PineApp Mail-Secure Command Execution

pineapp makes an anti-spam product, which can be downloaded for vmware, etc. the security of the product is a fucking joke, containing everything from authentication bypass to root exploits. there is really no hope, the developers didnt even try. they can patch those specific vulnerabilities, but...

Verizon Wireless Network Extender multiple vulnerabilities

Overview iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devic...

LG Android Backup Software Vulnerable to Root Exploit

A vulnerability in backup software installed on some LG Android smartphones could enable an attacker with access to the device to gain root privileges. Sprite Software’s AndroidBackup tool is installed by OEM on a number of LG Optimus, Mach, Lollipop, and Prada devices. The backup tool, in...

Seowonintech Devices - Remote Command Execution

!/usr/bin/perl + Seowonintech all device remote root exploit v2 ===================================================== author: | email: Todor Donev latin | todor dot donev Òîäîð Äîíåâ cyrillic | @googlemail.com ===================================================== type: | platform: | description:...

Linux kernel perf_swevent_init - Local root Exploit

Exploit for linux platform in category local exploits / CVE-2013-2094 exploit x8664 Linux include include include include include include include include include define BASE 0x380000000 define BASEJUMP 0x1780000000 define SIZE 0x10000000 define KSIZE 0x2000000 define TMPx 0xdeadbeef + x struct id...

Linux kernel perf_events local root exploit

No description provided by source. / Linux kernel perfevents local root exploit by wzt 2013 http://www.cloud-sec.org gcc -o perfexp perexp.c -O2 target: 2.6.37 - 3.x test on: rhel6.3/6.4 x8664 rhel6.3 + 3.2 kernel / include stdint.h include stdio.h include stdlib.h include string.h include unistd...

Glibc 2.11.3 / 2.12.x LD_AUDIT libmemusage.so Local Root Exploit

Local root exploit for Glibc versions 2.11.3 and 2.12.x utilizing LDAUDIT libmemusage.so. !/bin/sh + Glibc /tmp/payload.c /dev/null echo "+ Filling the lib file with lib contents." cat /tmp/exploit /lib/sploit.so rm /tmp/payload.c /tmp/exploit echo "+ Executing payload.." LDAUDIT="sploit.so" ping...

Mageia release 2 (32bit) sock_diag_handlers Local root exploit

Exploit for linux platform in category local exploits / Exploit Title: Mageia release 2 32bit sockdiaghandlers Local root exploit Date: 22-03-2013 Exploit Author: email protected | @y3dips Vendor Homepage: http://www.mageia.org/en/ Software Link: http://www.mageia.org/en/downloads/ Version: Magei...

Ubuntu 12.10 64-Bit sock_diag_handlers Local Root Exploit

Local root exploit for Ubuntu 12.10 64bit that leverages the sockdiaghandlers vulnerability in Linux kernels before 3.7.10. include include include include include include include include include include include include include include typedef int attributeregparm3 commitcredsunsigned long cred;...

Qool CMS 2.0 RC2 Cross Site Request Forgery

Qool CMS v2.0 RC2 XSRF Add Root Exploit input type="hidden" name="...

rpi-update - Insecure Temporary File Handling Security Bypass

rpi-update - Insecure Temporary File Handling Security Bypass // source: https://www.securityfocus.com/bid/58292/info rpi-update is prone to an insecure temporary file-handling vulnerability and a security-bypass vulnerability An attacker can exploit this issue to perform symbolic-link attacks,...

rpi-update - Insecure Temporary File Handling / Security Bypass

// source: https://www.securityfocus.com/bid/58292/info rpi-update is prone to an insecure temporary file-handling vulnerability and a security-bypass vulnerability An attacker can exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected...

DefenseCode Security Advisory: Cisco Linksys Remote Preauth 0day Root Exploit Follow-Up

A few weeks ago, we have announced remote preauth root access exploit for Cisco Linksys http://www.youtube.com/watch?v=cv-MbL7KFKE. Vulnerability details were disclosed here: http://www.defensecode.com/public/DefenseCodeBroadcomSecurityAdvisory.pdf During further research, we have discovered that...

DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit

DefenseCode Security Advisory UPCOMING: Cisco Linksys Remote Preauth 0day Root Exploit Story behind the vulnerability... Months ago, we've contacted Cisco about a remote preauth root access vulnerability in default installation of their Linksys routers that we've discovered. We gave them detailed...

Samsung Pushes Exynos Flaw Fix on Galaxy Phones

Samsung has started to push software updates to some users of its Galaxy branded phones this week, fixing a flaw that was found affecting devices containing Exynos processors shortly before Christmas. The update addresses a root exploit developed by XDA Developers forum member Alephzain two and a...

Samsung Acknowledges Exynos Root Exploit

Samsung downplayed a root exploit vulnerability in some of its Exynos processors, and promised a patch for the flaw, according to a company statement acquired by AndroidCentral. The bug affects devices with Exynos 4210 and 4412 processors and was first made public by an XDA Developers forum membe...

Root Exploit in Devices with Samsung's Exynos Processors

An XDA Developers forum member operating under the handle alephzain has created an exploit that obtains root privileges and enables malicious application installation on the many Samsung devices that contain Exynos 4210 and 4412 processors. The list of devices that use the affected processors...

multiple critical vulnerabilities in sophos products

List, I've completed the second paper in my series analyzing Sophos Antivirus internals, titled "Practical Attacks against Sophos Antivirus". As the name suggests, this paper describes realistic attacks against networks using Sophos products. The paper includes a working pre-authentication remote...

Sophos Products - Multiple Vulnerabilities

List, I've completed the second paper in my series analyzing Sophos Antivirus internals, titled "Practical Attacks against Sophos Antivirus". As the name suggests, this paper describes realistic attacks against networks using Sophos products. The paper includes a working pre-authentication remote...

soapbox 0.3.1 - Local Privilege Escalation

soapbox 0.3.1 - Local Privilege Escalation ----------------------------------- soapbox 0.3.1 Description: "Soapbox allows to restrict processes to write only to those places you want. Read-access however is still based on file-permissions. By preloading the Soapbox library, you can run programs a...