exploit the possibilities
Showing 1 - 25 of 3,260 RSS Feed

Root Files

Red Hat Security Advisory 2020-0540-01
Posted Feb 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0540-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2019-18634
MD5 | d55f3d0a153ac5e7887d94495d764685
Red Hat Security Advisory 2020-0509-01
Posted Feb 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0509-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2019-18634
MD5 | 44d67fb50244e13f157bd402372134d6
Red Hat Security Advisory 2020-0498-01
Posted Feb 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0498-01 - The org.ovirt.engine-root is a core component of oVirt. Issues addressed include cross site scripting and null pointer vulnerabilities.

tags | advisory, root, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-19336
MD5 | be6712bb6e1b0b6fbcc03ea514fe6279
Red Hat Security Advisory 2020-0487-01
Posted Feb 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0487-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2019-18634
MD5 | 612c85a9d2cb652539696e8f19c95fbc
OpenSMTPD 6.6.1 Local Privilege Escalation
Posted Feb 11, 2020
Authored by Marco Ivaldi

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell meta-characters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

tags | exploit, remote, arbitrary, shell, root
systems | openbsd
advisories | CVE-2020-7247
MD5 | a5d9222315a88dc369bf246ac8d4d034
OpenSMTPD MAIL FROM Remote Code Execution
Posted Feb 7, 2020
Authored by wvu, Qualys Security Advisory | Site metasploit.com

This Metasploit module exploits a command injection in the MAIL FROM field during SMTP interaction with OpenSMTPD to execute code as the root user.

tags | exploit, root
advisories | CVE-2020-7247
MD5 | 2b9fdae42ead941fa800754cf08e9965
Ubuntu Security Notice USN-4268-1
Posted Feb 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4268-1 - It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could use this vulnerability to execute arbitrary commands as root.

tags | advisory, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2020-7247
MD5 | 790d961de63720b957664ca4b2256e8b
xglance-bin Local Root Privilege Escalation
Posted Feb 5, 2020
Authored by Tim Brown, Marco Ortisi, Robert Jaroszuk

xglance-bin local root privilege escalation exploit that has been tested on Linux RHEL 7.x/8.x systems.

tags | exploit, local, root
systems | linux
advisories | CVE-2014-2630
MD5 | 69705e0421d4672ecab9269c7e454287
Red Hat Security Advisory 2020-0388-01
Posted Feb 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0388-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability was addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | c01cf442081dc32b49eae3081561b242
Debian Security Advisory 4614-1
Posted Feb 3, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4614-1 - Joe Vennix discovered a stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the "pwfeedback" option enabled. An unprivileged user can take advantage of this flaw to obtain full root privileges.

tags | advisory, overflow, root
systems | linux, debian
advisories | CVE-2019-18634
MD5 | b8ce23ae3c877342694fbc6f85c091f9
Debian Security Advisory 4611-1
Posted Jan 30, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4611-1 - Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of email addresses which could result in the execution of arbitrary commands as root. In addition this update fixes a denial of service by triggering an opportunistic TLS downgrade.

tags | advisory, denial of service, arbitrary, root
systems | linux, debian
advisories | CVE-2020-7247
MD5 | 86b57c455931fcd59ee4f86326e684f4
OpenBSD OpenSMTPD Privilege Escalation / Code Execution
Posted Jan 29, 2020
Authored by Qualys Security Advisory

Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch smtpd to new grammar") and allows an attacker to execute arbitrary shell commands, as root.

tags | exploit, arbitrary, shell, root
systems | openbsd
advisories | CVE-2020-7247
MD5 | a167abd4844564a180e18a022a305764
Reliable Datagram Sockets (RDS) rds_atomic_free_op Privilege Escalation
Posted Jan 22, 2020
Authored by Brendan Coles, Jann Horn, Mohamed Ghannam, nstarke, wbowling | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a NULL pointer dereference in the rds_atomic_free_op function in the Reliable Datagram Sockets (RDS) kernel module (rds.ko). Successful exploitation requires the RDS kernel module to be loaded. If the RDS module is not blacklisted (default); then it will be loaded automatically. This exploit supports 64-bit Ubuntu Linux systems, including distributions based on Ubuntu, such as Linux Mint and Zorin OS. This exploit does not bypass SMAP. Bypasses for SMEP and KASLR are included. Failed exploitation may crash the kernel. This module has been tested successfully on various 4.4 and 4.8 kernels.

tags | exploit, kernel, root
systems | linux, ubuntu
advisories | CVE-2018-5333, CVE-2019-9213
MD5 | e83495fea436d8a384500ace26357f2f
Common Desktop Environment 2.3.1 Buffer Overflow
Posted Jan 17, 2020
Authored by Marco Ivaldi

A buffer overflow in the CheckMonitor() function in the Common Desktop Environment 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file. Note that Oracle Solaris CDE is based on the original CDE 1.x train, which is different from the CDE 2.x codebase that was later open sourced. Most notably, the vulnerable buffer in the Oracle Solaris CDE is stack-based, while in the open source version it is heap-based.

