exploit the possibilities
Showing 1 - 25 of 3,373 RSS Feed

Root Files

Micro Focus Operations Bridge Manager Remote Code Execution
Posted Feb 10, 2021
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an authenticated Java deserialization that affects a truckload of Micro Focus products: Operations Bridge Manager, Application Performance Management, Data Center Automation, Universal CMDB, Hybrid Cloud Management and Service Management Automation. However, this module was only tested on Operations Bridge Manager. Exploiting this vulnerability will result in remote code execution as the root user on Linux or the SYSTEM user on Windows. Authentication is required as the module user needs to login to the application and obtain the authenticated LWSSO_COOKIE_KEY, which should be fed to the module. Any authenticated user can exploit this vulnerability, even the lowest privileged ones.

tags | exploit, java, remote, root, code execution
systems | linux, windows
advisories | CVE-2020-11853
MD5 | f6552551b0f335ef518698e89a9caa30
Mandos Encrypted File System Unattended Reboot Utility 1.8.14
Posted Feb 3, 2021
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Created /dev/fd symlink if necessary in plugin-runner and mandos-client.
tags | tool, remote, root
systems | linux, unix
MD5 | c8120978ea9929e12fc3a174e9657162
Red Hat Security Advisory 2021-0223-01
Posted Jan 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0223-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2021-3156
MD5 | 3340cd05b0a77290105fc2a1999fb567
Red Hat Security Advisory 2021-0222-01
Posted Jan 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0222-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2021-3156
MD5 | c4fdf4ded2a625e72c2ae5b8d1bb868e
Red Hat Security Advisory 2021-0221-01
Posted Jan 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0221-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2021-3156
MD5 | 9585b2878a5e45f916f39e6842d7d207
Red Hat Security Advisory 2021-0224-01
Posted Jan 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0224-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2021-3156
MD5 | fca10731645632b7651350b8a317f2cc
Red Hat Security Advisory 2021-0227-01
Posted Jan 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0227-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2021-3156
MD5 | 4e07a9f7d2c9475cf4aa003e550f6901
Red Hat Security Advisory 2021-0219-01
Posted Jan 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0219-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2021-3156
MD5 | a209d1d7c6f73b8cd37c4b138f783ed1
Red Hat Security Advisory 2021-0225-01
Posted Jan 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0225-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2021-3156
MD5 | f6d5ea73692d355ec13895782578efb6
Red Hat Security Advisory 2021-0218-01
Posted Jan 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0218-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2021-3156
MD5 | 0e0d531555b1a03b20524c0ea3dd41c1
Red Hat Security Advisory 2021-0220-01
Posted Jan 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0220-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2021-3156
MD5 | cb8e73eaca61767190bff116e9b4f634
Red Hat Security Advisory 2021-0226-01
Posted Jan 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0226-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2021-3156
MD5 | 3d149efc7166eae17fd437dc5784bbeb
Gentoo Linux Security Advisory 202101-27
Posted Jan 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-27 - Multiple vulnerabilities were discovered in Gentoo's systemd unit for FreeRADIUS which could lead to root privilege escalation. Versions less than 3.0.20-r1 are affected.

tags | advisory, root, vulnerability
systems | linux, gentoo
MD5 | 7e2962d787843d00fee0a532e98438f5
Gentoo Linux Security Advisory 202101-22
Posted Jan 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-22 - A vulnerability in libvirt may allow root privilege escalation. Versions less than 6.7.0 are affected.

tags | advisory, root
systems | linux, gentoo
advisories | CVE-2020-14339
MD5 | b86d822c8605924db1e353e80d4a4fa1
Gentoo Linux Security Advisory 202101-11
Posted Jan 22, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-11 - Multiple vulnerabilities were discovered in Gentoo's ebuild for Zabbix which could lead to root privilege escalation. Versions less than 4.4.6 are affected.

tags | advisory, root, vulnerability
systems | linux, gentoo
MD5 | a5fbfc63fe9f36d35bd12a7f23c71a35
Inteno IOPSYS 3.16.4 Root Filesystem Access
Posted Jan 18, 2021
Authored by Henrik Pedersen

