RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while unauthenticated. Affected versions include build 2032 and 2.0.625.
f9322f1de37bb8d2ca55321984365985RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to list directory contents and download arbitrary files from the affected system with root permissions. Affected versions include build 2032 and 2.0.625.
cf0963666627c1ee9797d65237efc163Citrix CloudBridge suffers from a CAKEPHP pre-authentication remote root cookie command injection vulnerability.
c2ccb69375ec5cc51c43f5d8342cbe14Barracuda Load Balancer Firmware versions 6.0.1.006 (2016-08-19) and below post-authentication remote root exploit.
dd9661cd7ce5c9e5b97ed4caa71a55d1Hashicorp vagrant-vmware-fusion versions 4.0.20 and below suffer from a local root privilege escalation vulnerability.
fa75f3b5ac8d64b6fe452388903fb02dPelco IP cameras suffer from a code execution vulnerability. The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter 'enable_leds' located in the update() function called via the GeneralSetupController.php script is not properly sanitised before being used in writeLedConfig() function to enable led state to on or off. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges using a specially crafted request and escape sequence to system shell.
f60def224c0da5db858f33bf6eef0e47glsa-2017-07-12.txt - A vulnerability in MAN DB allows local users to gain root privileges. Versions less than 2.7.6.1-r2 are affected.
d2cf885e9f9b4d10d6902996a35ca9d1Firmware reversing of the Barracuda Web Application Firewall uncovered debug features that should have been removed on the production images. Appending a debugging statement onto a grub configuration line leads to an early boot root shell. Firmware version 8.0.1.014 is affected.
f6f41f262997fb113e39f15d6d42c39cThis Metasploit module exploits a SQL injection flaw in the login functionality for GoAutoDial version 3.3-1406088000 and below, and attempts to perform command injection. This also attempts to retrieve the admin user details, including the cleartext password stored in the underlying database. Command injection will be performed with root privileges. The default pre-packaged ISO builds are available from goautodial.org. Currently, the hardcoded command injection payload is an encoded reverse-tcp bash one-liner and the handler should be setup to receive it appropriately.
06c8713656083241fef0e30117e4a409Humax Digital HG100R version 2.0.6 suffers from backup disclosure, root credential disclosure, and cross site scripting vulnerabilities.
d929ed2b472ae8a416c2a4ab898c7996VASA Provider Virtual Appliance versions prior to 8.3.x may potentially be vulnerable to an unauthenticated remote code execution vulnerability. An unauthenticated remote attacker could upload a malicious file to run arbitrary code on the system with root privileges.
7a04bf5491d9f34fb55f1d0f811bed79Gentoo Linux Security Advisory 201706-29 - A vulnerability in KAuth and KDELibs allows local users to gain root privileges. Versions less than 5.29.0-r1 are affected.
2e1adf52af34eb87ae2a65436a78b1eaThis Metasploit module exploits the command injection vulnerability of Symantec Messaging Gateway product. An authenticated user can execute a terminal command under the context of the web server user which is root. backupNow.do endpoint takes several user inputs and then pass them to the internal service which is responsible for executing operating system command. One of the user input is being passed to the service without proper validation. That cause an command injection vulnerability. But given parameters, such a SSH ip address, port and credentials are validated before executing terminal command. Thus, you need to configure your own SSH service and set the required parameter during module usage. This Metasploit module was tested against Symantec Messaging Gateway 10.6.2-7.
ec43893d466be8d6bcf23e16f2e3a697Red Hat Security Advisory 2017-1574-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
44f2e0da4add069336a1015cbe154411Logpoint versions prior to 5.6.4 suffer from an unauthenticated root remote code execution vulnerability.
14ffb04867769127d6cce81e8bf12416Utilizing the DCOS Cluster's Marathon UI, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owed by root. This exploit abuses this to create a cron job in the '/etc/cron.d/' path of the host server. Note that the docker image must be a valid docker image from hub.docker.com. Further more the docker container will only deploy if there are resources available in the DC/OS cluster.
5134d61680c1d915bf6df2f271f0ef72Red Hat Security Advisory 2017-1390-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root.
55c70f2d912f6723c0088653bd802993EnGenius EnShare suffers from an unauthenticated command injection vulnerability in which an attacker can inject and execute arbitrary code as the root user via the 'path' GET/POST parameter parsed by 'usbinteract.cgi' script.
6051f5e6ab0341318d0a8979089a82beSudo's get_process_ttyname() on Linux suffers from a race condition that allows for root privilege escalation.
5eda82fe13ce7a497c72ac993b7334e1TerraMaster F2-420 NAS TOS version 3.0.30 suffers from an unauthenticated remote root code execution vulnerability.
2719a3913cd96f69928a95ca4f994342Red Hat Security Advisory 2017-1382-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
6dbf0fc27ca09e1dd7ae21daf0265614Red Hat Security Advisory 2017-1381-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
fe603b76cbd6e5dbdaf3b6098d19c8d5Debian Linux Security Advisory 3867-1 - The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/[pid]/stat" to read the device number of the tty from field 7 (tty_nr). A sudoers user can take advantage of this flaw on an SELinux-enabled system to obtain full root privileges.
11c5b86698e660269acf2d0a6591dfa5Gentoo Linux Security Advisory 201705-15 - A vulnerability in sudo allows local users to gain root privileges. Versions less than 1.8.20_p1 are affected.
50dbb311c107f01cd173cbf1c479dcf4Gentoo Linux Security Advisory 201705-14 - A vulnerability in Smb4K could allow local attackers to execute commands as root. Versions less than 1.2.3-r1=E2=80=88 are affected.
271f9362f26bb0695e80069785725821
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed