This Metasploit module exploits a command injection vulnerability in Evince before version 3.24.1 when opening comic book `.cbt` files. Some file manager software, such as Nautilus and Atril, may allow automatic exploitation without user interaction due to thumbnailer preview functionality. Note that limited space is available for the payload.
be7441cb5d0ca4f4495067990292385a52fbdd586a1d34cad46036dcc7576c4cSystemd 228 privilege escalation proof of concept exploit.
6b14fcec71f39cc0a4236c05609dc098d814a5a7ed06a586203099ee60d54d5eFedora 21 setroubleshootd local root proof of concept exploit.
11547b584c917b7adec234f03ba707e23f8dbd3a90635d158af5ff31b4a7e6b8This code demonstrates that any given docker image someone is asking you to run in your docker setup can access ANY file on your host, e.g. dumping hosts /etc/shadow or other sensitive info, compromising security of the host and any other docker VM's on it.
79a596f0ad35ccd46be65186db4b3f63701dd6939dde09f6ffd6c4df24a5afbepam_fprintd local root proof of concept exploit that spawns a shell. pam_fprintd uses net.reactivated.Fprint service to trigger finger swiping and registers DBUS signal inside the PAM authentication function. Then, when the DBUS signal arrives, the signal argument is basically just checked to be the "verify-match" string; which however is expected to come from the legit net.reactivated.Fprint service. Since there is no message filter registered in either pam_fprintd, nor inside dbus-glib which it is using, such signals can be spoofed by anyone.
d7d878eac758bfcc9a041d7672f578aa68bacf6ae2cbd54d692e6da69a937360ISC dhclient does not strip or escape certain shell meta-characters in dhcpd responses, allowing a rogue server or party with with escalated privileges on the server to cause remote code execution on the client. Versions 3.0.x through 4.2.x are affected.
74c7470b833e5a628636a879d280edb69870985e9edf88bd5ec22165c18462faWhitepaper describing how ptrace() might be used to build a Control Flow Integrity system.
c116bf363fbe80ec31ebfc362d155528cd6c82b900bf111d6312056eee6b8fa1Whitepaper discussing how to generate runtime call graphs using certain GCC features.
4d10085768771f85a4a59ba1019a21073548bb46219ab3fc29520dcb7a124397x86-64 buffer overflow exploits and the borrowed code chunk exploitation technique. Whitepaper describing NX technology and its limitations. It contains in depth discussion and sample code for the Hammer/Linux platform, analyzes the weaknesses and discusses countermeasures.
b0c251d6ab0e7d35b001203d842192143611eb73e2e95273a80273ed88afccbaSUSE Security Announcement - The SuSE Security Team has discovered various remotely exploitable buffer overflows in the MSN-protocol parsing functions during a code review of the MSN protocol handling code of gaim. Remote attackers can execute arbitrary code as the user running the gaim client.
da2f9073a7f83965ed45ec7bb72412cb359a6d649f321acf0c0507490a7f2cc6SuSE Security Advisory SuSE-SA:2004:008 - Two vulnerabilities have been discovered in CVS that can be exploited by malicious servers to compromise clients and by malicious users to retrieve arbitrary files from servers. Versions below 1.11.15 are affected.
634465bf9d0bf7d62e31bf17a6f6268ae520d0e80fc702c299ae1cadf2f0691floaded version 0.21 is an IPv4 load balancer for Linux. It requires netfilter and the QUEUE target enabled in the kernel.
289bf4facdf46653729a2bdb276ddbe1c97e51adb9d403a39f2cd8e30e4643c6guess-who version 0.44 is a password brute force utility for SSH2.
214fd24fdc31ce0ae27321085714876bb3c2d68ef8c3cd97400ae0dbb86f3d8aA flaw has been detected in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User privileges on a server running a Samba server. This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a inclusive.
d9d18486c65a3043320836414cd4f678d6cbe01114532b8b8586392702e4e88bExecution Path Timing Analysis of Unix Daemons - White paper on how to determine if a username is valid remotely by timing remote responses of login programs. OpenSSH diff against v2.99p2 which determines if a username exists even on the newest versions of OpenSSH included.
d10799a160420e1d98d3d1d82b71b468d6f8cbe44e6d70f262dddffda7cb071cSuidperl v5.00503 and others tmp race local root exploit.
0cbc7a3b56529f76acc7c8ceebd4879b13b5f1e22f44319f11c7a07fcafd8c9dModprobe shell metacharacter expansion local root exploit for Red Hat 7.x and SuSE 7.x.
7fbdc5e8a76bd2dfcc6ee414e1ca54dbf13a22c9c260b4f09dc6008c2feaf6c9Local apache/PHP root exploit via libmm (apache-user -> root) temp race exploit. Spawns a root shell from the apache user.
1d5db464c8ba2e2fbf07162312ad2209781d2a9e0aa4407600ee8c2e6029a683Weaknesses in the CHAP protocol as used within PPP and PPTP. Allows authentication in PPTP networks without knowing valid login/password combinations. This authentication scheme is widely used at universities (WLAN networks). A link to a special pppd which is able to authenticate without valid /etc/ppp/chap-secrets is included.
a57abb2faae0727b81e1510955840c818aed9a508d24a18b84c7c47e18cd0da4Openssh-Reverse is a patched OpenSSH which goes in reverse, allowing outside users to connect to machines behind NAT firewalls. In reverse mode, sshd acts as a client and brings the connection to a modified ssh server.
c83bf07ed61053f6c369bd3bd2c8252548532e232e27ee4365928a0691d9ff64suidperlhack.pl is a Suidperl v5.00503 and below local root exploit which hsa been ported to perl to increase portability. Tested against BSD.
e05392bbc9c59fbd159d56c51c1520fd954fc0cc8df635afbc6e183a39b0fe92
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed