what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 3,675 RSS Feed

Root Files

Ubuntu Security Notice USN-6458-1
Posted Oct 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6458-1 - It was discovered that Slurm did not properly handle credential management, which could allow an unprivileged user to impersonate the SlurmUser account. An attacker could possibly use this issue to execute arbitrary code as the root user. It was discovered that Slurm did not properly handle access control when dealing with RPC traffic through PMI2 and PMIx, which could allow an unprivileged user to send data to an arbitrary unix socket in the host. An attacker could possibly use this issue to execute arbitrary code as the root user.

tags | advisory, arbitrary, root
systems | linux, unix, ubuntu
advisories | CVE-2022-29500, CVE-2022-29501, CVE-2022-29502
SHA-256 | fd8be9a6e4a0f304eeeaae3e16f54de466dd929852f00ffb10c2647f58340c01
VMWare Aria Operations For Networks SSH Private Key Exposure
Posted Oct 24, 2023
Authored by h00die, Harsh Jaiswal, Rahul Maini, SinSinology | Site metasploit.com

VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" (root) user.

tags | exploit, remote, root
advisories | CVE-2023-34039
SHA-256 | 64ffcacaea1bc62f727b2dd191fed3e691ed87d11e14a28285a0d1db38476562
Gentoo Linux Security Advisory 202310-08
Posted Oct 9, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-8 - A root privilege escalation through setuid executable and cron job has been discovered in man-db. Versions greater than or equal to 2.8.5 are affected.

tags | advisory, root
systems | linux, gentoo
advisories | CVE-2018-25078
SHA-256 | e4aabe866e1c6ec648f354ecbe47520ee91be112fc27b1f17b9e4e613a3bc3ab
Gentoo Linux Security Advisory 202310-02
Posted Oct 3, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-2 - Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.182.03 are affected.

tags | advisory, root, vulnerability
systems | linux, gentoo
advisories | CVE-2021-1052, CVE-2021-1053, CVE-2021-1056, CVE-2021-1076, CVE-2021-1077, CVE-2021-1090, CVE-2021-1093, CVE-2021-1094, CVE-2021-1095, CVE-2022-21813, CVE-2022-21814, CVE-2022-28181, CVE-2022-28183, CVE-2022-28184
SHA-256 | e1c6f338635adcbb35a166273024df96da7e5ca947db3cceedbfe4f89dc0a07d
Juniper SRX Firewall / EX Switch Remote Code Execution
Posted Oct 2, 2023
Authored by Ron Bowes, Jacob Baines, jheysel-r7 | Site metasploit.com

This Metasploit module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices running FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The first being auto_prepend_file which causes the provided file to be added using the require function. The second PHP function is allow_url_include which allows the use of URL-aware fopen wrappers. By enabling allow_url_include, the exploit can use any protocol wrapper with auto_prepend_file. The module then uses data:// to provide a file inline which includes the base64 encoded PHP payload. By default this exploit returns a session confined to a FreeBSD jail with limited functionality. There is a datastore option JAIL_BREAK, that when set to true, will steal the necessary tokens from a user authenticated to the J-Web application, in order to overwrite the root password hash. If there is no user authenticated to the J-Web application this method will not work. The module then authenticates with the new root password over SSH and then rewrites the original root password hash to /etc/master.passwd.

tags | exploit, web, root, php, protocol
systems | freebsd, bsd, juniper
advisories | CVE-2023-36845
SHA-256 | 23552b23e1cc0e2022181944f8894c8f7203e6893e7d1127561c3ffd867b9517
Gentoo Linux Security Advisory 202309-12
Posted Sep 29, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202309-12 - Multiple vulnerabilities have been found in sudo, the worst of which can result in root privilege escalation. Versions greater than or equal to 1.9.13_p2 are affected.

tags | advisory, root, vulnerability
systems | linux, gentoo
advisories | CVE-2023-27320, CVE-2023-28486, CVE-2023-28487
SHA-256 | b940b3b516fd26ec5cc5512a463203093e3dfccdc1c85bd20bb756f9fa018e43
Gentoo Linux Security Advisory 202309-09
Posted Sep 29, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202309-9 - Multiple vulnerabilities have been found in Pacemaker, the worst of which could result in root privilege escalation. Versions greater than or equal to 2.0.5_rc2 are affected.

tags | advisory, root, vulnerability
systems | linux, gentoo
advisories | CVE-2018-16877, CVE-2018-16878, CVE-2019-3885, CVE-2020-25654
SHA-256 | 83230435490a2f87299de357c01862d8ce15a18f158d7d5d9815b00668d7dd10
TOTOLINK Wireless Routers Remote Command Execution
Posted Sep 21, 2023
Authored by h00die-gr3y, Kazamayc | Site metasploit.com

