DblTekGoIPPwn - Tool to check if an IP of a DblTek GoIP is vulnerable to a challenge-response login system, execute remote commands botnet style, and generate responses to challenges

Tool to exploit challenge response system in vulnerable DblTek GoIP devices. Can generate responses to specified challenges, test hosts for the vulnerability, run commands on vulnerable hosts, and drop into a root shell on any vulnerable host. The Vulnerability On March 2nd, 2017, Trustwave...

DBLTek GoIP 'dbladm' User Unauthorized Access Vulnerability

DBL Technology is a communication equipment manufacturer located in Shenzhen, China. Its main products include GSM voice gateway, IP telephony gateway, enterprise softswitch, etc., which are mostly used by telephony companies and VoIP service providers. An unauthorized access vulnerability exists...

Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Local Privilege Escalation

== Overview === System affected: VirtualBox Software-Version: prior to 5.0.32, prior to 5.1.14 User-Interaction: Required Impact: A Man-In-The-Middle could infiltrate an Extension-Pack-Update to gain a root-shell === Detailed description === In my research about update mechanism of open-source...

Telstra 4Gx Portable Router Persistent Root Shell Vulnerability

Exploit for hardware platform in category web applications Majority of this info was found from the 4dpa.ru forum but works well on Telstra Mobile routers. Telstra has been contacted and do not see it as a security issue so have fun messing with your 4g routers, not much of a security issue but i...

Apple macOS Sierra 10.12.1 - physmem Local Privilege Escalation

Apple macOS Sierra 10.12.1 - physmem Local Privilege Escalation physmem physmem is a physical memory inspection tool and local privilege escalation targeting macOS up through 10.12.1. It exploits either CVE-2016-1825 or CVE-2016-7617 depending on the deployment target. These two vulnerabilities a...

Apple macOS Sierra 10.12.1 - 'physmem' Local Privilege Escalation

physmem physmem is a physical memory inspection tool and local privilege escalation targeting macOS up through 10.12.1. It exploits either CVE-2016-1825 or CVE-2016-7617 depending on the deployment target. These two vulnerabilities are nearly identical, and exploitation can be done exactly the...

OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1010 This issue affects OpenSSH if privilege separation is disabled config option UsePrivilegeSeparation=no. While privilege separation is enabled by default, it is documented as a hardening option, and therefore disabling it shoul...

IBM AIX 6.1/7.1/7.2 - 'Bellmail' Local Privilege Escalation

!/usr/bin/sh CVE-2016-8972/bellmailroot.sh: IBM AIX Bellmail local root Affected versions: AIX 6.1, 7.1, 7.2 VIOS 2.2.x Fileset Lower Level Upper Level KEY --------------------------------------------------------- bos.net.tcp.client 6.1.9.0 6.1.9.200 keywfs bos.net.tcp.client 7.1.3.0 7.1.3.47...

Vesta Control Panel 0.9.8-16 Local Privilege Escalation

!/bin/bash Exploit Title: Vesta Control Panel 0.9.7 suid.c PWN Make PWN shell scrip...

Debian DLA-713-1 : sniffit security update

It was discovered that there was a buffer overflow in the packet sniffer and monitoring tool 'sniffit' which allowed a specially crafted configuration file to provide a root shell. For Debian 7 'Wheezy', this issue has been fixed in sniffit version 0.3.7.beta-16.1+deb7u1. We recommend that you...

DLA-713-1 sniffit - security update

Bulletin has no description...

CryptSetup Ubuntu 16.4 CVE2016-4484 - Privilege Escalate

Document Title: =============== CryptSetup Ubuntu 16.4 CVE2016-4484 - Privilege Escalate References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2014 Video: https://www.youtube.com/watch?v=81Qam91pRoE Credits:...

CryptSetup Ubuntu 16.4 CVE2016-4484 - Privilege Escalate

Document Title: =============== CryptSetup Ubuntu 16.4 CVE2016-4484 - Privilege Escalate References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2014 Video: https://www.youtube.com/watch?v=81Qam91pRoE Credits:...

Cryptsetup Vulnerability Grants Root Shell Access on Some Linux Systems

A vulnerability in cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems. From there, an attacker could have the ability to copy, modify, or destroy a hard disk, or use the network to exfiltrate...

IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Privilege Escalation Exploit

Exploit for linux platform in category local exploits !/usr/bin/sh AIX lquerylv 5.3, 6.1, 7.1, 7.2 local root exploit. Tested against latest patchset 7100-04 This exploit takes advantage of known issues with debugging functions within the AIX linker library. We are taking advantage of known...

FreePBX 10.13.66 Remote Command Execution / Privilege Escalation

!/usr/bin/env python ''' Title | FreePBX 13 Remote Command Execution and Privilege Escalation Date | 10/21/2016 Author | Christopher Davis Vendor | https://www.freepbx.org/ Version | FreePBX 13 & 14 System Recordings Module versions: 13.0.1beta1 - 13.0.26 Tested on |...

FreePBX 10.13.66 Remote Command Execution / Privilege Escalation Exploit

Exploit for php platform in category remote exploits !/usr/bin/env python ''' Title | FreePBX 13 Remote Command Execution and Privilege Escalation Date | 10/21/2016 Author | Christopher Davis Vendor | https://www.freepbx.org/ Version | FreePBX 13 & 14 System Recordings Module versions: 13.0.1beta...

Linux Kernel 2.6.22 3.9 (x86x64) - Dirty COW procselfmem Race Condition Privilege Escalation (SUID Method)

Linux Kernel 2.6.22 3.9 x86x64 - Dirty COW procselfmem Race Condition Privilege Escalation SUID Method / EDB-Note: After getting a shell, doing "echo 0 /proc/sys/vm/dirtywritebackcentisecs" may make the system more stable. uncomment correct payload first x86 or x64! $ gcc cowroot.c -o cowroot...

FreePBX 13 - Remote Command Execution / Privilege Escalation

!/usr/bin/env python ''' Title | FreePBX 13 Remote Command Execution and Privilege Escalation Date | 10/21/2016 Author | Christopher Davis Vendor | https://www.freepbx.org/ Version | FreePBX 13 & 14 System Recordings Module versions: 13.0.1beta1 - 13.0.26 Tested on |...

Leftover Factory Debugger Doubles as Android Backdoor

A leftover factory debugger in Android firmware made by Taiwanese electronics manufacturer Foxconn can be flipped into a backdoor by an attacker with physical access to a device. The situation is a dream for law enforcement or a forensics outfit wishing to gain root access to a targeted device...