This is a Metasploit module for the argument processing bug in the polkit pkexec binary. If the binary is provided with no arguments, it will continue to process environment variables as argument variables, but without any security checking. By using the execve call we can specify a null argument list and populate the proper environment variables. This exploit is architecture independent.
45168e34096e858ea0c2f1c2c12695c4121ec633a36c09aef6de9a8d95de3371This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands. This vulnerability has been reintroduced in the Apache 2.4.50 fix (CVE-2021-42013).
a75779abdd3a9f2a319a34c0efbba4f95b420f39624081c3a13752641b7c8d6dThis Metasploit module exploits an authenticated directory traversal vulnerability in Zen Load Balancer version 3.10.1. The flaw exists in index.cgi not properly handling the filelog= parameter which allows a malicious actor to load arbitrary file path.
235cfaea63888533e4913051ad738896e2564cdbfb458391c3f2c2d2c0432e38VLC for iOS was vulnerable to an unauthenticated insecure direct object reference vulnerability allowing for an attacker to compromise media. This issue was patched in the March, 2020 release.
659914d9efc7ff4458622d27c5cf28ce29be80b5ebb58157129b4c7297c0d139Wing FTP Server version 2.3 suffers from a cross site request forgery vulnerability.
124fca20874002626f2d8946acbd25924520c3250f40f9e33e051e1f1bc5a1bfThis is a brief whitepaper that discusses fuzzing the VIM editor.
b961ee5f08adf14aeb3683b15f97a4a747d4d428142b2f7ac487d4c97fc8d786VIM version 8.2 suffers from a denial of service vulnerability.
a3c8101320cac1a692fc67929911f629814fff48f2fc8ab1066f6343826be239This is an nmap nse script to test for the path traversal vulnerability in Citrix Application Delivery Controller (ADC) and Gateway.
078997b326852f40549231510ea278d6e98e39608b88703f2a45f6a9734b1d28VIM version 8.1.2135 suffers from a heap use-after-free vulnerability using freed memory with autocmd.
4c96c1b707150c62f170d081c709f5113fd68839f8775298501fd594a3ebb4d2In libyal libfwsi versions prior to 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported.
46e852d4c7c1971b5e6984b6483409bbb11e258031a5a6fb7803147f5c7a344dXpdf version 4.02 suffers from a null pointer dereference vulnerability.
714323324124447a3720e4acecefa4a5621bc11ef45ca9e104d7bc6b946bbdddSupra Smart Cloud TV suffers from an openLiveURL() remote file inclusion vulnerability.
36d9b0b5cd1b087e4e8ad3e10950200b370a681e06ac888c6f0a7087cf752c68Typora version 0.9.9.24.6 suffers from a directory traversal vulnerability.
d701e0872d46eff9fc856c8428a213430d7d1c726d700916ecbb1772e5e4f60eThis Metasploit module exploits an unauthenticated directory traversal vulnerability which exists in Spring Cloud Config versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6. Spring Cloud Config listens by default on port 8888.
39f19c1a165c51512a1ca99f92c17456b0d2f8470dbf6c008d92f912f1f1c01cApache Pluto versions 3.0.0 and 3.0.1 suffer from a persistent cross site scripting vulnerability.
bc0a3e0163f2496ba695cd031c4936411fb61ecb6d3dd26b359fcdc291d07788Evernote version 4.9 suffers from a path traversal that can allow for code execution.
b08c7a210842b3ac5ca0df6b59fe9b17d6c7def80cc11bf9635441acb2c7e805GattLib version 0.2 suffers from a stack buffer overflow vulnerability.
abc54a3ecb91a2f0c11413922e317fa0853914846776f05005e2f5cdc2583758aria2 version 1.33.1 suffers from a password disclosure vulnerability when logging URLs with secrets in them.
c9a89b510de5819685313fe5c01392487764e5029cdba9ab6aea6eed65444c6aPoppler version 0.62.0-2ubuntu2.2 suffers from a null pointer dereference vulnerability.
eefc34085f4ae1117d3cf2f9e4ef43c05e5c4c134c9f2b2201329c21bec52935libIEC61850 suffers from a buffer overflow vulnerability.
7f345c76433a18e2415c145a0b4a203c7bfde49a86b342505ad7abbea0fb0469This Metasploit module exploits an elevation of privilege vulnerability that exists in Windows 7 and 2008 R2 when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This Metasploit module is tested against windows 7 x86, windows 7 x64 and windows server 2008 R2 standard x64.
79eca834aca76d7c9dcfa923affa9994710ca886d5626b9d0a2674dfb96f1d76Telegram Desktop (aka tdesktop) version 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition.
403d589cc6a5ea07271b82c1735eb2b83f8bd8d26b73314ba14ca09778438e33This Metasploit module gathers phpMyAdmin credentials from a target linux machine.
5ff70db330dfb5a4f9e077101c4ac494e8ecbbd010bd2c1ee7d93939ca5de46dAn out-of-band resource load issue was discovered on Xiaomi MIWiFi Xiaomi_55DD version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response.
3009618569c7f9a4821f3bb06ab287272fdc30831703a02f10b8723b781740aeEpiphany Web Browser version 3.28.1 suffers from a denial of service vulnerability.
1758cccd73bc21ff82407736bbffd17f7a0ef7a1313cd5c9281a9c53d20c7165
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed