16 matches found
Forticlient 5.2.3 Windows 10 x64 (Post Anniversary) - Privilege Escalation Exploit
Exploit for windows platform in category local exploits / Check these out: - https://www.coresecurity.com/system/files/publications/2016/05/Windows%20SMEP%20bypass%20U%3DS.pdf - https://labs.mwrinfosecurity.com/blog/a-tale-of-bitmaps/ Tested on: - Windows 10 Pro x64 Post-Anniversary - hal.dll:...
needle - The iOS Security Testing Framework
Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps. Description Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and...
FreeBSD : cassandra -- remote execution of arbitrary code (607f4d44-0158-11e5-8fda-002590263bf5)
Jake Luciani reports : Under its default configuration, Cassandra binds an unauthenticated JMX/RMI interface to all network interfaces. As RMI is an API for the transport and remote execution of serialized Java, anyone with access to this interface can execute arbitrary code as the running user...
[SECURITY ANNOUNCEMENT] CVE-2015-0225
CVE-2015-0225: Apache Cassandra remote execution of arbitrary code Severity: Important Vendor: The Apache Software Foundation Versions Affected: Cassandra 1.2.0 to 1.2.19 Cassandra 2.0.0 to 2.0.13 Cassandra 2.1.0 to 2.1.3 Description: Under its default configuration, Cassandra binds an...
Supermicro Onboard IPMI Port 49152 敏感文件泄露漏洞
关于 IPMI:智能平台管理接口 IPMI 是一种开放标准的硬件管理接口规格,定义了嵌入式管理子系统进行通信的特定方法。IPMI 信息通过基板管理控制器 BMC(位于 IPMI 规格的硬件组件上)进行交流。IPMI是智能型平台管理接口(Intelligent Platform Management Interface)的缩写,是管理基于...
Boat Browser 8.0 / 8.0.1 Remote Code Execution
CreatMalTxt POC - WebView var obj; function TestVulnerability temp="not"; var myObject = window; for var name in myObject if myObject.hasOwnPropertyname try temp=myObjectname.getClass.forName'java.lang.Runtime'.getMethod'getRuntime',null.invokenull,null; catche iftemp=="not"...
Debian DSA-2770-1 : torque - authentication bypass
John Fitzpatrick of MWR InfoSecurity discovered an authentication bypass vulnerability in torque, a PBS-derived batch processing queueing system. The torque authentication model revolves around the use of privileged ports. If a request is not made from a privileged port then it is assumed not to ...
[SECURITY] [DSA 2770-1] torque security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2770-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 09, 2013 http://www.debian.org/security/faq -...
SAP SOAP RFC - SXPG_COMMAND_EXECUTE Remote Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ This module is based on, inspired by, or is a port of a...
MPlayer SAMI Subtitle File Overflow
Added: 09/07/2011 BID: 49149 OSVDB: 74604 Background MPlayer is an open source media player with support for many operating systems. Problem MPlayer does not properly validate the contents of Synchronized Accessible Media Interchange SAMI caption files. If a video references a malformed SAMI file...
MPlayer - '.SAMI' Subtitle File Buffer Overflow (DEP Bypass) (Metasploit)
require 'msf/core' class MetasploitModule 'Mplayer SAMI Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in SMPlayer 0.6.9 Permanent DEP /AlwaysON. The overflow is triggered during the parsing of an overly long string found in a malicious SAMI subtitle...
IBM Lotus Domino iCalendar - MAILTO Buffer Overflow (Metasploit)
$Id: dominoicalendarorganizer.rb 12236 2011-04-04 17:43:34Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
[SECURITY] [DSA-2156-1] pcscd security update
------------------------------------------------------------------------ Debian Security Advisory DSA-2156-1 [email protected] http://www.debian.org/security/ Steve Kemp January 31, 2011 http://www.debian.org/security/faq -...
DSA-2156-1 pcsc-lite - buffer overflow
Bulletin has no description...
Flawed USB Sticks Can Be Used to Download Whatever Desired
UK security researchers MWR InfoSecurity have found a flaw in the driver software of USB sticks that could allow the technology to “interrogate” and download the complete content of any system. The company believes the use of such devices is only months away, and has shared its research with the...
Sagem Routers [email protected] Remote CSRF Exploit (dhcp hostname attack)
Exploit for hardware platform in category remote exploits ============================================================= Sagem Routers email protected Remote CSRF Exploit dhcp hostname attack ============================================================= !/usr/bin/env python OOO OOO OO OOO O O O O ...