exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Steam 2.10.91.91 Weak File Permissions Privilege Escalation
Posted Nov 23, 2015
Authored by Andrew J. Smith

A privilege escalation vulnerability has been identified in that the Steam Microsoft Windows client software is installed with weak default permissions. These permissions grant read and write access to the Windows Users group for the install folder. This includes Steam.exe which is launched upon user login. Version 2.10.91.91 is confirmed vulnerable.

tags | advisory
systems | windows
advisories | CVE-2015-7985
SHA-256 | 66f1b7811fa2e915d358da3af9007cb2b0c58c1031bb2b909b5fc2f1e8067197

Related Files

Debian Security Advisory 2990-1
Posted Jul 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2990-1 - It was discovered that the web interface in CUPS, the Common UNIX Printing System, incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.

tags | advisory, web, arbitrary, local
systems | linux, unix, debian
advisories | CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031
SHA-256 | cc938fc7d54d51a015c06e68ed74d219f09c0baf6016e28dce18fb4e2629a93b
Ubuntu Security Notice USN-2293-1
Posted Jul 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2293-1 - Francisco Alonso discovered that the CUPS web interface incorrectly validated permissions on rss files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.

tags | advisory, web, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2014-3537
SHA-256 | d0afde3f652695a582f8f83010eff7e3e04b687512bd57083978cd1bcf5e8994
DCMTK Privilege Escalation
Posted Jun 2, 2014
Authored by Hector Marco

DCMTK versions prior to 3.6.1 suffer from a privilege escalation vulnerability.

tags | advisory
advisories | CVE-2013-6825
SHA-256 | e5daa4eb447688d47ee6554039d298426fdee9e6b9db86fd1833f9b82940238d
VMware Security Advisory 2014-0005
Posted May 31, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a vulnerability in VMware Tools which could result in a privilege escalation on Microsoft Windows 8.1.2.

tags | advisory
systems | windows
advisories | CVE-2014-3793
SHA-256 | e972c0cc520f6f97e817bb5a4e0c24d662b8d2bc490df7d7c6495823d655fb56
HP Release Control 9.20.0000 Build 395 XXE
Posted May 19, 2014
Authored by Brandon Perry | Site metasploit.com

This Metasploit module takes advantage of three separate vulnerabilities in order to read an arbitrary text file from the file system with the privileges of the web server. You must be authenticated, but can be unprivileged since a privilege escalation vulnerability is used. Tested against HP Release Control 9.20.0000, Build 395 installed with demo data. The first vulnerability allows an unprivileged authenticated user to list the current users, their IDs, and even their password hashes. Can't login with hashes, but the ID is useful in the second vulnerability. When a user changes their password, they post the ID of the user who is going to have their password changed. Just replace it with the admin ID and you change the admin password. You are now admin. The third vulnerability is an XXE in the dashboard XML import mechanism. This is what allows you to read the file from the file system. This Metasploit module is super ghetto half because it was an AMF application, half because I worked on it longer than I wanted to.

tags | exploit, web, arbitrary, vulnerability, xxe
SHA-256 | 32678ccb2a4454a4f3176a572bfd08436712de26dce1cdfb8b2986d281d3c14e
F5 BIG-IQ 4.1.0.2013.0 Password Change
Posted May 3, 2014
Authored by Brandon Perry

F5 BIG-IQ version 4.1.0.2013.0 is vulnerable to a privilege escalation attack which allows an attacker to change the root users password. This Metasploit module does just this, then SSH's in.

tags | exploit, root
SHA-256 | e88c2fdbf6780b151994d9da095dd2c28aa8321d1b27ae806082f64775e233a7
Apache Cordova 2.9.0 Privilege Escalation
Posted Mar 4, 2014
Authored by Neil Bergman

Cordova In-App-Browser iOS plugin from Cordova versions 2.6.0 to 2.9.0 and Cordova In-App-Browser iOS standalone plugin (org.apache.cordova.inappbrowser) versions 0.1.0 to 0.3.1 suffer from a privilege escalation vulnerability.

tags | advisory
systems | ios
advisories | CVE-2014-0073
SHA-256 | 46f9762d77c27f4579740acc749cf9bbfa02d036bfb37b414990a0d228c44bb4
MICROSENS PLMISWM 10.3.1 Privilege Escalation
Posted Feb 28, 2014
Authored by Christian Kudera, Stefan Riegler | Site sec-consult.com

