Exploit the possiblities
Showing 1 - 25 of 3,002 RSS Feed

Root Files

Ubuntu Security Notice USN-3480-1
Posted Nov 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3480-1 - Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. Sander Bos discovered that Apport incorrectly handled core dumps for processes in a different PID namespace. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. Various other issues were also addressed.

tags | advisory, denial of service, local, root
systems | linux, ubuntu
advisories | CVE-2017-14177, CVE-2017-14180
MD5 | ec83aff8d4c1ba0449ff6a2c615026b1
Gentoo Linux Security Advisory 201711-11
Posted Nov 13, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201711-11 - A vulnerability was discovered in VDE which may allow local users to gain root privileges. Versions less than 2.3.2-r4 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2017-16638
MD5 | a90c470fafed0730b44df4b87f46647a
Gentoo Linux Security Advisory 201711-04
Posted Nov 10, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201711-4 - A vulnerability was discovered in MariaDB and MySQL which may allow local users to gain root privileges. Versions less than 10.0.30-r1 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2017-15945
MD5 | 4a169acdc13170a061ca8fa622a3276a
Splunk 6.6.x Local Privilege Escalation
Posted Nov 3, 2017
Authored by Hank Leininger | Site korelogic.com

Splunk version 6.6.x suffers from a local privilege escalation vulnerability. Splunk can be configured to run as a non-root user. However, that user owns the configuration file that specifies the user to run as, so it can trivially gain root privileges.

tags | exploit, local, root
MD5 | 3e674b7b7b2bbcdc76d6019cc12711aa
Sera 1.2 Local Root / Password Disclosure
Posted Nov 2, 2017
Authored by Mark Wadham

Sera version 1.2 suffers from a password disclosure that can allow for root privilege escalation.

tags | exploit, root
advisories | CVE-2017-15918
MD5 | 4625b7cb42f5e2f2c434c541fa4f6c89
ZyXEL PK5001Z Modem Backdoor Account
Posted Nov 2, 2017
Authored by Matthew Sheimo

The ZyXEL PK5001Z modem has a hardcoded backdoor admin account that allows escalation to root.

tags | exploit, root
advisories | CVE-2016-10401
MD5 | bca3b4449d9fcb8fb0e87e0643eda104
Ubuntu Security Notice USN-3462-1
Posted Oct 24, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3462-1 - Jan PokornA1/2 and Alain Moulle discovered that Pacemaker incorrectly handled the IPC interface. A local attacker could possibly use this issue to execute arbitrary code with root privileges. Alain Moulle discovered that Pacemaker incorrectly handled authentication. A remote attacker could possibly use this issue to shut down connections, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2016-7035, CVE-2016-7797
MD5 | a5d252d4d1b9c6e38ac137a0ec0f33a1
Unitrends UEB 9 HTTP API/Storage Remote Root
Posted Oct 21, 2017
Authored by Benny Husted, Cale Smith, Jared Arave | Site metasploit.com

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.

tags | exploit, remote, web, arbitrary, root
advisories | CVE-2017-12478
MD5 | a515b24571a355cc139de851e5a2e690
Unitrends UEB bpserverd Authentication Bypass / Remote Command Execution
Posted Oct 21, 2017
Authored by Benny Husted, Cale Smith, Jared Arave | Site metasploit.com

It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.

tags | exploit, remote, arbitrary, root, protocol
advisories | CVE-2017-12477
MD5 | 6b1ce2c3fcd74a7db43ca487c3706403
Polycom Command Shell Authorization Bypass
Posted Oct 21, 2017
Authored by Paul Haas, h00die | Site metasploit.com

The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection in the ping command which can be used to execute arbitrary commands as root.

tags | exploit, remote, arbitrary, shell, root
MD5 | 19e483d20fd0e5d1252e6caf45e27fba
TP-Link WR940N Remote Code Execution
Posted Oct 21, 2017
Authored by Tim Carrington | Site fidusinfosec.com

Numerous remote code execution paths were discovered in TP-Link's WR940N home WiFi router. Valid credentials are required for this attack path. It is possible for an authenticated attacker to obtain a remote shell with root privileges.

tags | exploit, remote, shell, root, code execution
advisories | CVE-2017-13772
MD5 | 6bceaa1fe350d1c27550d6f8f857b131
Gentoo Linux Security Advisory 201710-07
Posted Oct 9, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-7 - A vulnerability in OCaml may allow local users to gain root privileges. Versions less than 4.04.2 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2017-9772
MD5 | a0e83fc410871cd1c010cf42010f036b
Gentoo Linux Security Advisory 201710-04
Posted Oct 9, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-4 - A vulnerability in sudo allows local users to gain root privileges. Versions less than 1.8.20_p2 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2017-1000368
MD5 | 2b7b8500159e9ea8e521e652162fe8ae
Rancher Server Docker Exploit
Posted Oct 8, 2017
Authored by Martin Pizala | Site metasploit.com

