:: Deepquest ::

This Metasploit module attempts to gain root privileges by blindly injecting into the session user’s running shell processes and executing commands by calling system(), in the hope that the process has valid cached sudo tokens with root privileges. The system must have gdb installed and permit ptrace. This module has been tested successfully on Debian […]

This Metasploit module attempts to gain root privileges by exploiting a vulnerability in ktsuss versions 1.4 and prior. The ktsuss executable is setuid root and does not drop privileges prior to executing user specified commands, resulting in command execution with root privileges. This module has been tested successfully on ktsuss 1.3 on SparkyLinux 6 (2019.08) […]

The Cisco UCS Director virtual appliance contains two flaws that can be combined and abused by an attacker to achieve remote code execution as root. The first one, CVE-2019-1937, is an authentication bypass, that allows the attacker to authenticate as an administrator. The second one, CVE-2019-1936, is a command injection in a password change form, […]

This archive contains all of the 159 exploits added to Packet Storm in August, 2019.

http://www.dms.moph.go.th/dpk.txt notified by UnM@SK

Cisco UCS Director – default scpuser password (Metasploit)

ptrace – Sudo Token Privilege Escalation (Metasploit)

ktsuss 1.4 – suid Privilege Escalation (Metasploit)

Kaseya VSA agent 9.5 – Privilege Escalation

Cisco Email Security Appliance (IronPort) C160 – ‘Host’ Header Injection