exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2018-10-15

Solaris RSH Stack Clash Privilege Escalation
Posted Oct 15, 2018
Authored by Brendan Coles, Qualys Security Advisory | Site metasploit.com

This Metasploit module exploits a vulnerability in RSH on unpatched Solaris systems which allows users to gain root privileges. The stack guard page on unpatched Solaris systems is of insufficient size to prevent collisions between the stack and heap memory, aka Stack Clash. This Metasploit module uploads and executes Qualys' Solaris_rsh.c exploit, which exploits a vulnerability in RSH to bypass the stack guard page to write to the stack and create a SUID root shell. This Metasploit module has offsets for Solaris versions 11.1 (x86) and Solaris 11.3 (x86). Exploitation will usually complete within a few minutes using the default number of worker threads (10). Occasionally, exploitation will fail. If the target system is vulnerable, usually re-running the exploit will be successful. This Metasploit module has been tested successfully on Solaris 11.1 (x86) and Solaris 11.3 (x86).

tags | exploit, shell, x86, root
systems | solaris
advisories | CVE-2017-1000364, CVE-2017-3629, CVE-2017-3630, CVE-2017-3631
SHA-256 | 1e59da07b25c5d7ed7f7081baca4d6ef68b592b7e64e01af24769ec5d101e1a3
FLIR Systems FLIR Brickstream 3D+ Unauthenticated RTSP Stream Disclosure
Posted Oct 15, 2018
Authored by LiquidWorm | Site zeroscience.mk

The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated and unauthorized live RTSP video stream access.

tags | exploit
SHA-256 | b7848eb5ba5b066385cfc47136ee23b2674b338816a3adc651d59703e3b561fc
FLIR Systems FLIR Brickstream 3D+ Unauthenticated Config Download File Disclosure
Posted Oct 15, 2018
Authored by LiquidWorm | Site zeroscience.mk

The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated config download and file disclosure vulnerability when calling the ExportConfig REST API (getConfigExportFile.cgi). This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access.

tags | exploit, cgi
SHA-256 | 28f859be185735a935a473e099613589b8afccb4843208fedf69d3181dd9add9
FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Hard-coded Credentials Shell Access
Posted Oct 15, 2018
Authored by LiquidWorm | Site zeroscience.mk

FLIR AX8 thermal sensor camera devices version 1.32.16 utilize hard-coded credentials within its Linux distribution image. These sets of credentials (SSH) are never exposed to the end-user and cannot be changed through any normal operation of the camera. Attacker could exploit this vulnerability by logging in using the default credentials for the web panel or gain shell access.

tags | exploit, web, shell
systems | linux
SHA-256 | 0de614831d3b207ecfaf1e3fe077655b58680dacd90d072ca20b3ad2ade27b23
Ubuntu Security Notice USN-3790-1
Posted Oct 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3790-1 - It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2018-18074
SHA-256 | cecd819e00cb7f029c329aa4d01dc453ff04877404e627e6205f426776f09860
FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Arbitrary File Disclosure
Posted Oct 15, 2018
Authored by LiquidWorm | Site zeroscience.mk

The FLIR AX8 thermal sensor camera version 1.32.16 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed via the 'file' parameter in download.php is not properly verified before being used to download config files. This can be exploited to disclose the contents of arbitrary files via absolute path.

tags | exploit, arbitrary, php
SHA-256 | 4910689d53033b4139e7b3d0f8b92bc214a9cc6782213c8e4ee94d74eae57221
FLIR Systems FLIR AX8 Thermal Camera 1.32.16 RTSP Stream Disclosure
Posted Oct 15, 2018
Authored by LiquidWorm | Site zeroscience.mk

The FLIR AX8 thermal sensor camera version 1.32.16 suffers an unauthenticated and unauthorized live RTSP video stream access.

tags | exploit
SHA-256 | ae1464855d3b12a1fe0dc5269d50e29d905cd74a8815b4317e3f235a057d14ce
Advanced HRM 1.6 Remote Code Execution
Posted Oct 15, 2018
Authored by Renos Nikolaou

Advanced HRM version 1.6 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | c6434dd2487f17a65692c3993b984a8cdb1a398f8e971d4f5d2776e4ae15f4fc
Centos Web Panel 0.9.8.480 XSS / LFI / Code Execution
Posted Oct 15, 2018
Authored by Siber Guvenlik Hizmetleri

Centos Web Panel version 0.9.8.480 suffers from code execution, cross site scripting, and local file inclusion vulnerabilities.

tags | exploit, web, local, vulnerability, code execution, xss, file inclusion
systems | linux, centos
advisories | CVE-2018-18322, CVE-2018-18323, CVE-2018-18324
SHA-256 | da7448095beee0a9404501410a6c17d3b84e462f6e9fd8661ca126562704b03a
MaxOn ERP Software 8.x / 9.x SQL Injection
Posted Oct 15, 2018
Authored by Ihsan Sencan

MaxOn ERP Software versions 8.x and 9.x suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9a8c4b83c79fd18143d33ed59bfa6e2e0be39821a5c7deeea54eb7f75b0cb782
College Notes Management System 1.0 SQL Injection
Posted Oct 15, 2018
Authored by Ihsan Sencan

College Notes Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 62959e3f455f67dc5272a6746356ec06d0273eb1f626cf4acf5ca9f4acc043b3
Academic Timetable Final Build 7.0b Cross Site Request Forgery
Posted Oct 15, 2018
Authored by Ihsan Sencan

Academic Timetable Final Build version 7.0b suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 34b8f61b4e7dfe96554d1e8d6e164367cab8d23209530cdb120b6cfe8cce1d58
Academic Timetable Final Build 7.0a / 7.0b SQL Injection
Posted Oct 15, 2018
Authored by Ihsan Sencan

Academic Timetable Final Build versions 7.0a and 7.0b suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 82ef13a37a149c5961e80a26afb9a85e750a6e10accb788ad6036d531ef58d4a
FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Remote Root
Posted Oct 15, 2018
Authored by LiquidWorm | Site zeroscience.mk

The FLIR AX8 thermal sensor camera version 1.32.16 suffers from two unauthenticated command injection vulnerabilities. The issues can be triggered when calling multiple unsanitized HTTP GET/POST parameters within the shell_exec function in res.php and palette.php file. This can be exploited to inject arbitrary system commands and gain root remote code execution.

tags | exploit, remote, web, arbitrary, root, php, vulnerability, code execution
SHA-256 | 99f659cdf3c32886f1df88cb3b5df0af997dddb9fedfd50e3d11a4fe93ff269c
Ghostscript .loadfontloop Exposed System Operators
Posted Oct 15, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript suffers from an issue where .loadfontloop exposes system operators in the saved execution stack.

tags | advisory
SHA-256 | f56f6e290aa802089d31f8990302cc11931c689380900d290b6f5d35582d007b
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close