SUSE CVE-2016-6185

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory...

CSRF vulnerability in Jenkins Shared Objects Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects...

GHSA-2V9X-GPQ4-8GG2 CSRF vulnerability in Jenkins Shared Objects Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects...

ELFXtract - An Automated Analysis Tool Used For Enumerating ELF Binaries

ELFXtract is an automated analysis tool used for enumerating ELF binaries Powered by Radare2 and r2ghidra This is specially developed for PWN challenges and it has many automated features It almost displays every details of the ELF and also decompiles its ASM to C code using r2ghidra Decompiling...

CVE-2021-0652

In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

How to install Frida into an Android application

On a recent job I was testing a rather interesting piece of technology that had several server side checks but they wanted to add some additional security on the client side. Great!! One of these additional checks was to see if Frida was running on the device, this was proving a difficult nut to...

CVE-2020-2296

A cross-site request forgery CSRF vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects...

CVE-2020-2296

A cross-site request forgery CSRF vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects...

CVE-2020-2296

CVE-2020-2296 concerns Jenkins Shared Objects Plugin

CVE-2020-2296

A cross-site request forgery CSRF vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects...

PT-2020-15526 · Jenkins · Jenkins Shared Objects Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Shared Objects Plugin versions 0.44 and earlier Description: A cross-site request forgery CSRF issue allows attackers to configure shared objects. This can be exploited by attackers to perform unauthorized actions. Recommendations: Fo...

FreeBSD rtld execl() Privilege Escalation Exploit

This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor rtld. The rtld unsetenv function fails to remove LD environment variables if findenv fails. This can be abused to load arbitrary shared objects using LDPRELOAD, resulting in privileged code execution. This module...

FreeBSD rtld execl() Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeBSD rtld execl Privilege Escalation', 'Description' = %q This module exploits a vulnerability in the FreeBSD run-time link-editor rtld. The...

CVE-2018-14671

unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability. Andrey Krasichkov and Evgeny Sidorov of Yandex Information Security Team...

glibc - '$ORIGIN' Expansion Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' class MetasploitModule "glibc '$ORIGIN' Expansion Privilege Escalation", 'Description' = %q This...

glibc $ORIGIN Expansion Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid...

glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' class MetasploitModule 'glibc LDAUDIT Arbitrary DSO Load Privilege Escalation', 'Description' = %q...

glibc '$ORIGIN' Expansion Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' class MetasploitModule "glibc '$ORIGIN' Expansion Privilege Escalation", 'Description' = %q This...

glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation

This module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid executables...