exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed


Qualys Security Advisory - Qmail Remote Code Execution
Posted May 21, 2020
Authored by Alexander Peslyak, Qualys Security Advisory, Stephane Bellenger, Jean-Paul Michel, Julien Barthelemy, Andrew Richards

In 2005, three vulnerabilities were discovered in qmail but were never fixed because they were believed to be unexploitable in a default installation. Qualys recently re-discovered these vulnerabilities and were able to exploit one of them remotely in a default installation.

tags | exploit, vulnerability
advisories | CVE-2005-1513, CVE-2005-1514, CVE-2005-1515, CVE-2020-3811, CVE-2020-3812
SHA-256 | b40bd18472de68aa880c0372a9f3305689c40f370d5468a34516ef9530fd6906

Related Files

glibc syslog() Heap-Based Buffer Overflow
Posted Jan 31, 2024
Authored by Qualys Security Advisory

Qualys discovered a heap-based buffer overflow in the GNU C Library's __vsyslog_internal() function, which is called by both syslog() and vsyslog(). This vulnerability was introduced in glibc 2.37 (in August 2022).

tags | exploit, advisory, overflow
advisories | CVE-2023-6246
SHA-256 | 848273d3a06e2a275e111a84edea6cdd3e2e29de8b47a4efd45b2d0d9c53c768
undefinedglibc qsort() Out-Of-Bounds Read / Writeundefined
Posted Jan 31, 2024
Authored by Qualys Security Advisory

Qualys discovered a memory corruption in the glibc's qsort() function, due to a missing bounds check. To be vulnerable, a program must call qsort() with a nontransitive comparison function (a function cmp(int a, int b) that returns (a - b), for example) and with a large number of attacker-controlled elements (to cause a malloc() failure inside qsort()). They have not tried to find such a vulnerable program in the real world. All glibc versions from at least September 1992 (glibc 1.04) to the current release (glibc 2.38) are affected, but the glibc's developers have independently discovered and patched this memory corruption in the master branch.

tags | exploit, advisory
advisories | CVE-2023-6246
SHA-256 | f022f88e03996ad79c15bbc5396c143469581fda50195569cb1d3981ecc6fad8
glibc ld.so Local Privilege Escalation
Posted Oct 6, 2023
Authored by Qualys Security Advisory

Dubbed Looney Tunables, Qualys discovered a buffer overflow vulnerability in the glibc dynamic loader's processing of the GLIBC_TUNABLES environment variable. This vulnerability was introduced in April 2021 (glibc 2.34) by commit 2ed18c.

tags | exploit, overflow
advisories | CVE-2023-4911
SHA-256 | b12ee8e52aaf3d3287a35bb3ed77d6ea42f79734e21c6428997ffd1749823961
OpenSSH Forwarded SSH-Agent Remote Code Execution
Posted Jul 20, 2023
Authored by Qualys Security Advisory

The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.

tags | exploit, remote, code execution
advisories | CVE-2023-38408
SHA-256 | e93ab81da334d2b2c5f8f662d87f396041e5e366d8b286e3907b5cb137de0e8e
RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution
Posted Jun 8, 2023
Authored by Qualys Security Advisory

RenderDoc versions 1.26 and below suffer from integer underflow, integer overflow, and symlink vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2023-33863, CVE-2023-33864, CVE-2023-33865
SHA-256 | cc497579b678adb0532eece7bf7f32783a2ff614acf426c5981789ff6293796c
snap-confine must_mkdir_and_open_with_perms() Race Condition
Posted Dec 9, 2022
Authored by Qualys Security Advisory

Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973).

tags | exploit, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-44731, CVE-2022-3328, CVE-2022-41973, CVE-2022-41974
SHA-256 | ae9802d4db6010e09c5ca96ad72cd8f9bb70aff4d7af8a1ec00cebd3203d1f95
Leeloo Multipath Authorization Bypass / Symlink Attack
Posted Oct 31, 2022
Authored by Qualys Security Advisory

The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.

tags | exploit, vulnerability
advisories | CVE-2022-41973, CVE-2022-41974
SHA-256 | 9fd49ad2d42596cc152f6771bcdd491b37e2986a01a0b0cdb2f997469ee1fdec
Sudo Heap-Based Buffer Overflow
Posted Jan 27, 2021
Authored by Qualys Security Advisory

Qualys has released extensive research details regarding a heap-based buffer overflow vulnerability in sudo. The issue was introduced in July 2011 (commit 8255ed69), and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1, in their default configuration.

tags | exploit, overflow
advisories | CVE-2021-3156
SHA-256 | 49c51fff2702ea3bb7dc155cf79d48dec6f6a7a00b13a95caf7f36a3f59b319f
OpenSMTPD Out-Of-Bounds Read
Posted Feb 25, 2020
Authored by Qualys Security Advisory

Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability, an out-of-bounds read introduced in December 2015, is exploitable remotely and leads to the execution of arbitrary shell commands.

tags | exploit, arbitrary, shell
systems | openbsd
advisories | CVE-2020-8794
SHA-256 | 2c58b82819510289b2fd55d1c6a82b81b279777abd6a6b0db391f990ec12b148
OpenSMTPD Local Information Disclosure
Posted Feb 25, 2020
Authored by Qualys Security Advisory

Qualys discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server. An unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem). A proof of concept exploit is included in this archive.

tags | exploit, arbitrary, local, root, proof of concept
systems | openbsd
advisories | CVE-2020-8793
SHA-256 | 3617b8854e485e1d063e08764e96429e54c6b7bb0467d127e819133f80c925d5
Qualys Security Advisory - OpenBSD Authentication Bypass / Privilege Escalation
Posted Dec 5, 2019
Site qualys.com

