Subscribe via feed.
Archive for March, 2022

Dirty Pipe Linux Privilege Escalation

Posted by deepcore under exploit (No Respond)

Proof of concept for a vulnerability in the Linux kernel existing since version 5.8 that allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes.

Dirty Pipe SUID Binary Hijack Privilege Escalation

Posted by deepcore under exploit (No Respond)

Variant proof of concept exploit for the Dirty Pipe file overwrite vulnerability. This version hijacks a SUID binary to spawn a root shell.

http://phon-thong.go.th

Posted by deepcore under defacement (No Respond)

http://phon-thong.go.th notified by 1877

Tags:

http://www.takdad.go.th

Posted by deepcore under defacement (No Respond)

http://www.takdad.go.th notified by 1877

Tags:

http://www.nongleng-bk.go.th

Posted by deepcore under defacement (No Respond)

http://www.nongleng-bk.go.th notified by 1877

Tags:

http://www.tohdeng.go.th

Posted by deepcore under defacement (No Respond)

http://www.tohdeng.go.th notified by 1877

Tags:

[local] Audio Conversion Wizard v2.01 – Buffer Overflow

Posted by deepcore under Security (No Respond)

Audio Conversion Wizard v2.01 – Buffer Overflow

Tags: ,

[local] Cobian Backup 0.9 – Unquoted Service Path

Posted by deepcore under Security (No Respond)

Cobian Backup 0.9 – Unquoted Service Path

Tags: ,

[webapps] Webmin 1.984 – Remote Code Execution (Authenticated)

Posted by deepcore under Security (No Respond)

Webmin 1.984 – Remote Code Execution (Authenticated)

Tags: ,

Foxit PDF Reader 11.0 Unquoted Service Path

Posted by deepcore under exploit (No Respond)

Foxit PDF Reader version 11.0 suffers from an unquoted service path vulnerability.