exploit the possibilities
Showing 1 - 25 of 61 RSS Feed

Files

burneye-1.0-linux-static.tar.gz
Posted Sep 19, 2002
Authored by teso | Site teso.scene.at

Burneye ELF encryption program, x86-linux binary, version 1.0 - new year release!

tags | x86
systems | linux
MD5 | 13bd499f3695bb087c7742a82471c565

Related Files

TP-LINK Cloud Cameras NCXXX SetEncryptKey Command Injection
Posted May 1, 2020
Authored by Pietro Oliva

TP-LINK Cloud Cameras including products NC260 and NC450 suffer from a command injection vulnerability. The issue is located in the httpSetEncryptKeyRpm method (handler for /setEncryptKey.fcgi) of the ipcamera binary, where the user-controlled EncryptKey parameter is used directly as part of a command line to be executed as root without any input sanitization.

tags | exploit, root
advisories | CVE-2020-12111
MD5 | 9ca6bd89ed55046f95b5938be59cca18
Ubuntu Security Notice USN-4326-1
Posted Apr 8, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4326-1 - It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-12641, CVE-2018-17794, CVE-2018-18700, CVE-2019-9070
MD5 | 978fce28337509a053a77fdecb325bed
VMware Fusion USB Arbitrator Setuid Privilege Escalation
Posted Apr 3, 2020
Authored by h00die, Grimm, Rich Mirch, Dhanesh Kizhakkinan, jeffball | Site metasploit.com

This Metasploit module exploits an improper use of setuid binaries within VMware Fusion versions 10.1.3 through 11.5.3. The Open VMware USB Arbitrator Service can be launched outside of its standard path which allows loading of an attacker controlled binary. By creating a payload in the user home directory in a specific folder, and creating a hard link to the Open VMware USB Arbitrator Service binary, we are able to launch it temporarily to start our payload with an effective UID of 0.

tags | exploit
advisories | CVE-2020-3950
MD5 | d08444e1220f418c3e6c94a4bcbeee5b
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure
Posted Apr 26, 2019
Authored by Cisco Talos, Jared Rittle, Carl Hurd | Site talosintelligence.com

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information, including, but not limited to, plaintext passwords and SNMP community strings. An attacker can make an authenticated HTTP request, or run the binary, to trigger this vulnerability.

tags | exploit, web, cgi, info disclosure
advisories | CVE-2018-4070, CVE-2018-4071
MD5 | 8ba2b4250c4d3b8dec008f0a0b5494f7
Ubuntu Security Notice USN-3368-1
Posted Jul 26, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3368-1 - It was discovered that libiberty incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131
MD5 | a499ba39c7aaf4f7e4c5320fc92b569a
Ubuntu Security Notice USN-3367-1
Posted Jul 26, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3367-1 - Hanno Bock discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. It was discovered that gdb incorrectly handled printing bad bytes in Intel Hex objects. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8501, CVE-2014-9939, CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131
MD5 | 47b1d523dac4f2073a7f6fe03eaf06e7
Ubuntu Security Notice USN-3337-1
Posted Jun 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3337-1 - It was discovered that Valgrind incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that Valgrind incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause Valgrind to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131
MD5 | ea08dfb16ff10f314da98e02ad262c8a
Mercurial Custom hg-ssh Wrapper Remote Code Execution
Posted Apr 26, 2017
Authored by claudijd | Site metasploit.com

This Metasploit module takes advantage of custom hg-ssh wrapper implementations that don't adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution.

tags | exploit, arbitrary, code execution, python
MD5 | 84d44fdb3c43165b047bb08d12580e29
Cisco Firepower Management Console 6.0 Post Authentication UserAdd
Posted Jan 12, 2017
Authored by Matt, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Cisco Firepower Management Console. The management system contains a configuration flaw that allows the www user to execute the useradd binary, which can be abused to create backdoor accounts. Authentication is required to exploit this vulnerability.

tags | exploit
systems | cisco
advisories | CVE-2016-6433
MD5 | 846d8ff8181fafdfacf01ebb0af1bdb5
HP Data Protector EXEC_INTEGUTIL Remote Code Execution
Posted Oct 21, 2014
Authored by Aniway, juan vazquez | Site metasploit.com

