what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 3,620 RSS Feed

Root Files

Openmediavault Remote Code Execution / Local Privilege Escalation
Posted May 9, 2024
Authored by Mert BENADAM

Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive reverse shell connections.

tags | exploit, web, shell, root
SHA-256 | f54e108c3e072e69c000f9759d386e86aae92493e17fbe4348a5bdd7b5278328
Gentoo Linux Security Advisory 202405-28
Posted May 9, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202405-28 - Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.223.02 are affected.

tags | advisory, root, vulnerability
systems | linux, gentoo
advisories | CVE-2023-25515, CVE-2023-25516, CVE-2023-31022
SHA-256 | 4d1b35515c6ffab8d4f949193b102ed87d31b8db5b0343e6731e457ac07224aa
Ray OS 2.6.3 Command Injection
Posted Apr 12, 2024
Authored by Fire_Wolf

The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system is configured to allow passwordless sudo (a setup some Ray configurations require) this will result in a root shell being returned to the user. If not configured, a user level shell will be returned. Versions 2.6.3 and below are affected.

tags | exploit, arbitrary, shell, root
advisories | CVE-2023-6019
SHA-256 | 71d55c6a52e12ee9261d11d52085671ffd68404f5deb15af6740a69e8a217fba
Circontrol Raption Buffer Overflow / Command Injection
Posted Mar 28, 2024
Authored by Dariusz Gonda, Abert Spruyt, Alex Salvetti

The server in Circontrol Raption versions through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection.

tags | exploit, web, overflow, root
advisories | CVE-2020-8006, CVE-2020-8007
SHA-256 | 2a13323836730c890a63f333a24fcfb62637513c16193386327b7be986133bb0
Hunting Down The HVCI Bug In UEFI
Posted Mar 14, 2024
Authored by Satoshi TANDA, Andrea Allievi | Site tandasat.github.io

This post details the story and technical details of the non-secure Hypervisor-Protected Code Integrity (HVCI) configuration vulnerability disclosed and fixed with the January 9th update on Windows. This vulnerability, CVE-2024-21305, allowed arbitrary kernel-mode code execution, effectively bypassing HVCI within the root partition.

tags | advisory, arbitrary, kernel, root, code execution
systems | windows
advisories | CVE-2024-21305
SHA-256 | 9d64188a47060dad96a12b2b5fc06e5f3f52c1141722943d26696fa195cc355b
Artica Proxy 4.50 Loopback Service Disclosure
Posted Mar 6, 2024
Authored by Jim Becher, Jaggar Henry | Site korelogic.com

Services that are running and bound to the loopback interface on the Artica Proxy version 4.50 are accessible through the proxy service. In particular, the tailon service is running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.

tags | exploit, root, tcp
advisories | CVE-2024-2056
SHA-256 | 0693c2ce363baaef7b371443418fb29623edc052f8d82f02eea207672f271e4b
Artica Proxy 4.40 / 4.50 Authentication Bypass / Privilege Escalation
Posted Mar 6, 2024
Authored by Jim Becher | Site korelogic.com

The Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. This provides an unauthenticated attacker complete access to the file system.

tags | exploit, web, root
advisories | CVE-2024-2055
SHA-256 | 4e458aef9f797d0714e86e3cbbbe7fdd8225fa1b68b23cd60a66a992d28a4eb5
LaborOfficeFree 19.10 MySQL Root Password Calculator
Posted Feb 12, 2024
Authored by Peter Gabaldon | Site pgj11.com

LaborOfficeFree installs a MySQL instance that runs as SYSTEM and calculates the MySQL root password based on two constants. Each time the program needs to connect to MySQL as root, it employs the reverse algorithm to calculate the root password. This issue has been tested on version 19.10 exclusively, but allegedly, versions prior to 19.10 are also vulnerable.

tags | exploit, root
advisories | CVE-2024-1346
SHA-256 | 502b91c78328e6802a45c0f60c137a3525f50e9237efcfdd31c3ae86aa049a38
runc 1.1.11 File Descriptor Leak Privilege Escalation
Posted Feb 5, 2024
Authored by h00die, Rory McNamara | Site metasploit.com

runc versions 1.1.11 and below, as used by containerization technologies such as Docker engine and Kubernetes, are vulnerable to an arbitrary file write vulnerability. Due to a file descriptor leak it is possible to mount the host file system with the permissions of runc (typically root). Successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 using Docker build.

tags | exploit, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2024-21626
SHA-256 | c42842f57bc20a342f98ba3468fd922f4034a579676faa1da23d0d71f03b5e91
TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection
Posted Jan 31, 2024
Authored by LiquidWorm | Site zeroscience.mk

