Optergy BMS 2.0.3a Remote Root

!/usr/bin/env python Unauthenticated Remote Root Exploit in Optergy BMS Console Backdoor Affected version \n' sys.exit while True: challengeurl = 'http://'+sys.argv1+'/tools/ajax/ConsoleResult.html?get' try: req1 = requests.getchallengeurl getchallenge = json.loadsreq1.text challenge =...

FlexAir Access Control 2.3.38 Remote Root

!/usr/bin/env python Authenticated Remote Root Exploit for Prima FlexAir Access Control 2.3.38 via Command Injection in SetNTPServer request, Server parameter. CVE: CVE-2019-7670 Advisory: https://applied-risk.com/resources/ar-2019-007 Paper:...

Prima FlexAir Access Control 2.3.38 - Remote Code Execution

Prima FlexAir Access Control 2.3.38 - Remote Code Execution Exploit Title: Prima FlexAir Access Control 2.3.38 - Remote Code Execution Google Dork: NA Date: 2018-09-06 Exploit Author: LiquidWorm Vendor Homepage: https://www.primasystems.eu/ Software Link:...

Linux Polkit pkexec helper PTRACE_TRACEME local root exploit

This module exploits an issue in ptracelink in kernel/ptrace.c before Linux kernel 5.1.17. This issue can be exploited from a Linux desktop terminal, but not over an SSH session, as it requires execution from within the context of a user with an active Polkit agent. In the Linux kernel before...

Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-202-01)

New kernel packages are available for Slackware 14.2 to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2019-202-01. The text itself is copyright C Slackware Linux, Inc. include'compat.inc...

FaceSentry Access Control System 6.4.8 Remote Root

!/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14...

CVE-2019-5244

Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361C636 versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process...

OPENSUSE-SU-2019:0009-1 Security update for singularity

This update for singularity to version 2.6.1 fixes the following issues: Security issues fixed: - CVE-2018-19295: Fixed a local root exploit, related to joining arbitrary mount namespaces boo1111411...

SUSE-SU-2019:13976-1 Security update for supportutils

This update for supportutils fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19636: Local root exploit via inclusion of attacker controlled shell script bsc1117751 - CVE-2018-19640: Users can kill arbitrary processes bsc1118463 - CVE-2018-19638: User can overwrite arbitrary...

ASAN/SUID - Local Privilege Escalation

!/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload to get root on a vulnerable system. Supply your own targe...

ASANSUID - Local Privilege Escalation

ASANSUID - Local Privilege Escalation !/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload to get root on a...

openSUSE Security Update : singularity (openSUSE-2019-9)

This update for singularity to version 2.6.1 fixes the following issues : Security issues fixed : - CVE-2018-19295: Fixed a local root exploit, related to joining arbitrary mount namespaces boo1111411. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

Deepin Linux 15 - lastore-daemon Local Privilege Escalation

Deepin Linux 15 - lastore-daemon Local Privilege Escalation !/bin/bash Deepin Linux 15.5 lastore-daemon D-Bus Local Root Exploit The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user in the sudo group to install arbitrary packages without providing a password, resulting in...

MicroTik RouterOS < 6.43rc3 - Remote Root Exploit

/ Exploit Title: RouterOS Remote Rooting Exploit Author: Jacob Baines Vendor Homepage: www.mikrotik.com Software Link: https://mikrotik.com/download Version: Longterm: 6.30.1 - 6.40.7 Stable: 6.29 - 6.42 Beta: 6.29rc1 - 6.43rc3 Tested on: RouterOS Various CVE : CVE-2018-14847 By the Way is an...

Sun Solaris 11.3 AVS Kernel - Local Privilege Escalation

/ Exploit Title: Solaris/OpenSolaris AVS kernel code execution Google Dork: if applicable Date: 24/7/2018 Exploit Author: mu-b Vendor Homepage: oracle.com Software Link: Version: Solaris 10, Solaris Sun Opensolaris include include include include include include include include include include...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 IPn4Gb 1.1.0 R...

DEBIAN-CVE-2018-6533

An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code a larger...

Proxifier for Mac 2.19 - Local Privilege Escalation

With CVE-2017-7643 I disclosed a command injection vulnerablity in the KLoader binary that ships with Proxifier = 2.18. Unfortunately 2.19 is also vulnerable to a slightly different attack that yields the same result. When Proxifier is first run, if the KLoader binary is not suid root it gets...

Sera 1.2 Local Root / Password Disclosure Exploit

Sera version 1.2 suffers from a password disclosure that can allow for root privilege escalation. Sera is a free app for mac and iOS that lets you unlock your mac automatically when your iphone is within a configured proximity. Unfortunately to facilitate this it stores the users login password i...

FLIR Thermal Camera PT-Series (PT-334 200562) - Root Remote Code Execution

!/bin/bash FLIR Systems FLIR Thermal Camera PT-Series PT-334 200562 Remote Root Exploit Vendor: FLIR Systems, Inc. Product web page: http://www.flir.com Affected version: Firmware version: 8.0.0.64 Software version: 10.0.2.43 Release: 1.3.4 GA, 1.3.3 GA and 1.3.2 Summary: FLIR's PT-Series of...