This exploit abuses a vulnerability in the HP Data Protector. The vulnerability exists in the Backup client service, which listens by default on TCP/5555. The EXEC_INTEGUTIL request allows to execute arbitrary commands from a restricted directory. Since it includes a perl executable, it's possible to use an EXEC_INTEGUTIL packet to execute arbitrary code. On linux targets, the perl binary isn't on the restricted directory, but an EXEC_BAR packet can be used to access the perl binary, even in the last version of HP Data Protector for linux. This Metasploit module has been tested successfully on HP Data Protector 9 over Windows 2008 R2 64 bits and CentOS 6 64 bits.

tags | exploit, arbitrary, perl, tcp
systems | linux, windows, centos
MD5 | 97b7fba08bd2896683e6299d64a0465b
Debian Security Advisory 3031-1
Posted Sep 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3031-1 - The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the 'http' apt method binary, or potentially to arbitrary code execution.

tags | advisory, web, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2014-6273
MD5 | d5278a35c25aecbd2b616535d0fd0a54
ZPanel zsudo Local Privilege Escalation
Posted Jun 26, 2013
Authored by sinn3r, juan vazquez | Site metasploit.com

This Metasploit module abuses the zsudo binary, installed with zpanel, to escalate privileges. In order to work, a session with access to zsudo on the sudoers configuration is needed. This Metasploit module is useful for post exploitation of ZPanel vulnerabilities, where typically web server privileges are acquired, and this user is allowed to execute zsudo on the sudoers file.

tags | exploit, web, vulnerability
MD5 | e5086c26dae2c1ed0fdc45d121c299f9
Red Hat Security Advisory 2012-0376-01
Posted Mar 9, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0376-01 - SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system or, potentially, read arbitrary kernel memory. Additionally, a privileged user could trigger this flaw when tricked into instrumenting a specially-crafted ELF binary, even when unprivileged mode was not enabled.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2012-0875
MD5 | a872e62294bbcafa69b0886a70c85bee
McAfee SaaS MyCioScan ShowReport Remote Command Execution
Posted Jan 18, 2012
Authored by rgod, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in McAfee Security-as-a-Service. The ShowReport() function (located in the myCIOScn.dll ActiveX component) fails to check the FileName argument, and passes it on to a ShellExecuteW() function, therefore allows any malicious attacker to execute any process that's on the local system. However, if the victim machine is connected to a remote share (or something similar), then it's also possible to execute arbitrary code. Please note that a custom template is required for the payload, because the default Metasploit template is detectable by McAfee -- any Windows binary, such as calc.exe or notepad.exe, should bypass McAfee fine.

tags | exploit, remote, arbitrary, local, activex
systems | windows
advisories | OSVDB-78310
MD5 | 6d817e5714e3a0c4f6a944fe9d125063
Red Hat Security Advisory 2011-1526-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1526-03 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file.

tags | advisory, arbitrary, local, code execution
systems | linux, redhat
advisories | CVE-2009-5064, CVE-2011-1089
MD5 | ea38bf6d87800e71cb6dd203fb233c5f
Red Hat Security Advisory 2011-0842-01
Posted Jun 1, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0842-01 - SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. Two divide-by-zero flaws were found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use these flaws to crash the system. Additionally, a privileged user could trigger these flaws when tricked into instrumenting a specially-crafted ELF binary, even when unprivileged mode was not enabled. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2011-1769, CVE-2011-1781
MD5 | 8f8c5e551b4fe688e4b5b9bdaf43236a
Red Hat Security Advisory 2011-0841-01
Posted Jun 1, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0841-01 - SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A divide-by-zero flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system. Additionally, a privileged user could trigger this flaw when tricked into instrumenting a specially-crafted ELF binary, even when unprivileged mode was not enabled. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2011-1769
MD5 | 33888b492a6f735f1ffb904fd69f4694
Mandriva Linux Security Advisory 2008-027
Posted Jan 26, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A programming flaw was found in Pulseaudio versions older than 0.9.9, by which a local user can gain root access, if pulseaudio is installed as a setuid to root binary, which is the recommended configuration.