tags | exploit, overflow, local, root
systems | solaris
advisories | CVE-2020-2696
MD5 | f61714fa339de224c3899e225d64a420
Solaris xlock Information Disclosure
Posted Jan 17, 2020
Authored by Marco Ivaldi

A low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow local users to read partial contents of sensitive files. Due to the fact that target files must be in a very specific format, exploitation of this flaw to escalate privileges in a realistic scenario is unlikely.

tags | exploit, local, root, info disclosure
systems | solaris
advisories | CVE-2020-2656
MD5 | d43954458731660f576f082539a29af3
SunOS 5.10 Generic_147148-26 Local Privilege Escalation
Posted Jan 15, 2020
Authored by Marco Ivaldi

SunOS version 5.10 Generic_147148-26 local privilege escalation exploit. A buffer overflow in the CheckMonitor() function in the Common Desktop Environment versions 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file.

tags | exploit, overflow, local, root
systems | solaris
advisories | CVE-2020-2696
MD5 | 55c1e1683127ba3a3c82c35279e5e6db
Debian Security Advisory 4601-1
Posted Jan 10, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4601-1 - It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project incorrectly parsed responses from an SSH server which could result in local root privilege escalation.

tags | advisory, local, root
systems | linux, debian
MD5 | 693cc7f45920414191581d78799f2d01
FreeBSD fd Privilege Escalation
Posted Dec 30, 2019
Authored by Karsten Konig

Local root exploit for the FreeBSD fd vulnerability as disclosed in FreeBSD-SA-19:02.fd.

tags | exploit, local, root
systems | freebsd, bsd
advisories | CVE-2019-5596
MD5 | 6426b023a6749568c0e3de1d4ba2531a
FreeBSD mqueuefs Privilege Escalation
Posted Dec 30, 2019
Authored by Karsten Konig

Local root exploit for the FreeBSD mqueuefs vulnerability as disclosed in FreeBSD-SA-19:15.mqueuefs.

tags | exploit, local, root
systems | freebsd, bsd
MD5 | fa32a042469b8505c6692ec2c13703e4
Reptile Rootkit reptile_cmd Privilege Escalation
Posted Dec 23, 2019
Authored by Brendan Coles, f0rb1dd3n | Site metasploit.com

This Metasploit module uses Reptile rootkit's reptile_cmd backdoor executable to gain root privileges using the root command. This module has been tested successfully with Reptile from master branch (2019-03-04) on Ubuntu 18.04.3 (x64) and Linux Mint 19 (x64).

tags | exploit, root
systems | linux, ubuntu
MD5 | a45009c7d529d2cc46cd3ba0f3c2c122
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
Posted Dec 23, 2019
Authored by Dan Rosenberg, Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu 10.04 (x86_64) with kernel version 2.6.32-21-generic.

tags | exploit, kernel, root
systems | linux, fedora, ubuntu
advisories | CVE-2010-3904
MD5 | ae11a67b34fba9d465c0f0b7d84392d0
macOS Kernel wait_for_namespace_event() Race Condition / Use-After-Free
Posted Dec 18, 2019
Authored by Google Security Research, bazad

In the macOS kernel, the XNU function wait_for_namespace_event() in bsd/vfs/vfs_syscalls.c releases a file descriptor for use by userspace but may then subsequently destroy that file descriptor using fp_free(), which unconditionally frees the fileproc and fileglob. This opens up a race window during which the process could manipulate those objects while they're being freed. Exploitation requires root privileges.

tags | exploit, kernel, root
systems | bsd
MD5 | cba1e82afa4ec28fd0073d6cfded8a11
Qualys Security Advisory - OpenBSD Dynamic Loader Privilege Escalation
Posted Dec 12, 2019
Authored by Qualys Security Advisory

Qualys discovered a local privilege escalation in OpenBSD's dynamic loader (ld.so). This vulnerability is exploitable in the default installation (via the set-user-ID executable chpass or passwd) and yields full root privileges. They developed a simple proof of concept and successfully tested it against OpenBSD 6.6 (the current release), 6.5, 6.2, and 6.1, on both amd64 and i386; other releases and architectures are probably also exploitable.

tags | exploit, local, root, proof of concept
systems | openbsd
advisories | CVE-2019-19726
MD5 | 5cd25d74e467c8f83e9ece30c0c6b982
Inim Electronics SmartLiving SmartLAN/G/SI 6.x Remote Root
Posted Dec 10, 2019
Authored by LiquidWorm | Site zeroscience.mk

Inim Electronics SmartLiving SmartLAN/G/SI versions 6.x and below suffer from a remote root command execution vulnerability.

tags | exploit, remote, root
MD5 | fa5b04b87f4f1fdd3b909cfc78a8b51d
Red Hat Security Advisory 2019-4191-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4191-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability has been addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | b3aa81372e4847ca631a49474175167b
Page 1 of 131
Back12345Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    2 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    16 Files
  • 13
    Feb 13th
    19 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    14 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close