exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 3,617 RSS Feed

Root Files

Gentoo Linux Security Advisory 202309-06
Posted Sep 18, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202309-6 - Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. Versions greater than or equal to 4.18.4 are affected.

tags | advisory, remote, root, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2007-4559, CVE-2016-2124, CVE-2020-17049, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-20251, CVE-2021-20316, CVE-2021-23192, CVE-2021-3670, CVE-2021-3738, CVE-2021-44141
SHA-256 | 6a49581d3fdfb4a2202121f6c5b6544b859edc2a8b279089f9dbccf4ce66b153
Ivanti Sentry Authentication Bypass / Remote Code Execution
Posted Sep 13, 2023
Authored by jheysel-r7, James Horseman, Zach Hanley | Site metasploit.com

This Metasploit module exploits an authentication bypass in Ivanti Sentry which exposes API functionality which allows for code execution in the context of the root user.

tags | exploit, root, code execution
advisories | CVE-2023-38035
SHA-256 | ea4bf146aae20e6532518f5f14a0339f6c32348de42b3b15936e869ed48d8e04
VMware vRealize Log Insight Unauthenticated Remote Code Execution
Posted Sep 11, 2023
Authored by Ege Balci, Horizon3.ai Attack Team | Site metasploit.com

VMware vRealize Log Insights versions 8.x contain multiple vulnerabilities, such as directory traversal, broken access control, deserialization, and information disclosure. When chained together, these vulnerabilities allow a remote, unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. This Metasploit module achieves code execution via triggering a RemotePakDownloadCommand command via the exposed thrift service after obtaining the node token by calling a GetConfigRequest thrift command. After the download, it will trigger a PakUpgradeCommand for processing the specially crafted PAK archive, which then will place the JSP payload under a certain API endpoint (pre-authenticated) location upon extraction for gaining remote code execution. Successfully tested against version 8.0.2.

tags | exploit, remote, arbitrary, root, vulnerability, code execution, info disclosure
advisories | CVE-2022-31704, CVE-2022-31706, CVE-2022-31711
SHA-256 | 2e4132d3093987ff065179429e52ff5e9baad8185fde7f58136c18d0aa950a90
OpenTSDB 2.4.1 Unauthenticated Command Injection
Posted Sep 8, 2023
Authored by Erik Wynter, Gal Goldstein, Daniel Abeles | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in the key parameter in OpenTSDB through 2.4.1 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4.1 or lower, the module performs additional checks to obtain the configured metrics and aggregators. It then randomly selects one metric and one aggregator and uses those to instruct the target server to plot a graph. As part of this request, the key parameter is set to the payload, which will then be executed by the target if the latter is vulnerable. This module has been successfully tested against OpenTSDB version 2.4.1.

tags | exploit, remote, root, code execution
advisories | CVE-2023-25826, CVE-2023-36812
SHA-256 | 34f1ed88046d0a1cb1d6424711b6f621117f401a0d42ebfc307dc277ada181d2
Kingo ROOT 1.5.8 Unquoted Service Path
Posted Sep 5, 2023
Authored by Anish Feroz

Kingo ROOT version 1.5.8 suffers from an unquoted service path vulnerability.

tags | exploit, root
SHA-256 | 15d004eafd004ef186559710d16b83e93f1983a89a80746dae43f1c8491e7c72
Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification
Posted Aug 18, 2023
Authored by Jim Becher | Site korelogic.com

Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 suffers from an unpatched vulnerability in sudoedit, allowed by sudo configuration, which permits a low-privilege user to modify arbitrary files as root and subsequently execute arbitrary commands as root.

tags | exploit, arbitrary, root
systems | cisco
advisories | CVE-2023-22809
SHA-256 | 9caf2d86fd42cb7a6098a98695d2f0c8ac71c65afef31f1c6345f008453f417a
Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation
Posted Aug 18, 2023
Authored by Jim Becher | Site korelogic.com

Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 has an insecure sudo configuration which permits a low-privilege user to run arbitrary commands as root via the tcpdump command without a password.