tags | advisory, local, root
systems | linux, mandriva
advisories | CVE-2008-0008
MD5 | 8909b5c5d3679c095cddeb45e29c6a08
iDEFENSE Security Advisory 2007-11-14.4
Posted Nov 15, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 11.14.07 - Local exploitation of an access validation vulnerability in Apple Inc.'s Mac OS X could allow an attacker to execute arbitrary code with root privileges. When executing a setuid-root binary, the Mach kernel does not reset the current thread Mach port, or the current thread Mach Exception Port. By first creating and obtaining write access to a Mach port, and then executing a set-uid root binary, an attacker can write arbitrary data into the address space of the process running as root. This leads to arbitrary code execution in the privileged process.

tags | advisory, arbitrary, kernel, local, root, code execution
systems | apple, osx
advisories | CVE-2007-3749
MD5 | db69f1be2a8ab12fae9c857505ecbf9d
iDEFENSE Security Advisory 2007-11-02.1
Posted Nov 6, 2007
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 11.02.07 - Local exploitation of a format string vulnerability in the srsexec binary, optionally included in Sun Microsystems Inc.'s Solaris 10, allows attackers to execute arbitrary code with root privileges. iDefense has confirmed the existence of this vulnerability in Solaris 10 with the SUNWsrspx package installed.

tags | advisory, arbitrary, local, root
systems | solaris
advisories | CVE-2007-3880
MD5 | a0eb88220442081d4c3544fe4dd117f2
iDEFENSE Security Advisory 2007-07-16.1
Posted Jul 17, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 07.16.07 - Remote exploitation of a stack-based buffer overflow vulnerability in Trend Micro Inc.'s OfficeScan for Windows could allow attackers to execute arbitrary code with the privileges of the IIS Web User. The OfficeScan installation includes a series of CGI executables that are used for configuration through the Web interface. A shared library, CGIOCommon.dll, is used by many of these binaries to access environment variables passed to them from the parent IIS process. If a malicious Web request is made for a vulnerable binary, including an overly long session cookie, a stack-based Unicode buffer overflow will occur. iDefense has confirmed this vulnerability in OfficeScan 7.3 with all current patches applied. Testing has shown that this attack can be conducted by requesting multiple CGI binaries that make use of the shared library. Other versions are suspected to be vulnerable.

tags | advisory, remote, web, overflow, arbitrary, cgi
systems | windows
advisories | CVE-2007-3454
MD5 | 690a05b37c2cbeba9b270c6c3cc72693
MOAB-28-01-2007.rb.txt
Posted Jan 29, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - crashdump follows symlinks within the /Library/Logs/CrashReporter/ directory, allowing admin-group users to execute arbitrary code and overwrite files with elevated privileges. In couple with a specially crafted Mach-O binary, this can be used to write a malicious crontab entry, which will run with root privileges. This ruby code demonstrates this vulnerability.

tags | exploit, arbitrary, root, ruby
systems | apple
advisories | CVE-2007-0467
MD5 | d2a1cdd08b0f39cc9d815a3572650b30
MOAB-22-01-2007.rb.txt
Posted Jan 24, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - InputManager provided by the user. Code within the input manager will run under wheel privileges. In combination with diskutil and a wheel-writable setuid binary, this allows unprivileged users to gain root privileges. This is the proof of concept exploit that demonstrates this vulnerability.

tags | exploit, root, proof of concept
systems | apple
advisories | CVE-2007-0023
MD5 | 0822f8f385381a6dada4f24b194e032f
Mandriva Linux Security Advisory 2005.239
Posted Dec 31, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - newbug discovered a local root vulnerability in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable, allowing the possibility for a local user to gain root privileges.

tags | advisory, overflow, local, root
systems | linux, mandriva
MD5 | 845ab970fdf12a8ef90288b402653923
iDEFENSE Security Advisory 2005-10-24.3
Posted Oct 26, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 10.24.05 - Local exploitation of a buffer overflow vulnerability in the ppp binary, as included in multiple versions of The SCO Group Inc.'s Unixware, allows attackers to gain root privileges.

tags | advisory, overflow, local, root
systems | unixware
MD5 | 640c9c15d3ceddc23f8d2563508b9f97
Page 1 of 3
Back123Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    17 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close