Qualys has discovered that OpenBSD suffers from multiple authentication bypass and local privilege escalation vulnerabilities.

tags | exploit, local, vulnerability
systems | openbsd
advisories | CVE-2019-19519, CVE-2019-19520, CVE-2019-19521, CVE-2019-19522
SHA-256 | f17dd04f6e2715e22520176b0b9b59af9523bd1f17067f5a5814eb8675c0497d
Exim 4.9.1 Remote Command Execution
Posted Jun 6, 2019
Authored by Qualys Security Advisory

Qualys discovered a remote command execution vulnerability in Exim versions 4.87 to 4.91.

tags | advisory, remote
advisories | CVE-2019-10149
SHA-256 | ccf81b809451dabd0ae35b330095955b9998319116314052fc75a06a7dd5e3e8
Linux create_elf_tables() Integer Overflow
Posted Sep 26, 2018
Authored by Qualys Security Advisory

Linux suffers from an integer overflow vulnerability in create_elf_tables(). Multiple exploits provided.

tags | exploit, overflow
systems | linux
advisories | CVE-2018-14634
SHA-256 | 96f76be0c1dab33a40b6145fd293ceab661f631350fcf639a1e4bdb1faedbb92
Qualys Security Advisory - GNU C Library Memory Leak / Buffer Overflow
Posted Dec 13, 2017
Authored by Qualys Security Advisory

Qualys has discovered a memory leak and a buffer overflow in the dynamic loader (ld.so) of the GNU C Library (glibc).

tags | exploit, overflow, memory leak
advisories | CVE-2017-1000408, CVE-2017-1000409
SHA-256 | ab2ee457cd217c4af1e191968f48de6c5ef96258d1fcf05193b1e417d462e8ef
Linux Local Privilege Escalation
Posted Sep 28, 2017
Authored by Qualys Security Advisory

A Linux PIE/stack corruption vulnerability exists. Most notably, all versions of CentOS 7 before 1708 (released on September 13, 2017), all versions of Red Hat Enterprise Linux 7 before 7.4 (released on August 1, 2017), and all versions of CentOS 6 and Red Hat Enterprise Linux 6 are exploitable.

tags | advisory
systems | linux, redhat, centos
advisories | CVE-2017-1000253
SHA-256 | e629fc1437f3afd0ad4608b004f8c31a78825d7d031176a742308b19fc02b46d
Sudo get_process_ttyname() Race Condition
Posted Jun 2, 2017
Site qualys.com

Sudo's get_process_ttyname() on Linux suffers from a race condition that allows for root privilege escalation.

tags | exploit, root
systems | linux
advisories | CVE-2017-1000367
SHA-256 | fedac891bbdaf97f55757b635d5ae075843da48925d762d5149a49ade19918cd
Qualys Security Advisory - OpenSSH Overflow / Leak
Posted Jan 15, 2016
Authored by Qualys Security Advisory

Since version 5.4 (released on March 8, 2010), the OpenSSH client supports an undocumented feature called roaming: if the connection to an SSH server breaks unexpectedly, and if the server supports roaming as well, the client is able to reconnect to the server and resume the suspended SSH session. Although roaming is not supported by the OpenSSH server, it is enabled by default in the OpenSSH client, and contains two vulnerabilities that can be exploited by a malicious SSH server (or a trusted but compromised server): an information leak (memory disclosure), and a buffer overflow (heap-based).

tags | advisory, overflow, vulnerability
advisories | CVE-2016-0777, CVE-2016-0778
SHA-256 | 6d98389560de3c7942fe87c17e680b28f2ad90ec6c5d8f9a0f59e153dff5d23e
Qualys Security Advisory - LibreSSL Leak / Overflow
Posted Oct 18, 2015
Authored by Qualys Security Advisory

Qualys discovered various vulnerabilities in LibreSSL. These include a memory leak and a buffer overflow.

tags | advisory, overflow, vulnerability, memory leak
advisories | CVE-2015-5333, CVE-2015-5334
SHA-256 | b0de9f18c202a6ac93d7fb4c44048d40aa246b6dbb04fa3756ef345d6a3bb3ef
Qualys Security Advisory - OpenSMTPD Audit Report
Posted Oct 4, 2015
Authored by Qualys Security Advisory

Qualys discovered various vulnerabilities in OpenSMTPD. These include, but are not limited to, denial of service, buffer overflow, hardlink attack and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
SHA-256 | a0a4071e027cd0032bb15321814e2500f5dbd461a8b3356d921e787243fd6c28
Qualys Security Advisory - userhelper / libuser
Posted Jul 23, 2015
Authored by Qualys Security Advisory

The libuser library implements a standardized interface for manipulating and administering user and group accounts, and is installed by default on Linux distributions derived from Red Hat's codebase. During an internal code audit at Qualys, they discovered multiple libuser-related vulnerabilities that allow local users to perform denial-of-service and privilege-escalation attacks. As a proof of concept, they developed an unusual local root exploit against one of libuser's applications. Both the advisory and exploit are included in this post.

tags | exploit, local, root, vulnerability, proof of concept
systems | linux, redhat
advisories | CVE-2015-3245, CVE-2015-3246
SHA-256 | 8ca265d19600f642e0b8538ca2edb894bbc57f28b26136e6f5ea36ae5e348827
Posted Dec 6, 2002
Authored by deadbeat

Apache 1.3.xx / Tomcat server with mod_jk remote denial of service exploit which uses chunked encoding requests, as described in Qualys Security Advisory QSA-2002-12-04.

tags | remote, denial of service
SHA-256 | 26c922cb94695de52658f3b16ebbeebff4426b27d96a6b5ee0ee308e4f190146
Page 1 of 1

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By