Inteno IOPSYS version 3.16.4 suffers from a newline injection issue with samba share options that allows an attacker root access to the filesystem.

tags | exploit, root, bypass
MD5 | 4dd764fc81b64e4c4edde1c782c708ff
Netsia SEBA+ 0.16.1 Authentcation Bypass / Add Root User
Posted Jan 15, 2021
Authored by AkkuS | Site metasploit.com

This Metasploit module exploits an authentication bypass in Netsia SEBA+ versions 0.16.1 and below to add a root user.

tags | exploit, root, bypass
MD5 | 48e1d8f9d10632c1de0461c5d272f23d
SpamTitan 7.07 Command Injection
Posted Jan 5, 2021
Authored by Christophe de la Fuente, Felipe Molina | Site metasploit.com

This Metasploit module exploits an improper input sanitization in SpamTitan versions 7.01, 7.02, 7.03 and 7.07 to inject command directives into the SNMP configuration file and get remote code execution as root. Note that only version 7.03 needs authentication and no authentication is required for versions 7.01, 7.02 and 7.07.

tags | exploit, remote, root, code execution
advisories | CVE-2020-11698
MD5 | 3fb380f22740f3fda8c78a8b5b723600
Zoom 4.6.239.20200613 Meeting Connector Post-Auth Remote Root
Posted Dec 31, 2020
Authored by Jeremy Brown

Zoom version 4.6.239.20200613 suffers from a Meeting Connector post-authentication remote root code execution vulnerability via the proxy server functionality. The latest Zoom client has this issue patched per Zoom.

tags | exploit, remote, root, code execution
MD5 | 502538df7bfbda265c17c493f89179b7
Webmin 1.962 Remote Command Execution
Posted Dec 22, 2020
Authored by AkkuS | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.962 and lower versions. Any user authorized to the Package Updates module can execute arbitrary commands with root privileges. It emerged by circumventing the measure taken for CVE-2019-12840.

tags | exploit, arbitrary, root
advisories | CVE-2020-35606
MD5 | 1767f5a7206b64ec8a9e4250627f1ee3
Pulse Secure VPN Remote Code Execution
Posted Dec 18, 2020
Authored by h00die, Spencer McIntyre, Richard Warren, David Cash | Site metasploit.com

The Pulse Connect Secure appliance versions prior to 9.1R9 suffer from an uncontrolled gzip extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in remote code execution as root. Admin credentials are required for successful exploitation.

tags | exploit, remote, arbitrary, root, code execution
advisories | CVE-2020-8260
MD5 | 59e340f2d15da503b7cef81774ba584f
Solaris SunSSH 11.0 x86 libpam Remote Root
Posted Dec 15, 2020
Authored by Hacker Fantastic

Solaris SunSSH versions 10 through 11.0 on x86 libpam remote root exploit.

tags | exploit, remote, x86, root
systems | solaris
advisories | CVE-2020-14871
MD5 | 8fbea7fde1a23252954cc85134e98724
Macally WIFISD2-2A82 2.000.010 Privilege Escalation
Posted Dec 14, 2020
Authored by Maximilian Barz, Daniel Schwendner

Macally WIFISD2-2A82 version 2.000.010 guest to root privilege escalation exploit.

tags | exploit, root
advisories | CVE-2020-29669
MD5 | 973230f1407ec95befb0262f806bbaef
Mandos Encrypted File System Unattended Reboot Utility 1.8.13
Posted Dec 1, 2020
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
MD5 | 0c7546acc41ef41a8e39453fd58f4cc9
Fujitsu Eternus Storage DX200 S4 Broken Authentication
Posted Nov 26, 2020
Authored by Seccops

Fujitsu Eternus Storage DX200 S4 fails to set cookies for authentication allowing for replay of URLs to achieve root level privileges.

tags | exploit, root
advisories | CVE-2020-29127
MD5 | 5ae6b1f300710953b64144f45eb1ec87
Page 1 of 135
Back12345Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    13 Files
  • 5
    Mar 5th
    9 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close