:: Deepquest ::

getpidcon() usage in hardware binder servicemanager on Android permits ACL bypass.

It was discovered that virtual address 0 is mappable via privileged write() to /proc/*/mem on Linux.

This Metasploit module exploits a PHP unserialize() vulnerability in Drupal RESTful Web Services by sending a crafted request to the /node REST endpoint. As per SA-CORE-2019-003, the initial remediation was to disable POST, PATCH, and PUT, but Ambionics discovered that GET was also vulnerable (albeit cached). Cached nodes can be exploited only once.

This Metasploit module exploits a command injection vulnerability in Imperva SecureSphere version 13.x. The vulnerability exists in the PWS service, where Python CGIs did not properly sanitize user supplied command parameters and directly passes them to corresponding CLI utility, leading to command injection. Agent registration credential is required to exploit SecureSphere in gateway mode. This […]

ClearOS 7 Community Edition suffers from a cross site scripting vulnerability.

This Metasploit module uses the su binary present on rooted devices to run a payload as root. A rooted Android device will contain a su binary (often linked with an application) that allows the user to run commands as root. This module will use the su binary to execute a command stager as root. The […]

This Metasploit module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit Intel processors. By design, 64-bit processors following the X86-64 specification will trigger a general protection fault (GPF) when executing a SYSRET instruction with a non-canonical address in the RCX register. However, Intel processors check for a non-canonical address prior to dropping […]

http://e-lib.ddc.moph.go.th/security/lang.tmp notified by M4L1KL8590X

Drupal < 8.5.11 / < 8.6.10 – RESTful Web Services unserialize() Remote Command Execution (Metasploit)

FreeBSD – Intel SYSRET Privilege Escalation (Metasploit)