[remote] Apache Spark – Unauthenticated Command Execution (Metasploit)
Posted by deepcore under Security (No Respond)
Archive for November, 2018
[dos] VBScript – 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free
Posted by deepcore under Security (No Respond)
VBScript – ‘OLEAUT32!VariantClear’ and ‘scrrun!VBADictionary::put_Item’ Use-After-Free
Tags: 0day, remote exploit[local] xorg-x11-server < 1.20.3 – 'modulepath' Local Privilege Escalation
Posted by deepcore under Security (No Respond)
[local] HTML5 Video Player 1.2.5 – Buffer Overflow (Metasploit)
Posted by deepcore under Security (No Respond)
[dos] Linux Kernel 4.8 (Ubuntu 16.04) – Leak sctp Kernel Pointer
Posted by deepcore under Security (No Respond)
[webapps] Synaccess netBooter NP-02x/NP-08x 6.8 – Authentication Bypass
Posted by deepcore under Security (No Respond)
[dos] VBScript – 'rtFilter' Out-of-Bounds Read
Posted by deepcore under Security (No Respond)
[webapps] Schneider Electric PLC – Session Calculation Authentication Bypass
Posted by deepcore under Security (No Respond)
TeamCity Agent XML-RPC Command Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module allows remote code execution on TeamCity Agents configured to use bidirectional communication via xml-rpc. In bidirectional mode the TeamCity server pushes build commands to the Build Agents over port TCP/9090 without requiring authentication. Up until version 10 this was the default configuration. This Metasploit module supports TeamCity agents from version 6.0 onwards.
Mac OS X libxpc MITM Privilege Escalation
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits a vulnerability in libxpc on macOS versions 10.13.3 and below. The task_set_special_port API allows callers to overwrite their bootstrap port, which is used to communicate with launchd. This port is inherited across forks: child processes will use the same bootstrap port as the parent. By overwriting the bootstrap port and forking […]