MICROSENS Profi Line Modular Industrial Switch Web Manager version 10.3.1 suffers from a privilege escalation vulnerability.

tags | exploit, web
SHA-256 | a0ae9096d79c1c275cffec3bdc2deea7b44431121dc864efe994e588286bebca
WordPress Buddypress 1.9.1 Privilege Escalation
Posted Feb 14, 2014
Authored by Pietro Oliva

WordPress Buddypress plugin versions 1.9.1 and below suffer from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2014-1889
SHA-256 | fa0ee4897fffef374ba31d9600f656b4b67d282b9dee8e74e5f06db89ccd0ac0
eBay GoStoreGo Authentication Bypass
Posted Feb 12, 2014
Authored by Mark Litchfield | Site securatary.com

A privilege escalation vulnerability was discovered in gostorego.com that allowed a remote, unauthenticated attacker the ability to create an administrative user.

tags | advisory, remote, bypass
SHA-256 | fd4a8bf76717b3109d12eccb9649183d623437e3a934794546f17e7fd08872d2
Android Browser / WebView addJavascriptInterface Code Execution
Posted Feb 7, 2014
Authored by jduck, joev | Site metasploit.com

This Metasploit module exploits a privilege escalation issue in Android versions prior 4.2's WebView component that arises when untrusted Javascript code is executed by a WebView that has one or more Interfaces added to it. The untrusted Javascript code can call into the Java Reflection APIs exposed by the Interface and execute arbitrary commands. Some distributions of the Android Browser app have an addJavascriptInterface call tacked on, and thus are vulnerable to RCE. The Browser app in the Google APIs 4.1.2 release of Android is known to be vulnerable. A secondary attack vector involves the WebViews embedded inside a large number of Android applications. Ad integrations are perhaps the worst offender here. If you can MITM the WebView's HTTP connection, or if you can get a persistent XSS into the page displayed in the WebView, then you can inject the html/js served by this module and get a shell. Note: Adding a .js to the URL will return plain javascript (no HTML markup).

tags | exploit, web, arbitrary, shell, javascript
SHA-256 | dbb32d05e01054ebc7b29568cea429ebb06111292c8c20ba817f8d844646e5ff
Asterisk Project Security Advisory - AST-2013-007
Posted Dec 17, 2013
Authored by David Lee | Site asterisk.org

Asterisk Project Security Advisory - External control protocols, such as the Asterisk Manager Interface, often have the ability to get and set channel variables; this allows the execution of dial-plan functions. Dial-plan functions within Asterisk are incredibly powerful, which is wonderful for building applications using Asterisk. But during the read or write execution, certain dial-plan functions do much more. For example, reading the SHELL() function can execute arbitrary commands on the system Asterisk is running on. Writing to the FILE() function can change any file that Asterisk has write access to. When these functions are executed from an external protocol, that execution could result in a privilege escalation.

tags | advisory, arbitrary, shell, protocol
SHA-256 | d023c90a325ba8f94bb3cf31d665ef950f78277c35b78413f1a2879e54fbf60b
VMware Security Advisory 2013-0014
Posted Dec 5, 2013
Authored by VMware | Site vmware.com

VMware Security Advisory 2013-0014 - VMware Workstation, Fusion, ESXi and ESX patches address a vulnerability in the LGTOSYNC.SYS driver which could result in a privilege escalation on older Windows-based Guest Operating Systems.

tags | advisory
systems | windows
advisories | CVE-2013-3519
SHA-256 | 8f9cff72a0ccf5698417351f83db26499274ced107b280c2dbb84eec5ebddcb1
Mandriva Linux Security Advisory 2013-244
Posted Sep 30, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-244 - Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root. This might allow a privilege escalation. The updated packages have been patched to correct this issue.

tags | advisory, root
systems | linux, mandriva
advisories | CVE-2013-4362
SHA-256 | af7482beeb30b5336944896057c8df7f6c9b5cb4480241b35162b432c91c28d1
Debian Security Advisory 2765-1
Posted Sep 27, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2765-1 - Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root. This might allow a privilege escalation.

tags | advisory, root
systems | linux, debian
advisories | CVE-2013-4362
SHA-256 | 3903ec4ccc79432967878e89f87d6fdeefddcd86cea4d6f09148d0d4af7e6b8b
Debian Security Advisory 2743-1
Posted Aug 27, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2743-1 - Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a privilege escalation or information leak.

