WordPress Unyson plugin version 2.7.28 appears to leave backups in a world accessible directory under the document root.
ded4568e592a56e54d8658c4b65d33823bedb435257d32a3cc86b431e0051255
This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.29 and below by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution". Exploiting vulnerable endpoint api.php?mobile/webNasIPS leaking sensitive information such as admin password hash and mac address, the attacker can achieve unauthenticated access and use another vulnerable endpoint api.php?mobile/createRaid with POST parameters raidtype and diskstring to execute remote code as root on TerraMaster NAS devices.
7e730a3eca39b8e6d103226c6deb4b1c15b54a16ab70d8fb24d2e419a087f25d
This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.06 and below via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute commands on the system under the same privileges as the web application, which typically runs under root at the TerraMaster Operating System.
8935d1e9f61d6f9eb3550ec44e1a8a5d97992b91e55a7456ae2af009097db539
Anevia Flamingo XL version 3.2.9 suffers from an SSH sandbox escape via the use of traceroute. A remote attacker can breakout of the restricted environment and have full root access to the device.
d01a03802c6672cc17ac7216582cc0ad2e643d89808e99df7c959276e761db6d
Anevia Flamingo XL version 3.6.20 suffers from an authenticated remote code execution vulnerability. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges.
43b14f668d4cb3067cebaa36c98d98889067ae017e721f40aa4910c9fb7f8585
Anevia Flamingo XS version 3.6.5 suffers from an authenticated remote code execution vulnerability. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges.
53e095bd8aa1c01d2554ab8f1b300973ebf09ad1794d93fb1b09c6ffe2266f09
Proof of concept code that exploits three bugs that can be used to gain arbitrary kernel code execution, read and write from the untrusted app domain. Kernel code is executed in the context of the root user and the exploit also disable SELinux. The exploit is tested on Samsung Galaxy A71 with firmware version A715FXXU3BUB5, Baseband A715FXXU3BUB4 and Kernel version 4.14.190-20973144.
d7fb13a8e212690bea66fdff3ce4d52d05a239e824796af7a580b4f67ac5a57d
Qualcomm kgsl driver use-after-free proof of concept exploit. The bug can be used to gain arbitrary kernel memory read and write from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Samsung Galaxy Z Flip 3 (European version SM-F711B) with firmware version F711BXXS2BUL6, Baseband F711BXXU2BUL4 and Kernel version 5.4.86-qgki-23063627-abF711BXXS2BUL6 (EUX region).
013038a08c172f14d7c3c6abb8e3556978d9037f5c5e575225e2ff3cf63e5655
Proof of concept exploit for Android on Arm Mali GPU with a kernel driver bug that can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6 with the November 2022 and January 2023 patch.
1c81e6cc4abcfe0ecb1417d1ee980963d887a2109472ab157bbd2c2fa62921ef
Proof of concept exploit for the Arm Mali GPU that can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6. The original exploit that was sent to Google is included as hello-jni.c as a reference and was tested on the July 2022 patch of the Pixel 6. Due to the fact that Pixel 6 cannot be downgraded from Android 13 to Android 12, an updated version of the exploit, mali_shrinker_mmap.c is included, which supports various firmware in Android 13, including the December patch, which is the latest affected version.
bc50f9e9f9fe69b36613124dc79ca07e6c6523713f3c1192a6204b4ec7783f2c
Proof of concept exploit for a memory corruption vulnerability in the Arm Mali GPU kernel driver that was reported in January of 2022. The bug can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6 and supports patch levels from November 2021 to February 2022. It is easy to add support for other firmware by changing a few image offsets.
66eea2398301c881c76dc1359392bb4e7585bacb1998c8e4de619ba964588857
Proof of concept exploit for GHSL-2023-005. A security patch from the upstream Arm Mali driver somehow got missed out in the update for the Pixel phones and was reported to Google in January 2023. The bug can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6 for devices running the January 2023 patch.
b4dee085caf18f3a2b27ef4e7e723670fff60eb3022abf602e9819d7317518e8
This Metasploit module exploits a remote unauthenticated command injection vulnerability in the Internet Key Exchange (IKE) packet decoder over UDP port 500 on the WAN interface of several Zyxel devices. The affected devices are as follows: ATP (Firmware version 4.60 to 5.35 inclusive), USG FLEX (Firmware version 4.60 to 5.35 inclusive), VPN (Firmware version 4.60 to 5.35 inclusive), and ZyWALL/USG (Firmware version 4.60 to 4.73 inclusive). The affected devices are vulnerable in a default configuration and command execution is with root privileges.
