Merlin.Php

Name of the Vulnerable Software and Affected Versions: Merlin.PHP version 0.6.6 Description: An issue was discovered in the Merlin.PHP component for Asuswrt-Merlin devices, allowing an attacker to execute arbitrary commands due to a popen call in exec.php. The vendor notes that Merlin.PHP is...

Chrome OS /sbin/crash_reporter Symlink Traversal Vulnerability

Exploit for windows platform in category dos / poc Chrome OS: symlink traversal issue in /sbin/crashreporter Tested on: Version 69.0.3473.0 Official Build dev 64-bit CreateDirectoryWithSettings in https://chromium.googlesource.com/chromiumos/platform2/+/master/crash-reporter/crashcollector.cc107 ...

CVE-2018-0477

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...

CVE-2018-0481

The CVE-2018-0481 issue is a vulnerability in the Cisco IOS XE Software CLI parser that allows a locally authenticated attacker with privileged EXEC access to inject and run arbitrary commands as root on the device’s Linux shell. Root cause: improper sanitization of CLI command arguments, allowin...