>> CATEGORY: exploit

This Metasploit module leverages a remote shell upload vulnerability in pfSense pfBlockerNG plugin versions 2.1.4_26 and below. Note that version 3.x is unaffected.

MiniDVBLinux version 5.4 suffers from an OS command injection vulnerability. This can be exploited to execute arbitrary commands with root privileges.

Backdoor.Win32.Redkod.d malware suffers from a hardcoded credential vulnerability.

WiFi File Transfer version 1.0.8 suffers from a cross site scripting vulnerability.

MiniDVBLinux version 5.4 suffers from an OS command execution vulnerability. This can be exploited to execute arbitrary commands as root through the command GET parameter in /tpl/commands.sh.

WordPress Photo Gallery plugin version 1.8.0 suffers from a cross site scripting vulnerability.

MiniDVBLinux versions 5.4 and below suffer from an arbitrary file disclosure vulnerability.

This is a write up demonstrating how to get root on macOS 12.3.1 using CoreTrust and DriverKit bugs. Included is the spawn_root proof of concept.

Zentao Project Management System version 17.0 suffers from an authenticated remote code execution vulnerability.

During a penetration test of an Electronic Banking Internet Communication Standard (EBICS) environment, Pentagrid observed a cross site scripting vulnerability in the EBICS banking implementation developed by CREALOGIX AG and…