TELSAT marKoni FM Transmitter version 1.9.5 is susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the wget module. This allows the attacker to gain unauthorized access to the system with administrative privileges by exploiting the url parameter in the HTTP GET request to ekafcgi.fcgi.

tags | exploit, remote, web, root, code execution
SHA-256 | 46341d10fda6afba8c75a394bb4b32d1f7ec8fe113f6eab57560a1e8d79ab38a
Vinchin Backup And Recovery 7.2 Default Root Credentials
Posted Jan 26, 2024
Authored by Valentin Lobstein

Vinchin Backup and Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security vulnerability.

tags | exploit, root
advisories | CVE-2024-22902
SHA-256 | 143e6238373ef81a5ff8ac20adcd938850570b964ce2524cbda8409d063c34f6
Gentoo Linux Security Advisory 202312-10
Posted Dec 26, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-10 - A vulnerability has been found in Ceph which can lead to root privilege escalation. Versions greater than or equal to 17.2.6 are affected.

tags | advisory, root
systems | linux, gentoo
advisories | CVE-2022-3650
SHA-256 | daf313bfa471e6c911b744215f7deaf8540dd85955b1584a4642d7487964ba48
Glibc Tunables Privilege Escalation
Posted Dec 21, 2023
Authored by Blasty, jheysel-r7, Qualys Threat Research Unit | Site metasploit.com

A buffer overflow exists in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. It has been dubbed Looney Tunables. This issue allows an local attacker to use maliciously crafted GLIBC_TUNABLES when launching binaries with SUID permission to execute code in the context of the root user. This Metasploit module targets glibc packaged on Ubuntu and Debian. Fedora 37 and 38 and other distributions of linux also come packaged with versions of glibc vulnerable to CVE-2023-4911 however this module does not target them.

tags | exploit, overflow, local, root
systems | linux, debian, fedora, ubuntu
advisories | CVE-2023-4911
SHA-256 | e48ab23fe12076a6f076606de74abf4141a72444bfb88e5c9ea8bf73a3f2b891
Docker cgroups Container Escape
Posted Dec 7, 2023
Authored by h00die, Kevin Wang, T1erno, Yiqi Sun | Site metasploit.com

This Metasploit exploit module takes advantage of a Docker image which has either the privileged flag, or SYS_ADMIN Linux capability. If the host kernel is vulnerable, its possible to escape the Docker image and achieve root on the host operating system. A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

tags | exploit, kernel, root
systems | linux
advisories | CVE-2022-0492
SHA-256 | f89ca645e9a7ab68a61d054b319e54c6af9a4e97faf0cab7987d8a5f919f6c11
TitanNit Web Control 2.01 / Atemio 7600 Root Remote Command Execution
Posted Nov 27, 2023
Authored by LiquidWorm | Site zeroscience.mk

The Atemio AM 520 HD Full HD satellite receiver has a vulnerability that enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the getcommand query within the application, allowing the attacker to gain root access. Firmware versions 2.01 and below are affected.

tags | exploit, root
SHA-256 | 3449aff141402f4665fd423173623d011160d26c4468883c56ce200716f8753a
Gentoo Linux Security Advisory 202311-05
Posted Nov 25, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202311-5 - Multiple vulnerabilities have been discovered in LinuxCIFS utils, the worst of which can lead to local root privilege escalation. Versions greater than or equal to 6.15 are affected.

tags | advisory, local, root, vulnerability
systems | linux, gentoo
advisories | CVE-2022-27239, CVE-2022-29869
SHA-256 | 2df3a244ab0a653e6ab0651e00d597833f4a9040f9e8b554d3af1aa0e1eab561
Gentoo Linux Security Advisory 202311-07
Posted Nov 25, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202311-7 - A vulnerability has been found in AIDE which can lead to root privilege escalation. Versions greater than or equal to 0.17.4 are affected.

tags | advisory, root
systems | linux, gentoo
advisories | CVE-2021-45417
SHA-256 | 607a9cc94009113695795110e51fd3f99f4c844d2fac41b93831a6c0378d85a3
Gentoo Linux Security Advisory 202311-06
Posted Nov 25, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202311-6 - Multiple vulnerabilities have been discovered in multipath-tools, the worst of which can lead to root privilege escalation. Versions greater than or equal to 0.9.3 are affected.

