exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files

Qualys Security Advisory - LibreSSL Leak / Overflow
Posted Oct 18, 2015
Authored by Qualys Security Advisory

Qualys discovered various vulnerabilities in LibreSSL. These include a memory leak and a buffer overflow.

tags | advisory, overflow, vulnerability, memory leak
advisories | CVE-2015-5333, CVE-2015-5334
SHA-256 | b0de9f18c202a6ac93d7fb4c44048d40aa246b6dbb04fa3756ef345d6a3bb3ef

Related Files

glibc syslog() Heap-Based Buffer Overflow
Posted Jan 31, 2024
Authored by Qualys Security Advisory

Qualys discovered a heap-based buffer overflow in the GNU C Library's __vsyslog_internal() function, which is called by both syslog() and vsyslog(). This vulnerability was introduced in glibc 2.37 (in August 2022).

tags | exploit, advisory, overflow
advisories | CVE-2023-6246
SHA-256 | 848273d3a06e2a275e111a84edea6cdd3e2e29de8b47a4efd45b2d0d9c53c768
undefinedglibc qsort() Out-Of-Bounds Read / Writeundefined
Posted Jan 31, 2024
Authored by Qualys Security Advisory

Qualys discovered a memory corruption in the glibc's qsort() function, due to a missing bounds check. To be vulnerable, a program must call qsort() with a nontransitive comparison function (a function cmp(int a, int b) that returns (a - b), for example) and with a large number of attacker-controlled elements (to cause a malloc() failure inside qsort()). They have not tried to find such a vulnerable program in the real world. All glibc versions from at least September 1992 (glibc 1.04) to the current release (glibc 2.38) are affected, but the glibc's developers have independently discovered and patched this memory corruption in the master branch.

tags | exploit, advisory
advisories | CVE-2023-6246
SHA-256 | f022f88e03996ad79c15bbc5396c143469581fda50195569cb1d3981ecc6fad8
glibc ld.so Local Privilege Escalation
Posted Oct 6, 2023
Authored by Qualys Security Advisory

Dubbed Looney Tunables, Qualys discovered a buffer overflow vulnerability in the glibc dynamic loader's processing of the GLIBC_TUNABLES environment variable. This vulnerability was introduced in April 2021 (glibc 2.34) by commit 2ed18c.

tags | exploit, overflow
advisories | CVE-2023-4911
SHA-256 | b12ee8e52aaf3d3287a35bb3ed77d6ea42f79734e21c6428997ffd1749823961
OpenSSH Forwarded SSH-Agent Remote Code Execution
Posted Jul 20, 2023
Authored by Qualys Security Advisory

The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.

tags | exploit, remote, code execution
advisories | CVE-2023-38408
SHA-256 | e93ab81da334d2b2c5f8f662d87f396041e5e366d8b286e3907b5cb137de0e8e
RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution
Posted Jun 8, 2023
Authored by Qualys Security Advisory

RenderDoc versions 1.26 and below suffer from integer underflow, integer overflow, and symlink vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2023-33863, CVE-2023-33864, CVE-2023-33865
SHA-256 | cc497579b678adb0532eece7bf7f32783a2ff614acf426c5981789ff6293796c
snap-confine must_mkdir_and_open_with_perms() Race Condition
Posted Dec 9, 2022
Authored by Qualys Security Advisory

Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973).

tags | exploit, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-44731, CVE-2022-3328, CVE-2022-41973, CVE-2022-41974
SHA-256 | ae9802d4db6010e09c5ca96ad72cd8f9bb70aff4d7af8a1ec00cebd3203d1f95
Leeloo Multipath Authorization Bypass / Symlink Attack
Posted Oct 31, 2022
Authored by Qualys Security Advisory

The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.

tags | exploit, vulnerability
advisories | CVE-2022-41973, CVE-2022-41974
SHA-256 | 9fd49ad2d42596cc152f6771bcdd491b37e2986a01a0b0cdb2f997469ee1fdec
Polkit pkexec Local Privilege Escalation
Posted Jan 26, 2022
Authored by Qualys Security Advisory | Site qualys.com

Qualys discovered a local privilege escalation (from any user to root) in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution.

tags | advisory, local, root
systems | linux
advisories | CVE-2021-4034
SHA-256 | 23ec1cb3b1b5fe5409bb892ba3ae31bb746e06cafdf7afafd72fd7d4b136ebba
Sequoia: A Deep Root In Linux's Filesystem Layer
Posted Jul 21, 2021
Authored by Qualys Security Advisory

Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer. They successfully exploited this uncontrolled out-of-bounds write, and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation; other Linux distributions are certainly vulnerable, and probably exploitable. A basic proof of concept (a crasher) is attached to this advisory.

tags | exploit, kernel, local, root, proof of concept
systems | linux, debian, fedora, ubuntu
advisories | CVE-2021-33909, CVE-2021-33910
SHA-256 | 0c0b69962c7c4951fd574d5a8b85049490d77ada7568b05cfb4bce7ca40aa09a
Sudo Heap-Based Buffer Overflow
Posted Jan 27, 2021
Authored by Qualys Security Advisory

Qualys has released extensive research details regarding a heap-based buffer overflow vulnerability in sudo. The issue was introduced in July 2011 (commit 8255ed69), and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1, in their default configuration.

tags | exploit, overflow
advisories | CVE-2021-3156
SHA-256 | 49c51fff2702ea3bb7dc155cf79d48dec6f6a7a00b13a95caf7f36a3f59b319f
Qualys Security Advisory - Qmail Remote Code Execution
Posted May 21, 2020
Authored by Alexander Peslyak, Qualys Security Advisory, Stephane Bellenger, Jean-Paul Michel, Julien Barthelemy, Andrew Richards

In 2005, three vulnerabilities were discovered in qmail but were never fixed because they were believed to be unexploitable in a default installation. Qualys recently re-discovered these vulnerabilities and were able to exploit one of them remotely in a default installation.

tags | exploit, vulnerability
advisories | CVE-2005-1513, CVE-2005-1514, CVE-2005-1515, CVE-2020-3811, CVE-2020-3812
SHA-256 | b40bd18472de68aa880c0372a9f3305689c40f370d5468a34516ef9530fd6906
Debian Security Advisory 4634-1
Posted Feb 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4634-1 - Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of SMTP commands, which could result in local privilege escalation or the execution of arbitrary code.

tags | advisory, arbitrary, local
systems | linux, debian
advisories | CVE-2020-8794
SHA-256 | 5da50339d4d1fb31d2ce2fa5d1c69b447dfd44db51920c67a0c326da5a65d4c0
OpenSMTPD Out-Of-Bounds Read
Posted Feb 25, 2020
Authored by Qualys Security Advisory

Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability, an out-of-bounds read introduced in December 2015, is exploitable remotely and leads to the execution of arbitrary shell commands.

tags | exploit, arbitrary, shell
systems | openbsd
advisories | CVE-2020-8794
SHA-256 | 2c58b82819510289b2fd55d1c6a82b81b279777abd6a6b0db391f990ec12b148
OpenSMTPD Local Information Disclosure
Posted Feb 25, 2020
Authored by Qualys Security Advisory

Qualys discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server. An unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem). A proof of concept exploit is included in this archive.

tags | exploit, arbitrary, local, root, proof of concept
systems | openbsd
advisories | CVE-2020-8793
SHA-256 | 3617b8854e485e1d063e08764e96429e54c6b7bb0467d127e819133f80c925d5
Debian Security Advisory 4611-1
Posted Jan 30, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4611-1 - Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of email addresses which could result in the execution of arbitrary commands as root. In addition this update fixes a denial of service by triggering an opportunistic TLS downgrade.

tags | advisory, denial of service, arbitrary, root
systems | linux, debian
advisories | CVE-2020-7247
SHA-256 | b13a8757f4f9e0b2f590ed0cdbe4d23e4718fa37e2ea6ca4ed4d48c3bfa33f2a
OpenBSD OpenSMTPD Privilege Escalation / Code Execution
Posted Jan 29, 2020
Authored by Qualys Security Advisory

Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch smtpd to new grammar") and allows an attacker to execute arbitrary shell commands, as root.

tags | exploit, arbitrary, shell, root
systems | openbsd
advisories | CVE-2020-7247
SHA-256 | 9415f92980a964e9430ed555502126d19de735d2acfd5db27d83bb342e5a8b2c
Qualys Security Advisory - OpenBSD Dynamic Loader Privilege Escalation
Posted Dec 12, 2019
Authored by Qualys Security Advisory

Qualys discovered a local privilege escalation in OpenBSD's dynamic loader (ld.so). This vulnerability is exploitable in the default installation (via the set-user-ID executable chpass or passwd) and yields full root privileges. They developed a simple proof of concept and successfully tested it against OpenBSD 6.6 (the current release), 6.5, 6.2, and 6.1, on both amd64 and i386; other releases and architectures are probably also exploitable.