Multiple TOTOLINK network products contain a command injection vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the command parameter. After exploitation, an attacker will have full access with the same user privileges under which the webserver is running - which is typically root.

tags | exploit, arbitrary, root
advisories | CVE-2023-30013
SHA-256 | fc2e74774d3c46b6268870bd1ebc63fc2bde4c03b9aa77f9c16fb05791fe2e00
Gentoo Linux Security Advisory 202309-06
Posted Sep 18, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202309-6 - Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. Versions greater than or equal to 4.18.4 are affected.

tags | advisory, remote, root, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2007-4559, CVE-2016-2124, CVE-2020-17049, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-20251, CVE-2021-20316, CVE-2021-23192, CVE-2021-3670, CVE-2021-3738, CVE-2021-44141
SHA-256 | 6a49581d3fdfb4a2202121f6c5b6544b859edc2a8b279089f9dbccf4ce66b153
Ivanti Sentry Authentication Bypass / Remote Code Execution
Posted Sep 13, 2023
Authored by jheysel-r7, James Horseman, Zach Hanley | Site metasploit.com

This Metasploit module exploits an authentication bypass in Ivanti Sentry which exposes API functionality which allows for code execution in the context of the root user.

tags | exploit, root, code execution
advisories | CVE-2023-38035
SHA-256 | ea4bf146aae20e6532518f5f14a0339f6c32348de42b3b15936e869ed48d8e04
VMware vRealize Log Insight Unauthenticated Remote Code Execution
Posted Sep 11, 2023
Authored by Ege Balci, Horizon3.ai Attack Team | Site metasploit.com

VMware vRealize Log Insights versions 8.x contain multiple vulnerabilities, such as directory traversal, broken access control, deserialization, and information disclosure. When chained together, these vulnerabilities allow a remote, unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. This Metasploit module achieves code execution via triggering a RemotePakDownloadCommand command via the exposed thrift service after obtaining the node token by calling a GetConfigRequest thrift command. After the download, it will trigger a PakUpgradeCommand for processing the specially crafted PAK archive, which then will place the JSP payload under a certain API endpoint (pre-authenticated) location upon extraction for gaining remote code execution. Successfully tested against version 8.0.2.

tags | exploit, remote, arbitrary, root, vulnerability, code execution, info disclosure
advisories | CVE-2022-31704, CVE-2022-31706, CVE-2022-31711
SHA-256 | 2e4132d3093987ff065179429e52ff5e9baad8185fde7f58136c18d0aa950a90
OpenTSDB 2.4.1 Unauthenticated Command Injection
Posted Sep 8, 2023
Authored by Erik Wynter, Gal Goldstein, Daniel Abeles | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in the key parameter in OpenTSDB through 2.4.1 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4.1 or lower, the module performs additional checks to obtain the configured metrics and aggregators. It then randomly selects one metric and one aggregator and uses those to instruct the target server to plot a graph. As part of this request, the key parameter is set to the payload, which will then be executed by the target if the latter is vulnerable. This module has been successfully tested against OpenTSDB version 2.4.1.

tags | exploit, remote, root, code execution
advisories | CVE-2023-25826, CVE-2023-36812
SHA-256 | 34f1ed88046d0a1cb1d6424711b6f621117f401a0d42ebfc307dc277ada181d2
Kingo ROOT 1.5.8 Unquoted Service Path
Posted Sep 5, 2023
Authored by Anish Feroz

Kingo ROOT version 1.5.8 suffers from an unquoted service path vulnerability.

tags | exploit, root
SHA-256 | 15d004eafd004ef186559710d16b83e93f1983a89a80746dae43f1c8491e7c72
Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification
Posted Aug 18, 2023
Authored by Jim Becher | Site korelogic.com

Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 suffers from an unpatched vulnerability in sudoedit, allowed by sudo configuration, which permits a low-privilege user to modify arbitrary files as root and subsequently execute arbitrary commands as root.

tags | exploit, arbitrary, root
systems | cisco
advisories | CVE-2023-22809
SHA-256 | 9caf2d86fd42cb7a6098a98695d2f0c8ac71c65afef31f1c6345f008453f417a
Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation
Posted Aug 18, 2023
Authored by Jim Becher | Site korelogic.com

Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 has an insecure sudo configuration which permits a low-privilege user to run arbitrary commands as root via the tcpdump command without a password.

tags | exploit, arbitrary, root
systems | cisco
advisories | CVE-2023-20224
SHA-256 | f0f074bfbbdfcf50b89b456bedfa1d6e2dad916eb9c805528576e82777cae103
Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read
Posted Aug 18, 2023
Authored by Hank Leininger, Jim Becher | Site korelogic.com

Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 has an insecure sudo configuration which permits a low-privilege user to read root-only files via the dig command without a password.

