This is a Metasploit module for the argument processing bug in the polkit pkexec binary. If the binary is provided with no arguments, it will continue to process environment variables as argument variables, but without any security checking. By using the execve call we can specify a null argument list and populate the proper environment variables. This exploit is architecture independent.
45168e34096e858ea0c2f1c2c12695c4121ec633a36c09aef6de9a8d95de3371
This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands. This vulnerability has been reintroduced in the Apache 2.4.50 fix (CVE-2021-42013).
a75779abdd3a9f2a319a34c0efbba4f95b420f39624081c3a13752641b7c8d6d
This Metasploit module exploits an authenticated directory traversal vulnerability in Zen Load Balancer version 3.10.1. The flaw exists in index.cgi not properly handling the filelog= parameter which allows a malicious actor to load arbitrary file path.
235cfaea63888533e4913051ad738896e2564cdbfb458391c3f2c2d2c0432e38
VLC for iOS was vulnerable to an unauthenticated insecure direct object reference vulnerability allowing for an attacker to compromise media. This issue was patched in the March, 2020 release.
659914d9efc7ff4458622d27c5cf28ce29be80b5ebb58157129b4c7297c0d139
Wing FTP Server version 2.3 suffers from a cross site request forgery vulnerability.
124fca20874002626f2d8946acbd25924520c3250f40f9e33e051e1f1bc5a1bf
This is a brief whitepaper that discusses fuzzing the VIM editor.
b961ee5f08adf14aeb3683b15f97a4a747d4d428142b2f7ac487d4c97fc8d786
VIM version 8.2 suffers from a denial of service vulnerability.
a3c8101320cac1a692fc67929911f629814fff48f2fc8ab1066f6343826be239
This is an nmap nse script to test for the path traversal vulnerability in Citrix Application Delivery Controller (ADC) and Gateway.
078997b326852f40549231510ea278d6e98e39608b88703f2a45f6a9734b1d28
VIM version 8.1.2135 suffers from a heap use-after-free vulnerability using freed memory with autocmd.
4c96c1b707150c62f170d081c709f5113fd68839f8775298501fd594a3ebb4d2
In libyal libfwsi versions prior to 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported.
46e852d4c7c1971b5e6984b6483409bbb11e258031a5a6fb7803147f5c7a344d
Xpdf version 4.02 suffers from a null pointer dereference vulnerability.
714323324124447a3720e4acecefa4a5621bc11ef45ca9e104d7bc6b946bbddd
Supra Smart Cloud TV suffers from an openLiveURL() remote file inclusion vulnerability.
36d9b0b5cd1b087e4e8ad3e10950200b370a681e06ac888c6f0a7087cf752c68
Typora version 0.9.9.24.6 suffers from a directory traversal vulnerability.
d701e0872d46eff9fc856c8428a213430d7d1c726d700916ecbb1772e5e4f60e
This Metasploit module exploits an unauthenticated directory traversal vulnerability which exists in Spring Cloud Config versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6. Spring Cloud Config listens by default on port 8888.
39f19c1a165c51512a1ca99f92c17456b0d2f8470dbf6c008d92f912f1f1c01c
Apache Pluto versions 3.0.0 and 3.0.1 suffer from a persistent cross site scripting vulnerability.
bc0a3e0163f2496ba695cd031c4936411fb61ecb6d3dd26b359fcdc291d07788
Evernote version 4.9 suffers from a path traversal that can allow for code execution.
b08c7a210842b3ac5ca0df6b59fe9b17d6c7def80cc11bf9635441acb2c7e805
GattLib version 0.2 suffers from a stack buffer overflow vulnerability.
abc54a3ecb91a2f0c11413922e317fa0853914846776f05005e2f5cdc2583758
aria2 version 1.33.1 suffers from a password disclosure vulnerability when logging URLs with secrets in them.
c9a89b510de5819685313fe5c01392487764e5029cdba9ab6aea6eed65444c6a
Poppler version 0.62.0-2ubuntu2.2 suffers from a null pointer dereference vulnerability.
eefc34085f4ae1117d3cf2f9e4ef43c05e5c4c134c9f2b2201329c21bec52935
libIEC61850 suffers from a buffer overflow vulnerability.
7f345c76433a18e2415c145a0b4a203c7bfde49a86b342505ad7abbea0fb0469
This Metasploit module exploits an elevation of privilege vulnerability that exists in Windows 7 and 2008 R2 when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This Metasploit module is tested against windows 7 x86, windows 7 x64 and windows server 2008 R2 standard x64.
79eca834aca76d7c9dcfa923affa9994710ca886d5626b9d0a2674dfb96f1d76
Telegram Desktop (aka tdesktop) version 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition.
403d589cc6a5ea07271b82c1735eb2b83f8bd8d26b73314ba14ca09778438e33
This Metasploit module gathers phpMyAdmin credentials from a target linux machine.
5ff70db330dfb5a4f9e077101c4ac494e8ecbbd010bd2c1ee7d93939ca5de46d
An out-of-band resource load issue was discovered on Xiaomi MIWiFi Xiaomi_55DD version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response.
3009618569c7f9a4821f3bb06ab287272fdc30831703a02f10b8723b781740ae
Epiphany Web Browser version 3.28.1 suffers from a denial of service vulnerability.
1758cccd73bc21ff82407736bbffd17f7a0ef7a1313cd5c9281a9c53d20c7165