Showing 1 - 8 of 8

Files Date: 2019-12-27

OpenBSD Dynamic Loader chpass Privilege Escalation: Posted Dec 27, 2019; Authored by Brendan Coles, Qualys Security Advisory | Site metasploit.com; This Metasploit module exploits a vulnerability in the OpenBSD ld.so dynamic loader (CVE-2019-19726). The _dl_getenv() function fails to reset the LD_LIBRARY_PATH environment variable when set with approximately ARG_MAX colons. This can be abused to load libutil.so from an untrusted path, using LD_LIBRARY_PATH in combination with the chpass set-uid executable, resulting in privileged code execution. This module has been tested successfully on OpenBSD 6.1 (amd64) and OpenBSD 6.6 (amd64).; tags | exploit, code execution; systems | openbsd; advisories | CVE-2019-19726; SHA-256 | 3e6540f0f1a2e09ac135f635d113e22b32dffae061cff0c1ae9ba68f036aa0a2; Download | Favorite | View

AVE DOMINAplus 1.10.x Credential Disclosure: Posted Dec 27, 2019; Authored by LiquidWorm | Site zeroscience.mk; AVE DOMINAplus versions 1.10.x and below suffer from a credential disclosure vulnerability.; tags | exploit; SHA-256 | fb23f97bb7a796b24603f52ab2b6237866cb0d5e5d1fcbe46e9cb2975bf4d6cd; Download | Favorite | View

AVE DOMINAplus 1.10.x Authentication Bypass: Posted Dec 27, 2019; Authored by LiquidWorm | Site zeroscience.mk; AVE DOMINAplus versions 1.10.x and below suffer from an authentication bypass vulnerability.; tags | exploit, bypass; SHA-256 | f4c090245182d4f6d5c066262ce9a85e46956fbae937da321ffabb01e83bb924; Download | Favorite | View

AVE DOMINAplus 1.10.x Unauthenticated Remote Reboot: Posted Dec 27, 2019; Authored by LiquidWorm | Site zeroscience.mk; AVE DOMINAplus versions 1.10.x and below suffer from an unauthenticated remote reboot vulnerability.; tags | exploit, remote; SHA-256 | a9ed27231fe14524b9a83ea6aec6bd283fc0d8952d4f7d92cb016a614a545fbf; Download | Favorite | View

AVE DOMINAplus 1.10.x Cross Site Request Forgery / Cross Site Scripting: Posted Dec 27, 2019; Authored by LiquidWorm | Site zeroscience.mk; AVE DOMINAplus versions 1.10.x and below suffer from cross site request forgery and cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss, csrf; SHA-256 | 6dbdb199228eb07a4d22d2601beb616d58332dc982ea7ad25070d0a60cc50f85; Download | Favorite | View

Debian Security Advisory 4593-1: Posted Dec 27, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4593-1 - It was found that freeimage, a graphics library, was affected by the heap buffer overflow and stack exhaustion vulnerabilities.; tags | advisory, overflow, vulnerability; systems | linux, debian; advisories | CVE-2019-12211, CVE-2019-12213; SHA-256 | 4ebdd4858626576870687736dfb6bbf6dc59bf2ac9dcf517ef5a2dd786183e7b; Download | Favorite | View

Debian Security Advisory 4592-1: Posted Dec 27, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4592-1 - It was discovered that the Title blacklist functionality in MediaWiki, a website engine for collaborative work, could by bypassed.; tags | advisory; systems | linux, debian; advisories | CVE-2019-19709; SHA-256 | bb20c7cf79bcabae820f69665eb8d16f0f0eb6ff267718a901d2578df8890394; Download | Favorite | View

Microsoft Exchange Server External Service Interaction: Posted Dec 27, 2019; Authored by Alphan Yavas; Microsoft Exchange Server 2013 CU22 and previous versions suffer from an external service interaction issue.; tags | exploit; SHA-256 | 97ae1cdfb14b6b4713dcecd41c04b196d03d7a204cae20790fa60f8db0e26eaa; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days