what you don't know can hurt you
Showing 1 - 5 of 5 RSS Feed

Files

Cisco AnyConnect Privilege Escalation
Posted Sep 30, 2020
Authored by Yorick Koster, Christophe de la Fuente, Antoine Goichot | Site metasploit.com

The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.9.00086 is vulnerable to a DLL hijacking and allows local attackers to execute code on the affected machine with with system level privileges. Both attacks consist in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service.

tags | exploit, arbitrary, local, tcp
systems | cisco, windows
advisories | CVE-2020-3153, CVE-2020-3433
MD5 | 6dab51a6758b6569e7dba4af74f482ed

Related Files

Cisco AnyConnect Path Traversal / Privilege Escalation
Posted Jun 25, 2020
Authored by Yorick Koster, Christophe de la Fuente, Antoine Goichot | Site metasploit.com

The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service. This service will then launch the vulnerable installer component (vpndownloader), which copies itself to an arbitrary location before being executed with system privileges. Since vpndownloader is also vulnerable to DLL hijacking, a specially crafted DLL (dbghelp.dll) is created at the same location vpndownloader will be copied to get code execution with system privileges. This exploit has been successfully tested against Cisco AnyConnect Secure Mobility Client versions 4.5.04029, 4.5.05030 and 4.7.04056 on Windows 10 version 1909 (x64) and Windows 7 SP1 (x86).

tags | exploit, arbitrary, x86, local, tcp, code execution
systems | cisco, windows, 7
advisories | CVE-2020-3153
MD5 | 0ce466f922be78b19e5b1169c13ef711
HP Security Bulletin HPSBMU03023
Posted Apr 25, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03023 - A potential security vulnerability has been identified in HP BladeSystem c-Class Virtual Connect Support Utility (VCSU) running OpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The Virtual Connect firmware itself is not vulnerable to CVE-2014-0160 (Heartbleed), however, the installer component in versions 4.10 and 4.20 of Virtual Connect does have the vulnerability, and should be replaced with versions 4.10b or 4.20b, or the latest version of Virtual Connect Support Utility referenced below. The VCSU vulnerability is only present during the firmware upgrade process. Revision 1 of this advisory.

tags | advisory
systems | linux, windows
advisories | CVE-2014-0160
MD5 | d7bb9f8a879ea43726b0ac8ad88bed2c
AnyConnect 1.2.3.0 Directory Traversal
Posted Oct 14, 2010
Authored by High-Tech Bridge SA | Site htbridge.com

AnyConnect version 1.2.3.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 7bf12a5b83eb4082c34fa7864861170d
moodleinstall-xss.txt
Posted Jan 12, 2008
Authored by Hanno Boeck | Site hboeck.de

Moodle versions below 1.8.4 suffer from a cross site scripting vulnerability in the installer code.

tags | exploit, xss
advisories | CVE-2008-0123
MD5 | 07101c5967bd57438fd39a130ed5c2eb
VapidSAP.txt
Posted Apr 24, 2003
Authored by Larry W. Cashdollar | Site vapid.dhs.org

SAP DB is vulnerable to a race condition during installation. The installer creates a world writable file that gets compiled and then is setuid to root. If a local attacker can overwrite the file in the alloted time-frame they will be able to escalate their privileges.

tags | exploit, local, root
MD5 | 707baa4e52349edd821816a0181694fe
Page 1 of 1
Back1Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    16 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close