tags | exploit, arbitrary, root
systems | cisco
advisories | CVE-2023-20224
SHA-256 | f0f074bfbbdfcf50b89b456bedfa1d6e2dad916eb9c805528576e82777cae103
Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read
Posted Aug 18, 2023
Authored by Hank Leininger, Jim Becher | Site korelogic.com

Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 has an insecure sudo configuration which permits a low-privilege user to read root-only files via the dig command without a password.

tags | exploit, root
systems | cisco
advisories | CVE-2023-20217
SHA-256 | 9a639b868d2a607d6808f5cc9c66c20f4c697461ce4034c2ce7534df93c6ec6e
AudioCodes VoIP Phones Hardcoded Key
Posted Aug 16, 2023
Authored by Moritz Abrell | Site syss.de

The AudioCodes VoIP phones store sensitive information, e.g. credentials and passwords, in encrypted form in their configuration files. These encrypted values can also be automatically configured, e.g. via the "One Voice Operation Center" or other central device management solutions. Due to the use of a hardcoded cryptographic key, an attacker with access to these configuration files is able to decrypt the encrypted values and retrieve sensitive information, e.g. the device root password. Firmware versions greater than or equal to 3.4.8.M4 are affected.

tags | exploit, root
advisories | CVE-2023-22957
SHA-256 | 29414b5c1036f3966c46308f74f15451f22b582e783e487f7aa45422c6dfd70f
Ubuntu Security Notice USN-6292-1
Posted Aug 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6292-1 - It was discovered that Ceph incorrectly handled crash dumps. A local attacker could possibly use this issue to escalate privileges to root.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2022-3650
SHA-256 | 75967740ce1a9069be3b5ffdad890e66bf3af3e56b32fbff26a28baf8de418c4
eLitius 1.0 Backup Disclosure
Posted Aug 15, 2023
Authored by indoushka

eLitius version 1.0 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure
SHA-256 | 37a6ad9ab40e37e23d7cbfe01ee9334c417b3339776c4691b7ae872e89ddb896
systemd 246 Local Root Privilege Escalation
Posted Aug 11, 2023
Authored by Iyaad Luqman K

systemd version 246 suffers from a local root privilege escalation vulnerability.

tags | exploit, local, root
advisories | CVE-2023-26604
SHA-256 | 5c18cab732f4f9e274da14d6344836a1cdf72bc01779fa89312ba4b4814d364b
e2 Distr CMS 2.8.5.3 Backup Disclosure
Posted Aug 10, 2023
Authored by indoushka

e2 Distr CMS version 2.8.5.3 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure
SHA-256 | 5433c74f920760e59a3889a4eb94f7621298cabe8eddf15f30585be24f026e98
Citrix ADC (NetScaler) Remote Code Execution
Posted Aug 4, 2023
Authored by Ron Bowes, Spencer McIntyre, Douglass McKee | Site metasploit.com

A vulnerability exists within Citrix ADC that allows an unauthenticated attacker to trigger a stack buffer overflow of the nsppe process by making a specially crafted HTTP GET request. Successful exploitation results in remote code execution as root.

tags | exploit, remote, web, overflow, root, code execution
advisories | CVE-2023-3519
SHA-256 | 94d1415f6fe455813346e8f6de25a1fa7b5b88484ea770a8bc9b669e25457a13
Western Digital MyCloud Unauthenticated Command Injection
Posted Jul 28, 2023
Authored by Remco Vermeulen, Erik Wynter, Steven Campbell | Site metasploit.com

This Metasploit module exploits authentication bypass (CVE-2018-17153) and command injection (CVE-2016-10108) vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the target is WD MyCloud. If so, it attempts to trigger an authentication bypass (CVE-2018-17153) via a crafted GET request to /cgi-bin/network_mgr.cgi. If the server responds as expected, the module assesses the vulnerability status by attempting to exploit a commend injection vulnerability (CVE-2016-10108) in order to print a random string via the echo command. This is done via a crafted POST request to /web/google_analytics.php. If the server is vulnerable, the same command injection vector is leveraged to execute the payload. This module has been successfully tested against Western Digital MyCloud version 2.30.183.