tags | exploit, local, root, proof of concept
systems | openbsd
advisories | CVE-2019-19726
SHA-256 | 4e1f695e83c851f4826c356e0fbe52865163d4b41d6d1a6675fca7178914287b
Qualys Security Advisory - OpenBSD Authentication Bypass / Privilege Escalation
Posted Dec 5, 2019
Site qualys.com

Qualys has discovered that OpenBSD suffers from multiple authentication bypass and local privilege escalation vulnerabilities.

tags | exploit, local, vulnerability
systems | openbsd
advisories | CVE-2019-19519, CVE-2019-19520, CVE-2019-19521, CVE-2019-19522
SHA-256 | f17dd04f6e2715e22520176b0b9b59af9523bd1f17067f5a5814eb8675c0497d
Debian Security Advisory 4517-1
Posted Sep 6, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4517-1 - "Zerons" and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges.

tags | advisory, overflow, arbitrary, root
systems | linux, debian
advisories | CVE-2019-15846
SHA-256 | 48c9e7e3415df4075f9fcb477fc3b8cd54fa5aa909f175f1c2839f3653a83d56
Exim 4.9.1 Remote Command Execution
Posted Jun 6, 2019
Authored by Qualys Security Advisory

Qualys discovered a remote command execution vulnerability in Exim versions 4.87 to 4.91.

tags | advisory, remote
advisories | CVE-2019-10149
SHA-256 | ccf81b809451dabd0ae35b330095955b9998319116314052fc75a06a7dd5e3e8
Linux create_elf_tables() Integer Overflow
Posted Sep 26, 2018
Authored by Qualys Security Advisory

Linux suffers from an integer overflow vulnerability in create_elf_tables(). Multiple exploits provided.

tags | exploit, overflow
systems | linux
advisories | CVE-2018-14634
SHA-256 | 96f76be0c1dab33a40b6145fd293ceab661f631350fcf639a1e4bdb1faedbb92
Qualys Security Advisory - GNU C Library Memory Leak / Buffer Overflow
Posted Dec 13, 2017
Authored by Qualys Security Advisory

Qualys has discovered a memory leak and a buffer overflow in the dynamic loader (ld.so) of the GNU C Library (glibc).

tags | exploit, overflow, memory leak
advisories | CVE-2017-1000408, CVE-2017-1000409
SHA-256 | ab2ee457cd217c4af1e191968f48de6c5ef96258d1fcf05193b1e417d462e8ef
Linux Local Privilege Escalation
Posted Sep 28, 2017
Authored by Qualys Security Advisory

A Linux PIE/stack corruption vulnerability exists. Most notably, all versions of CentOS 7 before 1708 (released on September 13, 2017), all versions of Red Hat Enterprise Linux 7 before 7.4 (released on August 1, 2017), and all versions of CentOS 6 and Red Hat Enterprise Linux 6 are exploitable.

tags | advisory
systems | linux, redhat, centos
advisories | CVE-2017-1000253
SHA-256 | e629fc1437f3afd0ad4608b004f8c31a78825d7d031176a742308b19fc02b46d
Sudo get_process_ttyname() Race Condition
Posted Jun 2, 2017
Site qualys.com

Sudo's get_process_ttyname() on Linux suffers from a race condition that allows for root privilege escalation.

tags | exploit, root
systems | linux
advisories | CVE-2017-1000367
SHA-256 | fedac891bbdaf97f55757b635d5ae075843da48925d762d5149a49ade19918cd
Qualys Security Advisory - OpenSSH Overflow / Leak
Posted Jan 15, 2016
Authored by Qualys Security Advisory

Since version 5.4 (released on March 8, 2010), the OpenSSH client supports an undocumented feature called roaming: if the connection to an SSH server breaks unexpectedly, and if the server supports roaming as well, the client is able to reconnect to the server and resume the suspended SSH session. Although roaming is not supported by the OpenSSH server, it is enabled by default in the OpenSSH client, and contains two vulnerabilities that can be exploited by a malicious SSH server (or a trusted but compromised server): an information leak (memory disclosure), and a buffer overflow (heap-based).

tags | advisory, overflow, vulnerability
advisories | CVE-2016-0777, CVE-2016-0778
SHA-256 | 6d98389560de3c7942fe87c17e680b28f2ad90ec6c5d8f9a0f59e153dff5d23e
Page 1 of 2
Back12Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close