what you don't know can hurt you
Showing 1 - 25 of 3,233 RSS Feed

Root Files

Pulse Secure VPN Arbitrary Command Execution
Posted Nov 12, 2019
Authored by Orange Tsai, wvu, Meh Chang | Site metasploit.com

This Metasploit module exploits a post-auth command injection in the Pulse Secure VPN server to execute commands as root. The env(1) command is used to bypass application whitelisting and run arbitrary commands. Please see related module auxiliary/gather/pulse_secure_file_disclosure for a pre-auth file read that is able to obtain plaintext and hashed credentials, plus session IDs that may be used with this exploit. A valid administrator session ID is required in lieu of untested SSRF.

tags | exploit, arbitrary, root
advisories | CVE-2019-11539
MD5 | c74c7def1a1eed3c783bc01c33aa4259
Xorg X11 Server Local Privilege Escalation
Posted Nov 12, 2019
Authored by Narendra Shinde | Site metasploit.com

This Metasploit module has been tested with AIX 7.1 and 7.2, and should also work with 6.1. Due to permission restrictions of the crontab in AIX, this module does not use cron, and instead overwrites /etc/passwd in order to create a new user with root privileges. All currently logged in users need to be included when /etc/passwd is overwritten, else AIX will throw 'Cannot get "LOGNAME" variable' when attempting to change user. The Xorg '-fp' parameter used in the OpenBSD exploit does not work on AIX, and is replaced by '-config', in conjuction with ANSI-C quotes to inject newlines when overwriting /etc/passwd.

tags | exploit, root
systems | openbsd, aix
advisories | CVE-2018-14665
MD5 | 441242f216fc75457eaee333db550449
Prima Access Control 2.3.35 Script Upload Remote Code Execution
Posted Nov 12, 2019
Authored by LiquidWorm | Site applied-risk.com

Prima Access Control version 2.3.35 authenticated python script upload remote root code execution exploit.

tags | exploit, remote, root, code execution, python
advisories | CVE-2019-9189
MD5 | 117f749e7f2c75221ff5de44fb05a88a
FlexAir Access Control 2.3.38 Remote Root
Posted Nov 12, 2019
Authored by LiquidWorm | Site applied-risk.com

FlexAir Access Control version 2.3.38 authenticated remote root exploit that leverages command injection via a SetNTPServer request.

tags | exploit, remote, root
advisories | CVE-2019-7670
MD5 | cf54608f4937667e47f6bc6cb218dd77
FlexAir Access Control 2.3.38 Command Injection
Posted Nov 12, 2019
Authored by Sipke Mellema | Site applied-risk.com

FlexAir Access Control versions 2.3.38 and below remote root command injection exploit.

tags | exploit, remote, root
advisories | CVE-2019-7669
MD5 | bda839dcfe5896e2d89cbe0e3d1f28f1
Optergy 2.3.0a Remote Root
Posted Nov 12, 2019
Authored by LiquidWorm | Site applied-risk.com

Optergy versions 2.3.0a and below authenticated file upload remote root code execution exploit.

tags | exploit, remote, root, code execution, file upload
advisories | CVE-2019-7274
MD5 | f65d6a3bb4f0613c29b924c18b98dc3d
Nortek Linear eMerge E3 Access Controller 1.00-06 SSH/FTP Remote Root
Posted Nov 12, 2019
Authored by LiquidWorm | Site applied-risk.com

Nortek Linear eMerge E3 Access Controller versions 1.00-06 and below SSH/FTP remote root exploit.

tags | exploit, remote, root
advisories | CVE-2019-7261, CVE-2019-7265
MD5 | 5dbb8f18038e0e3939eb86697d0a7207
Optergy BMS 2.0.3a Remote Root
Posted Nov 12, 2019
Authored by LiquidWorm | Site applied-risk.com

Optergy BMS versions 2.0.3a and below unauthenticated remote root exploit. Related CVE number: CVE-2019-7276.

tags | exploit, remote, root
MD5 | 828db05389246ed7db50064512079555
Linear eMerge E3 1.00-06 card_scan_decoder.php Command Injection
Posted Nov 12, 2019
Authored by LiquidWorm | Site applied-risk.com

Linear eMerge E3 versions 1.00-06 and below unauthenticated command injection remote root exploit that leverages card_scan_decoder.php.

tags | exploit, remote, root, php
advisories | CVE-2019-7256
MD5 | 44a9793e2a7284d735e5ee358d786e4b
Linear eMerge E3 1.00-06 card_scan.php Command Injection
Posted Nov 12, 2019
Authored by LiquidWorm | Site applied-risk.com

Linear eMerge E3 versions 1.00-06 and below unauthenticated command injection remote root exploit that leverages card_scan.php.

