Showing 1 - 6 of 6

Files from 0a29406d9794e4f9b30b3c5d6702c708

First Active	2012-04-20
Last Active	2014-10-18

Linux PolicyKit Race Condition Privilege Escalation: Posted Oct 18, 2014; Authored by xi4oyu, 0a29406d9794e4f9b30b3c5d6702c708; A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those commands with pkexec. Those vulnerable include RHEL6 prior to polkit-0.96-2.el6_0.1 and Ubuntu libpolkit-backend-1 prior to 0.96-2ubuntu1.1 (10.10) 0.96-2ubuntu0.1 (10.04 LTS) and 0.94-1ubuntu1.1 (9.10).; tags | exploit, arbitrary, local, root; systems | linux, ubuntu; advisories | CVE-2011-1485; SHA-256 | 44c67bccd61b94ba8480766e3dc865358c7d2a64baf47923660508bc28f920c4; Download | Favorite | View

NCCGroup EasyDA Credential Disclosure: Posted Apr 4, 2014; Authored by 0a29406d9794e4f9b30b3c5d6702c708; NCCGroup EasyDA suffers from a credential disclosure vulnerability due to misuse of /tmp.; tags | exploit; SHA-256 | 5b7ef0d48812b65b840f408b3ca2c5a9a046d447cc42215e356f33637313da7a; Download | Favorite | View

Metasploit pcap_log Local Privilege Escalation: Posted Oct 12, 2012; Authored by 0a29406d9794e4f9b30b3c5d6702c708 | Site metasploit.com; Metasploit versions prior to 4.4 contain a vulnerable 'pcap_log' plugin which, when used with the default settings, creates pcap files in /tmp with predictable file names. This exploit works by hard-linking these filenames to /etc/passwd, then sending a packet with a privileged user entry contained within. This, and all the other packets, are appended to /etc/passwd. Successful exploitation results in the creation of a new superuser account. This Metasploit module requires manual clean-up - remove /tmp/msf3-session*pcap files and truncate /etc/passwd.; tags | exploit; SHA-256 | 4653de66b5cfae88c0edc2f5c0a58393f2d39227d368a5cfa35582ea4cadf8b7; Download | Favorite | View

Metasploit pcap_log Privlege Escalation: Posted Jul 17, 2012; Authored by 0a29406d9794e4f9b30b3c5d6702c708; Metasploit plugin 'pcap_log' is vulnerable to an arbitrary file overwrite bug which can further be leveraged to insert user-controlled data resulting in potential escalation of privileges. Metasploit module included.; tags | exploit, arbitrary; SHA-256 | a3608689ff5f6a56679189ea8149e0e805de1c706fb7d3fedff592abe11d622b; Download | Favorite | View

Nagios XI Cross Site Scripting: Posted Jun 14, 2012; Authored by 0a29406d9794e4f9b30b3c5d6702c708; Nagios XI versions prior to 2011R3.0 suffer from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | ed44ced27d734522a50f9f7812924b931ced94c24e25b7da6c559b8342f5dc87; Download | Favorite | View

Adobe Flash Player ActionScript Launch Command Execution: Posted Apr 20, 2012; Authored by 0a29406d9794e4f9b30b3c5d6702c708 | Site metasploit.com; This Metasploit module exploits a vulnerability in Adobe Flash Player for Linux, version 10.0.12.36 and 9.0.151.0 and prior. An input validation vulnerability allows command execution when the browser loads a SWF file which contains shell metacharacters in the arguments to the ActionScript launch method. The victim must have Adobe AIR installed for the exploit to work. This Metasploit module was tested against version 10.0.12.36 (10r12_36).; tags | exploit, shell; systems | linux; advisories | CVE-2008-5499, OSVDB-50796; SHA-256 | 93d7262043fea9cda6bcae5df8301841074b655ead8497ddc9cbc8fb6a8f410c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days