trixbox (langChoice) - Local File Inclusion Exploit (connect-back) (2)

No description provided by source. !/usr/bin/perl -w Jean-Michel BESNARD [email protected] / LEXSI Audit 2008-07-09 This is an update of the previous exploit. We can now get a root shell, thanks to sudo. perl trixboxfiv2.pl 192.168.1.212 Please listen carefully as our menu option has changed...

Adobe Version Cue 1.0/1.0.1 - Local Root Exploit (OSX)

No description provided by source. !/usr/bin/perl Adobe Version Cue VCNativeOSX: local root exploit. by: vade79/v9 [email protected] fakehalo/realhalo Adobe Version Cue's VCNative program writes data to a log file in the current working directory while running as setuid root. the logfile is formated...

Symantec Web Gateway 5.0.3.18 LFI Remote ROOT RCE Exploit

No description provided by source. !/usr/bin/python ''' The original patch for the Symantec Web Gateway 5.0.2 LFI vulnerability removed the /tmp/networkScript file but left the entry in /etc/sudoers, allowing us to simply recreate the file and obtain a root shell using a different LFI...

Sudo 1.6.x Password Prompt Heap Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4593/info Sudo is a widely used Linux/Unix utility allow users to securely run commands as other users. Sudo is vulnerable to a heap overflow condition related to it's customizable password prompt feature. The nature of t...

Sudo 1.5/1.6 Heap Corruption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2829/info Sudo superuser do is a security utility that allows administrator to give 'restricted' superuser privileges to certain users. Sudo contains a locally exploitable buffer overrun vulnerability. The overrun conditi...

Sudo Perl 1.6.x Environment Variable Handling Security Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15394/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling the 'PERLLIB', 'PERL5LIB', and 'PERL5OPT' environment...

Astium VoIP PBX <= 2.1 build 25399 - Multiple Vulns Remote Root Exploit

No description provided by source. !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Astium VoIP PBX = v2.1 build 25399 Multiple Vulns Remote Root Exploit Date : 01-02-2012 Author :...

Accellion File Transfer Appliance MPIPE2 Command Execution

No description provided by source. $Id: accellionftampipe2.rb 11935 2011-03-11 17:37:23Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

Sudo 1.6.x Environment Variable Handling Security Bypass Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. A local attacker with the...

Sudo 1.6.x Environment Variable Handling Security Bypass Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. A local attacker with the...

Sudo <= 1.6.8p9 (SHELLOPTS/PS4 ENV variables) Local Root Exploit

No description provided by source. Sudo local root escalation privilege vuln versions : sudo 1.6.8p10 by breno You need sudo access execution for some bash script Use csh shell to change SHELLOPTS env ie: %cat x.sh !/bin/bash -x echo Getting root!! % cat /etc/sudoers ... breno ALL=ALL...

Antologic Antolinux 1.0 Administrative Interface NDCR Parameter Remote Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/9495/info It has been reported that Antologic Antolinux may be prone to a remote command execution vulnerability that may allow an attacker to execute arbitrary commands with the privileges of the server hosting the...

Sudo 1.6.3 Unclean Environment Variable Root Program Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3871/info Sudo is a freely available, open source permissions management software package available for the Linux and Unix operating systems. It is maintained by Todd C. Miller. Under some circumstances, sudo does not...

SunOS <= 4.1.3 LD_LIBRARY_PATH and LD_OPTIONS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/43/info There exists a vulnerability involving environment variables and setuid/setgid programs under SunOS 4.0 and higher. A dynamically-linked program that is invoked by a setuid/setgid program has access to the caller'...

sudo 1.8.0 - 1.8.3p1 Format String Vulnerability

No description provided by source. Phenoelit Advisory wir-haben-auch-mal-was-gefunden 0815 +--++ Authors joernchen joernchen phenoelit de Phenoelit Group http://www.phenoelit.de Affected Products sudo 1.8.0 - 1.8.3p1 http://sudo.ws Vendor communication 2012-01-24 Send vulnerability details to sud...

Sudo <= 1.6.9p18 - (Defaults setenv) Local Privilege Escalation Exploit

No description provided by source. !/bin/sh Sudo = 1.6.9p18 local r00t exploit by Kingcope/2008/www.com-winner.com Most lame exploit EVER! Needs a special configuration in the sudoers file: --- Defaults setenv so environ vars are preserved : --- May also need the current users password to be type...

MobileIron Virtual Smartphone Platform Privilege Escalation Exploit

No description provided by source. MobileIron Virtual Smartphone Platform Privilege Escalation Exploit 0day ======================================================================== The MobileIron Virtual Smartphone Platform is the first solution to combine data-driven smartphone and tablet...

Sudo 1.6.8 Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11204/info Sudo is reported prone to an information disclosure vulnerability. This vulnerability presents itself when sudo is called with the '-e' option, or the 'sudoedit' command is invoked. In certain circumstances,...

Mac OS X Sudo Password Bypass

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'shellwords' class Metasploit3...

Ubuntu: Security Advisory (USN-2255-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...