tags | exploit, root
systems | cisco
advisories | CVE-2023-20217
SHA-256 | 9a639b868d2a607d6808f5cc9c66c20f4c697461ce4034c2ce7534df93c6ec6e
AudioCodes VoIP Phones Hardcoded Key
Posted Aug 16, 2023
Authored by Moritz Abrell | Site syss.de

The AudioCodes VoIP phones store sensitive information, e.g. credentials and passwords, in encrypted form in their configuration files. These encrypted values can also be automatically configured, e.g. via the "One Voice Operation Center" or other central device management solutions. Due to the use of a hardcoded cryptographic key, an attacker with access to these configuration files is able to decrypt the encrypted values and retrieve sensitive information, e.g. the device root password. Firmware versions greater than or equal to 3.4.8.M4 are affected.

tags | exploit, root
advisories | CVE-2023-22957
SHA-256 | 29414b5c1036f3966c46308f74f15451f22b582e783e487f7aa45422c6dfd70f
Ubuntu Security Notice USN-6292-1
Posted Aug 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6292-1 - It was discovered that Ceph incorrectly handled crash dumps. A local attacker could possibly use this issue to escalate privileges to root.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2022-3650
SHA-256 | 75967740ce1a9069be3b5ffdad890e66bf3af3e56b32fbff26a28baf8de418c4
eLitius 1.0 Backup Disclosure
Posted Aug 15, 2023
Authored by indoushka

eLitius version 1.0 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure
SHA-256 | 37a6ad9ab40e37e23d7cbfe01ee9334c417b3339776c4691b7ae872e89ddb896
systemd 246 Local Root Privilege Escalation
Posted Aug 11, 2023
Authored by Iyaad Luqman K

systemd version 246 suffers from a local root privilege escalation vulnerability.

tags | exploit, local, root
advisories | CVE-2023-26604
SHA-256 | 5c18cab732f4f9e274da14d6344836a1cdf72bc01779fa89312ba4b4814d364b
e2 Distr CMS 2.8.5.3 Backup Disclosure
Posted Aug 10, 2023
Authored by indoushka

e2 Distr CMS version 2.8.5.3 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure
SHA-256 | 5433c74f920760e59a3889a4eb94f7621298cabe8eddf15f30585be24f026e98
Citrix ADC (NetScaler) Remote Code Execution
Posted Aug 4, 2023
Authored by Ron Bowes, Spencer McIntyre, Douglass McKee | Site metasploit.com

A vulnerability exists within Citrix ADC that allows an unauthenticated attacker to trigger a stack buffer overflow of the nsppe process by making a specially crafted HTTP GET request. Successful exploitation results in remote code execution as root.

tags | exploit, remote, web, overflow, root, code execution
advisories | CVE-2023-3519
SHA-256 | 94d1415f6fe455813346e8f6de25a1fa7b5b88484ea770a8bc9b669e25457a13
Western Digital MyCloud Unauthenticated Command Injection
Posted Jul 28, 2023
Authored by Remco Vermeulen, Erik Wynter, Steven Campbell | Site metasploit.com

This Metasploit module exploits authentication bypass (CVE-2018-17153) and command injection (CVE-2016-10108) vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the target is WD MyCloud. If so, it attempts to trigger an authentication bypass (CVE-2018-17153) via a crafted GET request to /cgi-bin/network_mgr.cgi. If the server responds as expected, the module assesses the vulnerability status by attempting to exploit a commend injection vulnerability (CVE-2016-10108) in order to print a random string via the echo command. This is done via a crafted POST request to /web/google_analytics.php. If the server is vulnerable, the same command injection vector is leveraged to execute the payload. This module has been successfully tested against Western Digital MyCloud version 2.30.183.

tags | exploit, remote, web, cgi, root, php, vulnerability, code execution
advisories | CVE-2016-10108, CVE-2018-17153
SHA-256 | 0ce2f1497429d5e02113422d33a5d38d119e0b68b4af0aa04d5b4189b6ef07f8
VMWare Aria Operations For Networks Remote Command Execution
Posted Jul 26, 2023
Authored by h00die, Sina Kheirkhah | Site metasploit.com

VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of root on the appliance. VMWare 6.x version are vulnerable. This Metasploit module exploits the vulnerability to upload and execute payloads gaining root privileges. Successfully tested against version 6.8.0.

tags | exploit, remote, arbitrary, root, code execution
advisories | CVE-2023-20887
SHA-256 | 9a55a0c02bec8e756eeac40f3ab58ccc0499c9bbbde741db5c148ebfa61b29ee
WordPress Duplicator 3.8.7 Backup Disclosure
Posted Jul 25, 2023
Authored by indoushka

WordPress Duplicator plugin version 3.8.7 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure
SHA-256 | 8f7867098777bfb7d7988fcc7cf6d15c45a7a00aa260411393d341e6ecc3e473
Page 4 of 147
Back23456Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close