tags | advisory, root, vulnerability
systems | linux, gentoo
advisories | CVE-2022-41973, CVE-2022-41974
SHA-256 | 63195caeb1700e3984a26a911b340418b6255d4604193db4aa5e182c66a21b28
Cisco IOX XE Unauthenticated Remote Code Execution
Posted Nov 14, 2023
Authored by sfewer-r7 | Site metasploit.com

This Metasploit module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable instances of Cisco IOS XE devices which have the web UI exposed. An attacker can execute a payload with root privileges. The vulnerable IOS XE versions are 16.1.1, 16.1.2, 16.1.3, 16.2.1, 16.2.2, 16.3.1, 16.3.2, 16.3.3, 16.3.1a, 16.3.4, 16.3.5, 16.3.5b, 16.3.6, 16.3.7, 16.3.8, 16.3.9, 16.3.10, 16.3.11, 16.4.1, 16.4.2, 16.4.3, 16.5.1, 16.5.1a, 16.5.1b, 16.5.2, 16.5.3, 16.6.1, 16.6.2, 16.6.3, 16.6.4, 16.6.5, 16.6.4s, 16.6.4a, 16.6.5a, 16.6.6, 16.6.5b, 16.6.7, 16.6.7a, 16.6.8, 16.6.9, 16.6.10, 16.7.1, 16.7.1a, 16.7.1b, 16.7.2, 16.7.3, 16.7.4, 16.8.1, 16.8.1a, 16.8.1b, 16.8.1s, 16.8.1c, 16.8.1d, 16.8.2, 16.8.1e, 16.8.3, 16.9.1, 16.9.2, 16.9.1a, 16.9.1b, 16.9.1s, 16.9.1c, 16.9.1d, 16.9.3, 16.9.2a, 16.9.2s, 16.9.3h, 16.9.4, 16.9.3s, 16.9.3a, 16.9.4c, 16.9.5, 16.9.5f, 16.9.6, 16.9.7, 16.9.8, 16.9.8a, 16.9.8b, 16.9.8c, 16.10.1, 16.10.1a, 16.10.1b, 16.10.1s, 16.10.1c, 16.10.1e, 16.10.1d, 16.10.2, 16.10.1f, 16.10.1g, 16.10.3, 16.11.1, 16.11.1a, 16.11.1b, 16.11.2, 16.11.1s, 16.11.1c, 16.12.1, 16.12.1s, 16.12.1a, 16.12.1c, 16.12.1w, 16.12.2, 16.12.1y, 16.12.2a, 16.12.3, 16.12.8, 16.12.2s, 16.12.1x, 16.12.1t, 16.12.2t, 16.12.4, 16.12.3s, 16.12.1z, 16.12.3a, 16.12.4a, 16.12.5, 16.12.6, 16.12.1z1, 16.12.5a, 16.12.5b, 16.12.1z2, 16.12.6a, 16.12.7, 16.12.9, 16.12.10, 17.1.1, 17.1.1a, 17.1.1s, 17.1.2, 17.1.1t, 17.1.3, 17.2.1, 17.2.1r, 17.2.1a, 17.2.1v, 17.2.2, 17.2.3, 17.3.1, 17.3.2, 17.3.3, 17.3.1a, 17.3.1w, 17.3.2a, 17.3.1x, 17.3.1z, 17.3.3a, 17.3.4, 17.3.5, 17.3.4a, 17.3.6, 17.3.4b, 17.3.4c, 17.3.5a, 17.3.5b, 17.3.7, 17.3.8, 17.4.1, 17.4.2, 17.4.1a, 17.4.1b, 17.4.1c, 17.4.2a, 17.5.1, 17.5.1a, 17.5.1b, 17.5.1c, 17.6.1, 17.6.2, 17.6.1w, 17.6.1a, 17.6.1x, 17.6.3, 17.6.1y, 17.6.1z, 17.6.3a, 17.6.4, 17.6.1z1, 17.6.5, 17.6.6, 17.7.1, 17.7.1a, 17.7.1b, 17.7.2, 17.10.1, 17.10.1a, 17.10.1b, 17.8.1, 17.8.1a, 17.9.1, 17.9.1w, 17.9.2, 17.9.1a, 17.9.1x, 17.9.1y, 17.9.3, 17.9.2a, 17.9.1x1, 17.9.3a, 17.9.4, 17.9.1y1, 17.11.1, 17.11.1a, 17.12.1, 17.12.1a, and 17.11.99SW.

tags | exploit, web, root
systems | cisco, ios
advisories | CVE-2023-20198, CVE-2023-20273
SHA-256 | be4a53963822186eefd3bca295bd3248275803476bbc0166365af13898f5fd55
F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution
Posted Nov 14, 2023
Authored by wvu, Mikhail Klyuchnikov | Site metasploit.com

