Netfilter nft_set_elem_init Heap Overflow Privilege Escalation Exploit

An issue was discovered in the Linux kernel through version 5.18.9. A type confusion bug in nftseteleminit leading to a buffer overflow could be used by a local attacker to escalate privileges. The attacker can obtain root access, but must start with an unprivileged user namespace to obtain...

Netfilter nft_set_elem_init Heap Overflow Privilege Escalation

frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netfilter nftseteleminit Heap Overflow Privilege Escalation', 'Description' = %q An issue was discovered in the Linux...

Exploit for Type Confusion in Linux Linux_Kernel

CVE-2022-34918 LPE PoC LPE exploit for CVE-2022-34918. This e...

Geutebruck instantrec Remote Command Execution

This module exploits a buffer overflow within the 'action' parameter of the /uapi-cgi/instantrec.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions == 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5...

Geutebruck instantrec Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Geutebruck instantrec Remote Command Execution', 'Description' = %q This module exploits a buffer overflow within the 'action' parameter of the...

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages...

Geutebruck testaction.cgi Remote Command Execution Exploit

This Metasploit module exploits an authenticated arbitrary command execution vulnerability within the 'server' GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions 'Geutebruck...

Digium Asterisk GUI

CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Digium Equipment: Asterisk GUI Vulnerability: Improper Neutralization of Special Elements used in an OS Command AFFECTED PRODUCTS The following versions of Asterisk GUI, a framework for configuring graphical user...