619 matches found
Actiontec T2200H Remote Reverse Root Shell
Device Details Vendor: Actiontec Telus Branded, but may work on others Model: T2200H but likely affecting other similar models of theirs Affected Firmware: T2200H-31.128L.03 Device Manual: http://static.telus.com/common/cms/files/internet/telust2200husermanual.pdf Reported: November 2015 Status:...
Axis Communications MPQTPACS 5.20.x - Server-Side Include Daemon Remote Format String
Axis Communications MPQTPACS 5.20.x - Server-Side Include Daemon Remote Format String !/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following...
Nagios XI Chained - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Chained Remote Code Execution', 'Description' = %q This module exploits an SQL injection, auth bypass, file upload, command injection, a...
CVE-2016-2204
The management console on Symantec Messaging Gateway SMG Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input...
Schneider Electric SBO / AS - Multiple Vulnerabilities
Exploit for hardware platform in category remote exploits Exploit Title: Schneider Electric SBO / AS Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.schneider-electric.com Versions Reported: Automation Server Series AS, AS-P, v1.7 and prior CVE-ID: CVE-2016-2278 About...
Schneider Electric SBO / AS - Multiple Vulnerabilities
Exploit Title: Schneider Electric SBO / AS Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.schneider-electric.com Versions Reported: Automation Server Series AS, AS-P, v1.7 and prior CVE-ID: CVE-2016-2278 About Schneider Electric’s corporate headquarters is located in...
Schneider Electric SBO AS - Multiple Vulnerabilities
Schneider Electric SBO AS - Multiple Vulnerabilities Exploit Title: Schneider Electric SBO / AS Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.schneider-electric.com Versions Reported: Automation Server Series AS, AS-P, v1.7 and prior CVE-ID: CVE-2016-2278 About...
Exploit for CVE-2016-0728
CVE-2016-0728 testbed This repository contains a test program...
QEMU (Gentoo) - Local Privilege Escalation
/ == virtfshell == Some distributions make virtfs-proxy-helper from QEMU either SUID or give it CAPCHOWN fs capabilities. This is a terrible idea. While virtfs-proxy-helper makes some sort of flimsy check to make sure its socket path doesn't already exist, it is vulnerable to TOCTOU. This should...
QEMU (Gentoo) - Local Privilege Escalation
QEMU Gentoo - Local Privilege Escalation / == virtfshell == Some distributions make virtfs-proxy-helper from QEMU either SUID or give it CAPCHOWN fs capabilities. This is a terrible idea. While virtfs-proxy-helper makes some sort of flimsy check to make sure its socket path doesn't already exist,...
Gentoo QEMU Local Privilege Escalation
/ == virtfshell == Some distributions make virtfs-proxy-helper from QEMU either SUID or give it CAPCHOWN fs capabilities. This is a terrible idea. While virtfs-proxy-helper makes some sort of flimsy check to make sure its socket path doesn't already exist, it is vulnerable to TOCTOU. This should...
Cisco ASR 1000 Series Root Shell License Bypass Vulnerability
A vulnerability in the way software packages are loaded in Cisco IOS XE Software for the Cisco Aggregation Services Routers ASR 1000 Series could allow an authenticated, local attacker to gain restricted root shell access. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be...
Dropbox FinderLoadBundle OS X Local Root Exploit
!/bin/bash Dropbox FinderLoadBundle OS X local root exploit by cenobyte 2015 - vulnerability description: The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory...
Dropbox < 3.3.x - OSX FinderLoadBundle Privilege Escalation
!/bin/bash Exploit Title: Dropbox FinderLoadBundle OS X local root exploit Google Dork: N/A Date: 29/09/15 Exploit Author: cenobyte Vendor Homepage: https://www.dropbox.com Software Link: N/A Version: Dropbox 1.5.6, 1.6-7., 2.1-11., 3.0., 3.1., 3.3. Tested on: OS X Yosemite 10.10.5 CVE: N/A Dropb...
Dropbox 3.3.x - OSX FinderLoadBundle Local Root Exploit
The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory. The directory in which FinderLoadBundle is located is owned by root and that prevents placing arbitrary...
OS X Install.framework suid root Runner Binary Privilege Escalation Vulnerability
Exploit for macOS platform in category local exploits Source: https://code.google.com/p/google-security-research/issues/detail?id=478 The Install.framework runner suid root binary does not correctly account for the fact that Distributed Objects can be connected to by multiple clients at the same...
Ubuntu aeration local elevation of privilege vulnerability, CVE-2 0 1 5-1 3 2 8), The impact of multiple versions-vulnerability warning-the black bar safety net
Due to the particular case when the file is created the permissions check bug, the Ubuntu operating system exposure to local privilege escalation vulnerabilities affect Ubuntu 12.04 and 14.04, and 14.10, and 15.04 version. The current Ubuntu official has been fixed the vulnerability. The...
Fuse 2.9.3-15 - Local Privilege Escalation
Fuse 2.9.3-15 - Local Privilege Escalation Source: https://gist.github.com/taviso/ecb70eb12d461dd85cba Tweet: https://twitter.com/taviso/status/601370527437967360 Recommend Reading: http://seclists.org/oss-sec/2015/q2/520 YouTube: https://www.youtube.com/watch?v=V0i3uJJPJ88 Making a demo exploit...
Apport/Abrt (Ubuntu / Fedora) - Local Privilege Escalation
define GNUSOURCE include include include include include include include include include include include include include include warning this file must be compiled with -static // // Apport/Abrt Vulnerability Demo Exploit. // // Apport: CVE-2015-1318 // Abrt: CVE-2015-1862 // // --...
WeCenter SQL注射(ROOT SHELL)
简要描述: WeCenter SQL注射(ROOT SHELL) 详细说明: ajax.php: public function questionlistaction if $GET'featureid' if $topicids = $this-model'feature'-gettopicsbyfeatureid$GET'featureid' $GET'topicid' = implode',', $topicids; switch $GET'type' case 'best': $actionlist =...