what you don't know can hurt you
Showing 1 - 12 of 12 RSS Feed

Files from John Fitzpatrick

Email addressjohn.fitzpatrick at mwrinfosecurity.com
First Active2014-02-11
Last Active2018-03-16
IBM Spectrum LSF Privilege Escalation
Posted Mar 16, 2018
Authored by John Fitzpatrick

A vulnerability was identified within IBM Spectrum LSF which made it was possible to impersonate other users when submitting jobs for execution. Additionally, it was found to be possible to impersonate and execute jobs as root, even where root job submission is disabled. Versions affected include 8.3, 9.1.1, 9.1.2, 9.1.3, 10.1, and 10.1.0.1.

tags | advisory, root
advisories | CVE-2017-1205
MD5 | fcb383acaf842a7a41c2f35acf051a84
DDN SFA Default SSH Keys
Posted Jun 15, 2016
Authored by John Fitzpatrick

DDN controllers ship with a set of static entries within the authorized_keys file of several of the user accounts. The corresponding private keys can be obtained from publicly available sources.

tags | exploit
MD5 | 5687082f543efb79e12f33bdb69b4604
DDN SFA Privilege Escalation
Posted Jun 15, 2016
Authored by John Fitzpatrick

DDN SFA suffers from a privilege escalation vulnerability.

tags | advisory
MD5 | a6402c274b33e346c3b926e1c4dd258d
IBM GPFS / Spectrum Scale Command Injection
Posted Jun 8, 2016
Authored by John Fitzpatrick

IBM GPFS version 4.1.0.0 through 4.1.0.8 and 3.5.0.0 through 3.5.0.30 along with Spectrum Scale versions 4.2.0.0 through 4.2.0.2 and 4.1.1.0 through 4.1.1.6 suffer from a command injection vulnerability.

tags | advisory
advisories | CVE-2016-0392
MD5 | c73ca42d9718c27c79aacac694762658
SGI Tempo Database Exposure
Posted Dec 10, 2014
Authored by John Fitzpatrick

It is possible for users of ICE-X supercomputers to gain access to backups of system configuration databases.

tags | exploit, info disclosure
advisories | CVE-2014-7303
MD5 | b0145c7764f82782216a3e18a44720cc
SGI Tempo Database Password Disclosure
Posted Dec 10, 2014
Authored by John Fitzpatrick

SGI Tempo systems expose a database password in the world readable /etc/odapw file.

tags | exploit, info disclosure
advisories | CVE-2014-7301
MD5 | 8a8adb713bcf5b950553995957aedf04
SGI Tempo vx Setuid Privilege Escalation
Posted Dec 10, 2014
Authored by Luke Jennings, John Fitzpatrick, MWR Labs

/opt/sgi/sgimc/bin/vx, a setuid binary on SGI Tempo systems, allows for privilege escalation.

tags | exploit
advisories | CVE-2014-7302
MD5 | e101f84019925fb5ab6fb2b018ce509b
Moab Insecure Message Signing Authentication Bypass
Posted Sep 30, 2014
Authored by Luke Jennings, John Fitzpatrick

Moab suffers from an insecure message signing authentication bypass vulnerability. All versions up to 8 can be affected depending on the configuration.

tags | exploit, bypass
advisories | CVE-2014-5376
MD5 | 2e16b32d63612f6f95c59d77b259644c
Moab User Impersonation
Posted Sep 30, 2014
Authored by John Fitzpatrick

Moab versions prior to 7.2.9 and 8 suffer from a user impersonation vulnerability.

tags | exploit
advisories | CVE-2014-5375
MD5 | 99ccfde4a6ae090028b013791b0e6a8f
Moab Dynamic Configuration Authentication Bypass
Posted Sep 30, 2014
Authored by John Fitzpatrick

Moab versions prior to 7.2.9 and 8 suffer from a dynamic reconfiguration authentication bypass issue that allows for remote code execution.

tags | exploit, remote, code execution, bypass
advisories | CVE-2014-5300
MD5 | f79a6145682714490c4cdccc40200b92
Torque 2.5.13 Buffer Overflow
Posted May 16, 2014
Authored by John Fitzpatrick

Torque versions 2.5.13 and below suffer from a buffer overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2014-0749
MD5 | 5a9a4a9391a49136e452e75315175e01
Cray Aprun / Apinit Privilege Escalation
Posted Feb 11, 2014
Authored by Luke Jennings, John Fitzpatrick | Site mwrinfosecurity.com

Apinit and aprun are utilities used to schedule tasks on Cray supercomputers. Apinit runs as a service on compute nodes and aprun is used to communicate with these nodes. The apinit service does not safely validate messages supplied to it through the use of aprun. Users of Cray systems are able to exploit this weakness in order to execute commands on the compute nodes of a Cray supercomputer as arbitrary users, including root (UID 0).

tags | exploit, arbitrary, root
advisories | CVE-2014-0748
MD5 | 21d0b956caecbd9b1dd93392e55bf85b
Page 1 of 1
Back1Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close