tags | exploit, remote, root, php
advisories | CVE-2019-7256
MD5 | 6bc7028052702f5b76c1733414371eb8
Linear eMerge E3 1.00-06 Arbitrary File Upload Remote Root Code Execution
Posted Nov 12, 2019
Authored by LiquidWorm | Site applied-risk.com

Linear eMerge E3 versions 1.00-06 and below arbitrary file upload remote root code execution exploit.

tags | exploit, remote, arbitrary, root, code execution, file upload
advisories | CVE-2019-7257
MD5 | 7cb54d49b3539c9a3b2258832481a863
Red Hat Security Advisory 2019-3755-01
Posted Nov 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3755-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability has been addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | 319b3da38661d4f2123191192a6df573
Red Hat Security Advisory 2019-3754-01
Posted Nov 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3754-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability was addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | 46835b80662d2b715b83c9c0ea271830
Red Hat Security Advisory 2019-3694-01
Posted Nov 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3694-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability was addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | bd7e4be6350837b85ec0c14b544253f7
Ubuntu Security Notice USN-4171-4
Posted Nov 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4171-4 - USN-4171-2 fixed a vulnerability in Apport. The update caused a regression in the Python Apport library. This update fixes the problem for Ubuntu 14.04 ESM. Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. Various other issues were also addressed.

tags | advisory, local, root, python
systems | linux, ubuntu
advisories | CVE-2019-11481, CVE-2019-11482, CVE-2019-11483, CVE-2019-11485, CVE-2019-15790
MD5 | 1f07f6de70fdeb3fd7690f336bc3cfb3
Ubuntu Security Notice USN-4171-3
Posted Nov 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4171-3 - USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression in the Python Apport library. This update fixes the problem. Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. Various other issues were also addressed.

tags | advisory, local, root, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2019-11481, CVE-2019-11482, CVE-2019-11483, CVE-2019-11485, CVE-2019-15790
MD5 | e549544faf81ebbea551c9f8be0a7a87
Ubuntu Security Notice USN-4171-2
Posted Nov 4, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4171-2 - USN-4171-1 fixed several vulnerabilities in apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. Various other issues were also addressed.

tags | advisory, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-11481, CVE-2019-11482, CVE-2019-11483, CVE-2019-11485, CVE-2019-15790
MD5 | 9001ec2123f134738345960ba8a47141
Micro Focus (HPE) Data Protector SUID Privilege Escalation
Posted Nov 1, 2019
Authored by s7u55 | Site metasploit.com

This Metasploit module exploits the trusted $PATH environment variable of the SUID binary omniresolve in Micro Focus (HPE) Data Protector versions A.10.40 and below. The omniresolve executable calls the oracleasm binary using a relative path and the trusted environment $PATH, which allows an attacker to execute a custom binary with root privileges.

tags | exploit, root
advisories | CVE-2019-11660
MD5 | 176176eb167f93f37396bef2dc4cc6a0
Red Hat Security Advisory 2019-3278-01
Posted Oct 31, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3278-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability has been addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | 48dfb6453f3477d2a9b70fa56cba7fe4
Ubuntu Security Notice USN-4171-1
Posted Oct 30, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4171-1 - Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Various other issues were also addressed.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2019-11481, CVE-2019-11482, CVE-2019-11483, CVE-2019-11485, CVE-2019-15790
MD5 | 4435b79c84276bd5e52920e950cd2986
Red Hat Security Advisory 2019-3225-01
Posted Oct 29, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3225-01 - Java Security Services provides an interface between Java Virtual Machine and Network Security Services. It supports most of the security standards and encryption technologies supported by NSS including communication through SSL/TLS network protocols. JSS is primarily utilized by the Certificate Server as a part of the Identity Management System. The OCSP policy Leaf and Chain implicitly trusts the root certificate.

tags | advisory, java, root, protocol
systems | linux, redhat
advisories | CVE-2019-14823
MD5 | 041a48e4265ed01347d8984710428491
Red Hat Security Advisory 2019-3219-01
Posted Oct 29, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3219-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability has been addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | 7f68ee711bca7c2c5e2efd6a5655cebc
Red Hat Security Advisory 2019-3209-01
Posted Oct 28, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3209-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability was addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | ebf26ca1d7d153319f0462b216f5e312
Red Hat Security Advisory 2019-3205-01
Posted Oct 24, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3205-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation issue was addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | 7dbf3a069d1178a5fe9c748d6a5bc455
Red Hat Security Advisory 2019-3204-01
Posted Oct 24, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3204-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation issue was addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | 51d166ccec3a43da307e53c089688d74
Page 1 of 130
Back12345Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close