CVE-2016-7032

CVE-2016-7032 (sudo noexec bypass) A local attacker could exploit sudo_noexec.so in Sudo to bypass noexec restrictions by calling system() or popen. Affected software: sudo before 1.8.15 on Linux. Underlying issue: bypass of the sudo noexec restriction when an application uses system() or popen, ...

CVE-2016-7032

sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...

PonyOS 4.0 fluttershy LD_LIBRARY_PATH Privilege Escalation

!/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running setuid files allowing for local root exploitation through manipulated...

Apple macOS Sierra sudo elevation of privilege vulnerability

Apple macOS Sierra is a specialized operating system developed by Apple for Mac computers. sudo is a component of the operating system that allows users to execute commands in a secure manner with special privileges. An elevation of privilege vulnerability exists in the sudo component in Apple...

BlueCoat CAS 1.3.7.1 Privilege Escalation

Exploit Title: OS Command Injection Vulnerability in BlueCoat ASG and CAS Date: April 3, 2017 Exploit Authors: Chris Hebert, Peter Paccione and Corey Boyd Contact: chrisdhebertatgmail.com Vendor Security Advisory: https://bto.bluecoat.com/security-advisory/sa138 Version: CAS 1.3 prior to 1.3.7.4 ...

Bluecoat ASG 6.6/CAS 1.3 - Local Privilege Escalation (Metasploit)

Exploit Title: OS Command Injection Vulnerability in BlueCoat ASG and CAS Date: April 3, 2017 Exploit Authors: Chris Hebert, Peter Paccione and Corey Boyd Contact: chrisdhebertatgmail.com Vendor Security Advisory: https://bto.bluecoat.com/security-advisory/sa138 Version: CAS 1.3 prior to 1.3.7.4 ...

CVE-2017-2381

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "sudo" component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server...

Design/Logic Flaw

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "sudo" component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server...

CVE-2017-2381

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "sudo" component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server...

CVE-2017-2381

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "sudo" component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server...

CVE-2017-2381

Summary: CVE-2017-2381 affects macOS prior to 10.12.4, involving the sudo component. An access/privilege-elevation issue could allow remote authenticated users to gain privileges by exploiting membership in the admin group on a network directory server. Root cause: permission checking flaw in sud...

Mac OS X 10.x < 10.12.4 Multiple Vulnerabilities

Binary data 700032.prm...

macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)

The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution...

CVE-2017-5198

SolarWinds LEM aka SIEM before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh...

Design/Logic Flaw

SolarWinds LEM aka SIEM before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh...

CVE-2017-5198

SolarWinds LEM aka SIEM before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh...

CVE-2017-5198

SolarWinds LEM aka SIEM before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh...

CVE-2017-5198

SolarWinds LEM (SIEM) prior to version 6.3.1 contains a misconfigured sudo setup that lets local attackers obtain root by editing /usr/local/contego/scripts/hostname.sh. This item is confirmed by multiple sources in the connected data. Affected product/version: SolarWinds LEM before 6.3.1. Root/P...

Umbrella - A Phishing Dropper designed to Pentest

Umbrella is a file dropper dedicated to pentest, its download files on target system are execute them without a double execution of exe, only of embed. To compromise the same target again, you need delete this folder on target system : - C:\Users\Public\Libraries\Intel - because dropper checks th...

Teradici Management Console 2.2.0 - Privilege Escalation

Teradici Management Console 2.2.0 - Privilege Escalation Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation Date: February 22nd, 2017 Exploit Author: hantwister Vendor Homepage:...