This Metasploit module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface (TMUI) to upload a shell script and execute it as the Unix root user. Unix shell access is obtained by escaping the restricted Traffic Management Shell (TMSH). The escape may not be reliable, and you may have to run the exploit multiple times. Versions 11.6.1-11.6.5, 12.1.0-12.1.5, 13.1.0-13.1.3, 14.1.0-14.1.2, 15.0.0, and 15.1.0 are known to be vulnerable. Fixes were introduced in 11.6.5.2, 12.1.5.2, 13.1.3.4, 14.1.2.6, and 15.1.0.4. Tested against the VMware OVA release of 14.1.2.

tags | exploit, shell, root
systems | unix
advisories | CVE-2020-5902
SHA-256 | 9f3da84fe52bba475dcd0252ca14c6e0af76dd98df5d1edaaccc7c9a737db2bb
Ubuntu Security Notice USN-6458-1
Posted Oct 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6458-1 - It was discovered that Slurm did not properly handle credential management, which could allow an unprivileged user to impersonate the SlurmUser account. An attacker could possibly use this issue to execute arbitrary code as the root user. It was discovered that Slurm did not properly handle access control when dealing with RPC traffic through PMI2 and PMIx, which could allow an unprivileged user to send data to an arbitrary unix socket in the host. An attacker could possibly use this issue to execute arbitrary code as the root user.

tags | advisory, arbitrary, root
systems | linux, unix, ubuntu
advisories | CVE-2022-29500, CVE-2022-29501, CVE-2022-29502
SHA-256 | fd8be9a6e4a0f304eeeaae3e16f54de466dd929852f00ffb10c2647f58340c01
VMWare Aria Operations For Networks SSH Private Key Exposure
Posted Oct 24, 2023
Authored by h00die, Harsh Jaiswal, Rahul Maini, SinSinology | Site metasploit.com

VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" (root) user.

tags | exploit, remote, root
advisories | CVE-2023-34039
SHA-256 | 64ffcacaea1bc62f727b2dd191fed3e691ed87d11e14a28285a0d1db38476562
Gentoo Linux Security Advisory 202310-08
Posted Oct 9, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-8 - A root privilege escalation through setuid executable and cron job has been discovered in man-db. Versions greater than or equal to 2.8.5 are affected.

tags | advisory, root
systems | linux, gentoo
advisories | CVE-2018-25078
SHA-256 | e4aabe866e1c6ec648f354ecbe47520ee91be112fc27b1f17b9e4e613a3bc3ab
Gentoo Linux Security Advisory 202310-02
Posted Oct 3, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-2 - Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.182.03 are affected.

tags | advisory, root, vulnerability
systems | linux, gentoo
advisories | CVE-2021-1052, CVE-2021-1053, CVE-2021-1056, CVE-2021-1076, CVE-2021-1077, CVE-2021-1090, CVE-2021-1093, CVE-2021-1094, CVE-2021-1095, CVE-2022-21813, CVE-2022-21814, CVE-2022-28181, CVE-2022-28183, CVE-2022-28184
SHA-256 | e1c6f338635adcbb35a166273024df96da7e5ca947db3cceedbfe4f89dc0a07d
Juniper SRX Firewall / EX Switch Remote Code Execution
Posted Oct 2, 2023
Authored by Ron Bowes, Jacob Baines, jheysel-r7 | Site metasploit.com

This Metasploit module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices running FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The first being auto_prepend_file which causes the provided file to be added using the require function. The second PHP function is allow_url_include which allows the use of URL-aware fopen wrappers. By enabling allow_url_include, the exploit can use any protocol wrapper with auto_prepend_file. The module then uses data:// to provide a file inline which includes the base64 encoded PHP payload. By default this exploit returns a session confined to a FreeBSD jail with limited functionality. There is a datastore option JAIL_BREAK, that when set to true, will steal the necessary tokens from a user authenticated to the J-Web application, in order to overwrite the root password hash. If there is no user authenticated to the J-Web application this method will not work. The module then authenticates with the new root password over SSH and then rewrites the original root password hash to /etc/master.passwd.

tags | exploit, web, root, php, protocol
systems | freebsd, bsd, juniper
advisories | CVE-2023-36845
SHA-256 | 23552b23e1cc0e2022181944f8894c8f7203e6893e7d1127561c3ffd867b9517
Page 1 of 145
Back12345Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close