Apache Spark – Unauthenticated Command Execution (Metasploit)
[dos] VBScript – 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free
VBScript – ‘OLEAUT32!VariantClear’ and ‘scrrun!VBADictionary::put_Item’ Use-After-Free
[local] xorg-x11-server < 1.20.3 – 'modulepath' Local Privilege Escalation
xorg-x11-server < 1.20.3 – 'modulepath' Local Privilege Escalation
[local] HTML5 Video Player 1.2.5 – Buffer Overflow (Metasploit)
HTML5 Video Player 1.2.5 – Buffer Overflow (Metasploit)
[dos] Linux Kernel 4.8 (Ubuntu 16.04) – Leak sctp Kernel Pointer
Linux Kernel 4.8 (Ubuntu 16.04) – Leak sctp Kernel Pointer
[webapps] Synaccess netBooter NP-02x/NP-08x 6.8 – Authentication Bypass
Synaccess netBooter NP-02x/NP-08x 6.8 – Authentication Bypass
[dos] VBScript – 'rtFilter' Out-of-Bounds Read
VBScript – ‘rtFilter’ Out-of-Bounds Read
[webapps] Schneider Electric PLC – Session Calculation Authentication Bypass
Schneider Electric PLC – Session Calculation Authentication Bypass
TeamCity Agent XML-RPC Command Execution
This Metasploit module allows remote code execution on TeamCity Agents configured to use bidirectional communication via xml-rpc. In bidirectional mode the TeamCity server pushes build commands to the Build Agents over port TCP/9090 without requiring authentication. Up until version 10 this was the default configuration. This Metasploit module supports TeamCity agents from version 6.0 onwards.
Mac OS X libxpc MITM Privilege Escalation
This Metasploit module exploits a vulnerability in libxpc on macOS versions 10.13.3 and below. The task_set_special_port API allows callers to overwrite their bootstrap port, which is used to communicate with launchd. This port is inherited across forks: child processes will use the same bootstrap port as the parent. By overwriting the bootstrap port and forking […]