This module attempts to exploit a debug backdoor privilege escalation in Allwinner SoC based devices. Vulnerable Allwinner SoC chips: H3, A83T or H8 which rely on Kernel 3.4. Vulnerable OS: all OS images available for Orange Pis, any for FriendlyARM's NanoPi M1, SinoVoip's M2+ and M3, Cuebietech's Cubietruck + Linksprite's pcDuino8 Uno. Exploitation may be possible against Dragon (x10) and Allwinner Android tablets.
This module attempts to exploit CVE-2014-0038, by sending a recvmmsg system call with a crafted timeout pointer parameter to gain root. This exploit has offsets for 3 Ubuntu 13 kernels built in: 3.8.0-19-generic (13.04 default), 3.11.0-12-generic (13.10 default), 3.11.0-15-generic (13.10). This exploit may take up to 13 minutes to run due to a decrementing (1/sec) pointer which starts at 0xff*3 (765 seconds).
A MITM attacker can manipulate assisted GPS/GNSS data provided by Qualcomm, which can cause Android devices to crash remotely and force a halt and then a soft reboot. This issue affects the open source code in AOSP and proprietary code in a Java XTRA downloader provided by Qualcomm.
The used XML parser is resolving external XML entities which allows attackers to rea files from the local filesystem and to perform port scans.
A Cross-Site Request Forgery (CSRF) vulnerability exists in PHP Enter 4.2.7 which allows an attacker to add a new post to the blog without authentication. The vulnerability exists due to the lack of CSRF protection in the 'addnews.php' script, which is called when a user submits a new post. An attacker can leverage this vulnerability to add a new post to the blog without authentication.
A Cross-Site Request Forgery (CSRF) vulnerability exists in BirdBlog 1.4.0, which allows an attacker to add a new post to the blog without authentication. An attacker can craft a malicious HTML page that contains a form with hidden fields and submit it to the vulnerable application. The application will then process the request as if it were submitted by an authenticated user.
Minecraft's launcher (minecraftLauncher.exe) suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Users' group, making the entire directory 'Minecraft' and its files and sub-dirs world-writable. This would allow an attacker the ability to inject code or replace the MinecraftLauncher executable and have it run in the context of the system.
A Cross-Site Request Forgery (CSRF) vulnerability exists in Spacemarc News, which allows an attacker to add a new post on behalf of an authenticated user. The attacker can craft a malicious HTML page containing a malicious request to the vulnerable application. When the victim visits the malicious page, the malicious request is sent to the vulnerable application, resulting in the addition of a new post.
This exploit allows an attacker to add a new post to the Maian Weblog 4.0 application. The attacker can craft a malicious HTML page containing a form with hidden fields that will submit the data to the vulnerable application. The attacker can then send the malicious page to an authenticated user of the application, and when the user visits the page, the form will be automatically submitted, resulting in the addition of a new post to the application.
Zend Studio IDE v13.5.1 is vulnerable to privilege escalation due to weak insecure permissions settings on its files/directory as the “Everyone” group has full access on it. This allows low privileged users to execute arbitrary code in the security context of any other users with elevated privileges on the affected system. An attacker can replace, modify or change the file, allowing them to inject code or replace the ZendStudio executable and have it run in the context of the system.
Services By CQR