Utilizing Rancher Server, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owed by root. This exploit abuses this to creates a cron job in the '/etc/cron.d/' path of the host server. The Docker image should exist on the target system or be a valid image from hub.docker.com. Use `check` with verbose mode to get a list of exploitable Rancher Hosts managed by the target system.

tags | exploit, root
MD5 | 95f554ad4f1eaade4893a650144af8f0
UCOPIA Wireless Appliance 5.1 Code Execution
Posted Oct 5, 2017
Authored by agix

UCOPIA Wireless Appliance versions 5.1 and below suffer from a captive portal remote root code execution vulnerability.

tags | exploit, remote, root, code execution
MD5 | 030235cff7891b7fb5266503f44d6d01
Solarwinds LEM Insecure Update Process
Posted Sep 26, 2017
Authored by Hank Leininger

Software updates for Solarwinds products are packaged and delivered insecurely, leading to root compromise of Solarwinds devices.

tags | advisory, root
MD5 | 80fc94af19356ab49a171c02ae5a06b3
FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) Remote Root
Posted Sep 25, 2017
Authored by LiquidWorm | Site zeroscience.mk

FLIR Camera PT-Series suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exist due to several POST parameters in controllerFlirSystem.php script when calling the execFlirSystem() function not being sanitized when using the shell_exec() PHP function while updating the network settings on the affected device. This allows the attacker to execute arbitrary system commands as the root user and bypass access controls in place.

tags | exploit, remote, arbitrary, root, php, vulnerability
MD5 | 5ddf109d3a422df75105565034f680b0
FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection
Posted Sep 25, 2017
Authored by LiquidWorm | Site zeroscience.mk

FLIR FC-S/PT series suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user.

tags | exploit, arbitrary, shell, root
MD5 | 636a089048b47449c889902485301766
Supervisor XML-RPC Authenticated Remote Code Execution
Posted Sep 25, 2017
Authored by Calum Hutton | Site metasploit.com

This Metasploit module exploits a vulnerability in the Supervisor process control software, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. This vulnerability can only be exploited by an authenticated client, or if supervisord has been configured to run an HTTP server without authentication. This vulnerability affects versions 3.0a1 to 3.3.2.

tags | exploit, web, arbitrary, shell, root
advisories | CVE-2017-11610
MD5 | 72e2b4eea477f27f5a652ee4327d9755
Gentoo Linux Security Advisory 201709-20
Posted Sep 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-20 - A vulnerability in Postfix may allow local users to gain root privileges. Versions less than 3.1.6 are affected.

tags | advisory, local, root
systems | linux, gentoo
MD5 | 52755bd8a08016b2a85cec49eaaf5015
Gentoo Linux Security Advisory 201709-19
Posted Sep 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-19 - A vulnerability in Exim may allow local users to gain root privileges. Versions less than 4.89-r1 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2017-1000369
MD5 | c4cda9020eacdc18314d460e10c57921
DlxSpot Hardcoded Password
Posted Sep 19, 2017
Authored by Simon Brannstrom

DlxSpot Player4 LED video wall has a hardcoded password that allows you to ssh in and escalate to root.

tags | exploit, root
advisories | CVE-2017-12928, CVE-2017-12929, CVE-2017-12930
MD5 | a8c160f05eb5b14922777c74c7455bf9
Gentoo Linux Security Advisory 201709-11
Posted Sep 18, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-11 - Gentoo's GIMPS ebuilds are vulnerable to privilege escalation due to improper permissions. A local attacker could use it to gain root privileges. Versions less than 28.10-r1 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2017-14484
MD5 | c88f541b6a168b9f0e88964c59cf0ef8
Ubuntu Security Notice USN-3346-2
Posted Sep 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3346-2 - USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update adds the new root zone key signing key. Various other issues were also addressed.

tags | advisory, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-3142, CVE-2017-3143
MD5 | 6f82feb480bd6612b9d8ced44919b34e
Gentoo Linux Security Advisory 201709-05
Posted Sep 17, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-5 - A vulnerability in chkrootkit may allow local users to gain root privileges. Versions less than 0.50 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2014-0476
MD5 | 8e8deded30eaedbb8641385e2485f018
Page 1 of 121
Back12345Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close