RHEL 6 : python-pygments (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-pygments: Shell injection in FontManager.getnixfontpath CVE-2015-8557 Note that Nessus has not tested for th...

RHEL 6 : libsoup (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libsoup: Crash in soupcookiejar.c:getcookies on empty hostnames CVE-2018-12910 Note that Nessus has not tested for...

RHEL 5 : aspell (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - aspell: stack-based buffer over-read in acommon::unescape in common/getdata.cpp CVE-2019-17544 Note that Nessus has...

shadowbroker

This repository, ximakou9/shadowbroker, contains a collection of exploits and tools leaked by the Shadow Brokers. The repository includes a README file that lists the contents of the repository, which includes various exploits and tools, as well as a file listing of the contents of the repository...

libsndfile -- out-of-bounds read memory access

RedHat reports: It was discovered the fix for CVE-2018-19758 was not complete and still allows a read beyond the limits of a buffer in wavwriteheader function in wav.c. A local attacker may use this flaw to make the application crash...

Knox Arkeia Pro 5.1.12 Backup Remote Root Exploit

No description provided by source. / Knox Arkiea arkiead local/remote root exploit. Portbind 5074 shellcode Tested on Redhat 8.0, Redhat 7.2, but all versions are presumed vulnerable. NULLs out least significant byte of EBP to pull EIP out of overflow buffer. A previous request forces a large...

Knox Arkeia Pro 5.1.12 - Backup Remote Code Execution

/ Knox Arkiea arkiead local/remote root exploit. Portbind 5074 shellcode Tested on Redhat 8.0, Redhat 7.2, but all versions are presumed vulnerable. NULLs out least significant byte of EBP to pull EIP out of overflow buffer. A previous request forces a large allocation of NOP's + shellcode in hea...

kon2 exploit!!

I look kon2 source and -Console arg is the problem, so here go the PoC. ----cut here-------- !/usr/bin/perl Priv8security.com kon2 version 0.3.9b-16 and local root exploit. Tested on Redhat 8.0. should work on 9.0 and 7.3 Bug happens on -Coding arg. Based on Redhat Advisory. wsxz@localhost buffer...

expect to get hacked

====================== expect to get hacked ====================== After looking at a recent discussion on vuln-dev, I decided that this might as well be released again. Makes the process of exploiting expect a little rpm -qf which expect expect-5.31-46 Under Redhat 7.0 expect uses the wrong path...

LPRng 3.6.x - Failure To Drop Supplementary Groups

LPRng 3.6.x - Failure To Drop Supplementary Groups / source: https://www.securityfocus.com/bid/2865/info The LPRng software is an enhanced, extended, and portable implementation of the Berkeley LPR print spooler functionality. When the LPRng daemon is initialized, it fails to drop its supplementa...

sperl 5.00503 (and newer ;) exploit

Not much to say except I feel little bit stupid posting it ... This exploit gives instant root, at least on RedHat 6.x/7.0 Linux boxes I have available for tests... And for sure, all other systems are vulnerable as well - it's just maybe this code will need some refining / tuning / minor changes...

RedHat 4.x5.x6.x RedHat man 1.5 Turbolinux man 1.5 Turbolinux 3.54.x - man Buffer Overrun (2)

RedHat 4.x5.x6.x RedHat man 1.5 Turbolinux man 1.5 Turbolinux 3.54.x - man Buffer Overrun 2 / source: https://www.securityfocus.com/bid/1011/info RedHat 4.0/4.1/4.2/5.0/5.1/5.2/6.0/6.2,RedHat man 1.5,Turbolinux man 1.5,Turbolinux 3.5/4.2/4.4 man Buffer Overrun Vulnerability A buffer overflow exis...

RedHat 4.x/5.x/6.x / RedHat man 1.5 / Turbolinux man 1.5 / Turbolinux 3.5/4.x - 'man' Buffer Overrun (1)

/ source: https://www.securityfocus.com/bid/1011/info RedHat 4.0/4.1/4.2/5.0/5.1/5.2/6.0/6.2,RedHat man 1.5,Turbolinux man 1.5,Turbolinux 3.5/4.2/4.4 man Buffer Overrun Vulnerability A buffer overflow exists in the implementation of the 'man' program shipped with RedHat Linux, and other LInux...