tags | advisory, kernel, vulnerability
systems | linux, freebsd, debian
advisories | CVE-2013-3077, CVE-2013-4851, CVE-2013-5209
SHA-256 | 569d8b0cda13d3a73e841bf15e6cefd040a645974771d3bc8fc7fc5adeea0929
VMware Security Advisory 2013-0010
Posted Aug 23, 2013
Authored by VMware | Site vmware.com

VMware Security Advisory 2013-0010 - VMware Workstation and VMware Player address a vulnerability in the vmware-mount component which could result in a privilege escalation on linux-based host machines.

tags | advisory
systems | linux
advisories | CVE-2013-1662
SHA-256 | 75310092496198f08a5f8a13a612852a0938bbfbb7b8f5a1b4e025180516c7f1
Novell Client 2 SP3 Privilege Escalation
Posted Jul 29, 2013
Authored by sickness

Novell Client 2 SP3 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | OSVDB-93718
SHA-256 | 90372d883442b6991b9af375b8d05bbaa5c31c066b8a21018779b94badc3881d
Et-Chat 3.07 Privilege Escalation / Shell Upload
Posted Jun 18, 2013
Authored by Mr.XpR

Et-Chat version 3.07 suffers from a privilege escalation vulnerability that then enables a user to upload a shell.

tags | exploit, shell
SHA-256 | 0e5c91de166e96816038a7f98567514c202036f0f1912a66b14cb371c8775dc2
Debian Security Advisory 2694-1
Posted May 28, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2694-1 - A privilege escalation vulnerability has been found in SPIP, a website engine for publishing, which allows anyone to take control of the website.

tags | advisory
systems | linux, debian
SHA-256 | fc4a611833f0a5eb9fe705374c4e9db33905e8cf726ffbe494a50eadf1b5b633
Avira Personal Privilege Escalation
Posted May 12, 2013
Authored by Akastep

Avira Personal appears to suffer from a privilege escalation vulnerability.

tags | exploit
SHA-256 | eaf724f00a57c953aa68cb8bf5bf660c22076238cbf4e3a71e4f2c63cd81df8a
Ubuntu Security Notice USN-1815-1
Posted May 2, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1815-1 - Andy Lutomirski discover an error in the Linux kernel's credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. Andy Lutomirski discovered a privilege escalation in the Linux kernel's user namespaces. A local user could exploit the flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, unix, ubuntu
advisories | CVE-2013-1979, CVE-2013-1959, CVE-2013-1959, CVE-2013-1979
SHA-256 | d7e3f35ae144f5755ed1c27567bd8f421a30bbc3f32a069ad759830fde991224
SAP Production Planning / Control Privilege Escalation
Posted Apr 16, 2013
Authored by Ertunga Arsal, Mert Suoglu | Site esnc.de

SAP Production Planning and Control suffers from a privilege escalation vulnerability. This vulnerability allows bypassing authority checks that exist before executing a transaction. A transaction in SAP terminology is the execution of a program. By exploiting this vulnerability, an attacker can also control the transaction to be executed, allowing it to obtain critical rights in the system and bypassing certain segregation of duties (SoD) restrictions.

tags | advisory
advisories | CVE-2013-3062
SHA-256 | eff7e22f57554cfb6fb76dc4a0134bc770589d4294f8621e081e553afee5d7da
Mandriva Linux Security Advisory 2013-071
Posted Apr 8, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-071 - A privilege escalation flaw was found in the way dbus-glib, the D-Bus add-on library to integrate the standard D-Bus library with the GLib thread abstraction and main loop, performed filtering of the message sender, when the NameOwnerChanged signal was received. A local attacker could use this flaw to escalate their privileges.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2013-0292
SHA-256 | 38a7f795c9dbf85c8c9f40f7bee0e1c36b4f7c15067e9d63187d3ea2d1ae392a
Symantec Enterprise Security Management 10.x Privilege Escalation
Posted Feb 5, 2013
Site nccgroup.com

Symantec Enterprise Security Management versions 10.x and below suffer from a privilege escalation vulnerability.

tags | advisory
SHA-256 | c443df4d121433a3485da2ff9539b52207d42460b04ff347a8310a636a91ccbc
Page 1 of 4
Back1234Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close