792 matches found
NEC EXPRESS CLUSTER clpwebmc Remote Root Exploit
NEC EXPRESS CLUSTER comes with Cluster Manager, a Java applet for cluster configuration and management. The underlying webserver 'clpwebmc' runs as root and accepts connections on TCP port 29003 which can be initiated without authentication in the default installation. / 2017 update: as of 3.3.4...
Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04/16.04) - Local Privilege Escalation (KASLR / SMEP)
// A proof-of-concept local root exploit for CVE-2017-1000112. // Includes KASLR and SMEP bypasses. No SMAP bypass. // Tested on Ubuntu trusty 4.4.0- and Ubuntu xenial 4-8-0- kernels. // // EDB Note: Also included the work from...
Barracuda Load Balancer Firmware 6.0.1.006 Remote Root
Exploit Title: Barracuda Load Balancer Firmware 'Barracuda Load Balancer Firmware %q This module exploits a remote command execution vulnerability in the Barracuda Load Balancer Firmware Version = v6.0.1.006 2016-08-19 by exploiting a vulnerability in the web administration interface. By sending ...
Aerohive AP340 HiveOS Remote Code Execution / Local File Inclusion
!/usr/bin/python3 TARGET: AeroHive AP340 HiveOS $cmd"; die; ?" URL of the login page where we will inject our PHP command exec code so it poisons the log file posturl= "/login.php5?version=6.1r2" postfields = "loginauth" : "1", "miniHiveUI" : "1", "userName" : payloadinject, "password" : "1234"...
Aerohive HiveOS 5.1r5 6.1r5 - Remote Code Execution
Aerohive HiveOS 5.1r5 6.1r5 - Remote Code Execution !/usr/bin/python3 TARGET: AeroHive AP340 HiveOS $cmd"; die; ?" URL of the login page where we will inject our PHP command exec code so it poisons the log file posturl= "/login.php5?version=6.1r2" postfields = "loginauth" : "1", "miniHiveUI" :...
KDE kauth and kdelibs Logic Flaw Lets Local Users Obtain Root Privileges(CVE-2017-8422)
This document describes a generic root exploit against kde. The exploit is achieved by abusing a logic flaw within the KAuth framework which is present in kde4 org.kde.auth and kde5 org.kde.kf5auth. It is possible to spoof what KAuth calls callerID's which are indeed D-Bus unique names of the...
openSUSE: Security Advisory for smb4k (openSUSE-SU-2017:1343-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : smb4k (openSUSE-2017-595)
This update for smb4k fixes the following issues : - Disabled dbus service and polkit rules, because this version of smb4k has a local root exploit issue boo1036245, CVE-2017-8849. Automatic mounting will no longer be possible to work around this security issue. %NASLMINLEVEL 70300 C Tenable...
Security update for smb4k (important)
This update for smb4k fixes the following issues: - Disabled dbus service and polkit rules, because this version of smb4k has a local root exploit issue boo1036245, CVE-2017-8849. Automatic mounting will no longer be possible to work around this security issue...
GNS3 Mac OS-X 1.5.2 - ubridge Local Privilege Escalation
GNS3 Mac OS-X 1.5.2 - ubridge Local Privilege Escalation !/bin/sh GNS-3 Mac OS-X LPE local root exploit ===================================== GNS-3 on OS-X bundles the "ubridge" binary as a setuid root file. This file can be used to read arbitary files using "-f" arguement but also as it runs as...
Linux Kernel 4.4.0 Ubuntu DCCP Double-Free Privilege Escalation
// A proof-of-concept local root exploit for CVE-2017-6074. // Includes a semireliable SMAP/SMEP bypass. // Tested on 4.4.0-62-generic 83-Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074 // // Usage: // $ gcc poc.c -o pwn // $ ./pwn // . namespace sandbox setup...
Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation
Linux Kernel 4.4.0 Ubuntu - DCCP Double-Free Privilege Escalation // // EDB Note: More information http://seclists.org/oss-sec/2017/q1/471 // // A proof-of-concept local root exploit for CVE-2017-6074. // Includes a semireliable SMAP/SMEP bypass. // Tested on 4.4.0-62-generic 83-Ubuntu kernel. //...
GNU Screen 4.5.0 - Local Privilege Escalation
!/bin/bash screenroot.sh setuid screen v4.5.0 local root exploit abuses ld.so.preload overwriting to get root. bug: https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html HACK THE PLANET infodox 25/1/2017 echo " gnu/screenroot " echo "+ First, we create our shell and library..." ca...
BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Root Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/python logstorm-root.py BlackStratus LOGStorm Remote Root Exploit Jeremy Brown jbrown3264/gmail Dec 2016 -Synopsis- "Better Security and Compliance for Any Size Business" BlackStratus LOGStorm has multiple vulnerabilities that...
How to use Rowhammer vulnerability Root Android phone with Video demo+Exploit source code-the vulnerabilities and early warning-the black bar safety net
! Recently, security research experts through research found a root the Android phone to the new method, i.e., by Rowhammer vulnerability to root Android phone. In addition, the attacker can even use this exploit with presently known Android vulnerabilities Bandroid and Stagefright to the target...
FreePBX Remote Command Execution
Title : Freepbx =begin Freepbx 13.x are vulnerable to Remote command execution due to the insuffecient sanitization of the user input fields language,destination and also due to the lack of good authentication checking Technical details Vulnerable file :...
NUUO NVRmini 2 3.0.8 - Remote Code Execution
NUUO NVRmini 2 3.0.8 - Remote Code Execution !/usr/bin/env python NUUO Remote Root Exploit Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: =3.0.8 Summary: NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with...
NUUO NVRmini 2 3.0.8 - Remote Root Exploit
Exploit for php platform in category web applications !/usr/bin/env python NUUO Remote Root Exploit Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: =3.0.8 Summary: NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy,...
NUUO Remote Root Exploit
Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...
Barracuda Web Application Firewall 8.0.1.008 - (Authenticated) Remote Command Execution (Metasploit)
Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Command Execution Metasploit Exploit Title: Barracuda Web Application Firewall 'Barracuda Web Application Firewall %q This module exploits a remote command execution vulnerability in the Barracuda Web Application Firweall firmwar...