2272 matches found
LinEnum v0.6 - Scripted Local Linux Enumeration and Privilege Escalation Checks
LinEnum will automate many of the checks that I’ve documented in the Local Linux Enumeration & Privilege Escalation Cheatsheet. It’s a very basic shell script that performs over 65 checks, getting anything from kernel information to locating possible escalation points such as potentially useful...
SMBLoris Denial Of Service
There's a lot of talk about SMBLoris but nobody seems to have written a public efficient PoC yet, so I gave it a shot. A single instance takes down a fully patched Windows 10 Pro box with 8GiB of RAM in less than 10 seconds. I tried using Scapy initially, but it's dog slow, so I went with C. The...
Tenshi Elevation of Privilege Vulnerability
Tenshi is a log monitoring tool with the ability to view one or more logs. A security vulnerability exists in Tenshi version 0.15. A local attacker can exploit the vulnerability to terminate arbitrary processes...
Tinyproxy main.c File Denial of Service Vulnerability
Tinyproxy is a small HTTP proxy program available for Windows, Linux and Unix systems. A security vulnerability exists in the main.c file in Tinyproxy 1.8.4 and earlier versions. A local attacker can exploit this vulnerability to terminate arbitrary processes...
openssh: Leak of host private key material to privilege-separated child process via realloc()
It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information...
How Google Shrank The Android Attack Surface
LAS VEGAS—For Nick Kralevich, head of Android platform security at Google, there is no better barometer for success than finding out the market value for vulnerabilities on the OS he works to protect are among the highest paid for mobile. During a Black Hat session on hardening Android, Kralevich...
Tinyproxy < 1.10.0 DoS Vulnerability
Tinyproxy is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:banu:tinyproxy"; if...
Command injection
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command...
CVE-2017-11746
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command...
DEBIAN-CVE-2017-11746
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command...
CVE-2017-11746
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command...
CVE-2017-11747
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a...
CVE-2017-11746
CVE-2017-11746 affects Tenshi 0.15. The issue: tenshi.pid is created after dropping privileges to a non-root account, permitting a local attacker to kill arbitrary processes by modifying tenshi.pid before a root script issues a kill command. Impact: local privilege/escalation and process terminat...
CVE-2017-11746
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command...
CVE-2017-11747
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a...
Schneider Electric PowerSCADA Anywhere/Citect Anywhere Command Separator Improperity Vulnerability
PowerSCADA Anywhere is SCADA and power monitoring software.Citect is industrial automation operation and monitoring software. An improper command separator vulnerability exists in the implementation of PowerSCADA Anywhere 1.0 and Citect Anywhere version 1.0. An attacker in close network proximity...
Citrix SCOM MP for StoreFront causes high memory utilization on Windows Server 2008 R2
Citrix SCOM MP for StoreFront causes high memory usage as well as can spawn many cscript.exe and conhost.exe processes...
pyrasite - Inject code into running Python processes
Tools for injecting arbitrary code into running Python processes. Requirements gdb version 7.3+ or RHEL5+ On OS X you will need to have a codesigned gdb - see https://sourceware.org/gdb/wiki/BuildingOnDarwin if you get errors while running with --verbose which mention codesigning. Compatiblity...
Microsoft Edge browser vulnerability, which allows a hacker to gain access to processes in privileged context
The vulnerability of Microsoft Edge relates to improper access to objects in memory. Exploiting this vulnerability can allow a local attacker to gain control over processes from a privileged context...
The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of NVIDIA’s I2C HID driver for the Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary malicious code within the kernel context. This issue is considered “high” because it requires...