LibreNMS version 1.46 addhost remote code execution exploit.
>> ARCHIVE: 2019-06
LibreNMS version 1.46 addhost remote code execution exploit.
Google Chrome suffers from a use-after-free vulnerability in AudioWorkletGlobalScope::Process.
JS execution inside ScriptForbiddenScope can lead to a use-after-free condition in Google Chrome.
There’s a task in Windows Task Scheduler called “SilentCleanup” which, while it’s executed as Users, automatically runs with elevated privileges. When it runs, it executes the file %windir%system32cleanmgr.exe. Since it…
LibreNMS 1.46 – ‘addhost’ Remote Code Execution
Linux/x86 – Chmod + Execute (/usr/bin/wget http://192.168.1.93//x) + Hide Output Shellcode (129 bytes)
Windows/x86 – Start iexplore.exe (http://192.168.10.10/) Shellcode (191 Bytes)
D-Link models DIR-652, DIR-615, DIR-827, DIR-615, DIR-657, and DIR-825 suffer from an administrative password disclosure vulnerability.
Linux/x86 – ASCII AND, SUB, PUSH, POPAD Encoder Shellcode
Windows/x86 – bitsadmin Download and Execute (http://192.168.10.10/evil.exe “c:evil.exe”) Shellcode (210 Bytes)