3332119f6d5058915a969972306dbb9e73aceea251afd2cffb7a4ddeec5a1966
Ubuntu Security Notice 6146-1 - It was discovered that Netatalk did not properly validate the length of user-supplied data in the DSI structures. A remote attacker could possibly use this issue to execute arbitrary code with the privileges of the user invoking the programs. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Netatalk did not properly validate the length of user-supplied data in the ad_addcomment function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
0a3668c0e69cd8ae683363baf9ba82938a5c5b1456134e2145fda35db4ca4ee9
WordPress WP File Manager plugin version 7.1.7 appears to leave backups in a world accessible directory under the document root.
c9005fcccee0a6133165a91ee9c215da9f0dd7075b27a4f3a42d3ac18c40a37e
WordPress WPtouch Pro version 4 appears to leave backups in a world accessible directory under the document root.
65984e1a3efd66a52431d7ebf5925f03c78ba05afc631500a01fc5a24e0ea25e
Red Hat Security Advisory 2023-3276-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
51db434bdac9e1d765db7e0ae1a010d796c792f5cce968883d44dfaf31b8adcb
Red Hat Security Advisory 2023-3264-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
e8f110482b397ce1e47cf5d7e98aa19d70eb562abdcedf32f01dd4d680b158e4
Red Hat Security Advisory 2023-3262-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
11d9dda85ca2c49f645d2c1b7dcd437b36abe926970a4eb90e03bad63db3e459
This exploit takes advantage of a vulnerability in sudoedit, part of the sudo package. The sudoedit (aka sudo -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. by appending extra entries on /etc/sudoers allowing for execution of an arbitrary payload with root privileges. Affected versions are 1.8.0 through 1.9.12.p1. However, this module only works against Ubuntu 22.04 and 22.10. This module was tested against sudo 1.9.9-1ubuntu2 on Ubuntu 22.04 and 1.9.11p3-1ubuntu1 on Ubuntu 22.10.
eaefd5435610f2d14b94c9716c1cfacaa1464408e9bb9ca12c02d1fd7cb21f04
This Metasploit module exploits a command injection vulnerability in IBM AIX invscout set-uid root utility present in AIX 7.2 and earlier. The undocumented -rpm argument can be used to install an RPM file; and the undocumented -o argument passes arguments to the rpm utility without validation, leading to command injection with effective-uid root privileges. This module has been tested successfully on AIX 7.2.
f3e0281ebf8cc8be1ea81e0032c40dcbde5f2db791362ec9903abdd761d6ef66
Ivanti Avalanche versions prior to 6.4.0.186 permits MS-DOS style short names in the configuration path for the Central FileStore. Because of this, an administrator can change the default path to the web root of the applications, upload a JSP file, and achieve remote command execution as NT AUTHORITY\SYSTEM.
2d460c161e59ed0128cbce4a78b4bddc06c84edf0d04e1d6643a9c60b4012dc5
Gentoo Linux Security Advisory 202305-19 - A vulnerability has been discovered in Firejail which could result in local root privilege escalation.
a1cc5fd4c53d65e90316083ec113adeb3139a95bfa06da605b2b15ba54807504
Gentoo Linux Security Advisory 202305-14 - A vulnerability has been discovered in uptimed which could result in root privilege escalation. Versions less than 0.4.6-r1 are affected.
bc372404c988cf4e4c037c3f15aa29c339776307d0b656e7b70be7cfcfb1b929
Gentoo Linux Security Advisory 202305-12 - A vulnerability has been discovered in sudo which could result in root privilege escalation. Versions less than 1.9.12_p2 are affected.
b8f9643203a24f27c9e405bdb0297e4ad8adff7235b76a4220ae9bf87e546de1