tags | exploit, remote, web, cgi, root, php, vulnerability, code execution
advisories | CVE-2016-10108, CVE-2018-17153
SHA-256 | 0ce2f1497429d5e02113422d33a5d38d119e0b68b4af0aa04d5b4189b6ef07f8
VMWare Aria Operations For Networks Remote Command Execution
Posted Jul 26, 2023
Authored by h00die, Sina Kheirkhah | Site metasploit.com

VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of root on the appliance. VMWare 6.x version are vulnerable. This Metasploit module exploits the vulnerability to upload and execute payloads gaining root privileges. Successfully tested against version 6.8.0.

tags | exploit, remote, arbitrary, root, code execution
advisories | CVE-2023-20887
SHA-256 | 9a55a0c02bec8e756eeac40f3ab58ccc0499c9bbbde741db5c148ebfa61b29ee
WordPress Duplicator 3.8.7 Backup Disclosure
Posted Jul 25, 2023
Authored by indoushka

WordPress Duplicator plugin version 3.8.7 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure
SHA-256 | 8f7867098777bfb7d7988fcc7cf6d15c45a7a00aa260411393d341e6ecc3e473
pfSense Restore RRD Data Command Injection
Posted Jul 13, 2023
Authored by Emir Polat | Site metasploit.com

This Metasploit module exploits an authenticated command injection vulnerability in the "restore_rrddata()" function of pfSense prior to version 2.7.0 which allows an authenticated attacker with the "WebCfg - Diagnostics: Backup and Restore" privilege to execute arbitrary operating system commands as the "root" user. This module has been tested successfully on version 2.6.0-RELEASE.

tags | exploit, arbitrary, root
advisories | CVE-2023-27253
SHA-256 | aebb2b8cda994128d286f0b5a8a2c8b51efa5ec61f35fe1de15ab837e050e5a1
WordPress Duplicator 3.8.8 Backup Disclosure
Posted Jul 3, 2023
Authored by indoushka

WordPress Duplicator plugin version 3.8.8 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure
SHA-256 | dfcfcb24ad253ea2d39768da7b6e22274d168bdda3f278dad5f23b74f4c9b5dd
WordPress Duplicator 4.0.5 Backup Disclosure
Posted Jun 26, 2023
Authored by indoushka

WordPress Duplicator plugin version 4.0.5 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure
SHA-256 | ad0fa51ec975187287b8a06f41bafe979783319f010750beeb70fcc957fc356a
WordPress BackUpWordPress 3.8 Backup Disclosure
Posted Jun 22, 2023
Authored by indoushka

WordPress BackUpWordPress version 3.8 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure
SHA-256 | 0aa2086e4896317bbe3e7bdbf4459a1d7ed4b988564f1de3d17a4038856e606e
WordPress Google Maps 9.0.17 Backup Disclosure
Posted Jun 19, 2023
Authored by indoushka

WordPress Google Maps plugin version 9.0.17 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure
SHA-256 | 156dd68545b65c54c2373a2cda8dd9dda4f59fcde02261a810d41ad5c595eea7
WordPress File Manager Pro 8.3.1 Backup Disclosure
Posted Jun 19, 2023
Authored by indoushka

WordPress File Manager Pro plugin version 8.3.1 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure
SHA-256 | 4b88684db05c1e6e30e6201dd62cc4950900d94c6892036e226fe347c047f0f2
WordPress Envato 2.0.7 Backup Disclosure
Posted Jun 19, 2023
Authored by indoushka

WordPress Envato plugin version 2.0.7 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure
SHA-256 | f2094a0011047a7e71da6c767d74d1960b654e75fb3aa4d77b9cf52e5f7ccd7d
WordPress Unyson 2.7.28 Backup Disclosure
Posted Jun 16, 2023
Authored by indoushka

WordPress Unyson plugin version 2.7.28 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure
SHA-256 | ded4568e592a56e54d8658c4b65d33823bedb435257d32a3cc86b431e0051255
Page 2 of 145
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close