header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

SystemTap MODPROBE_OPTIONS Privilege Escalation

This module attempts to gain root privileges by exploiting a vulnerability in the `staprun` executable included with SystemTap version 1.3. The `staprun` executable does not clear environment variables prior to executing `modprobe`, allowing an arbitrary configuration file to be specified in the `MODPROBE_OPTIONS` environment variable, resulting in arbitrary command execution with root privileges. This module has been tested successfully on systemtap 1.2-1.fc13-i686 on Fedora 13 (i686); and systemtap 1.1-3.el5 on RHEL 5.5 (x64).

ManageEngine Applications Manager 11.0 < 14.0 SQL Injection / Remote Code Execution

This module exploits sql and command injection vulnerability in the ManageEngine AM 14 and prior versions. An unauthenticated user can gain the authority of "system" on the server due to SQL injection vulnerability. Exploit allows the writing of the desired file to the system using the postgesql structure. Module is written over the payload by selecting a file with the extension ".vbs" that is used for monitoring by the ManageEngine which working with "system" authority. In addition, it dumps the users and passwords from the database for us. Keep in mind! After the harmful ".vbs" file is written, the shell session may be a bit late. Because the ManageEngine application should run this file itself.

Heap Corruption in Oracle Java Runtime Environment

A heap corruption was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of TrueType, implemented in a proprietary t2k library. It manifests itself in the form of a crash when running the command 'bin/java -cp . DisplaySfntFont test.ttf'. The crash can also be triggered under Valgrind on Linux platforms.

MailCarrier 2.51 – SEH Remote Buffer Overflow in “RETR” command(POP3)

This exploit takes advantage of a remote buffer overflow vulnerability in the "RETR" command of the MailCarrier 2.51 POP3 server. By sending a specially crafted request, an attacker can overwrite the Structured Exception Handler (SEH) and gain control of the program flow. This exploit creates a bind shell on port 443 and waits for a connection from the attacker.

LUAFV NtSetCachedSigningLevel Device Guard Bypass

The NtSetCachedSigningLevel system call can be tricked by the operation of LUAFV to apply a cached signature to an arbitrary file leading to a bypass of code signing enforcement under UMCI with Device Guard. The exploit involves creating a file with the contents of a valid Microsoft signed file, virtualizing that file using LUAFV, copying an unsigned executable to the virtual store with the target virtualized name, and calling NtSetCachedSigningLevel on the virtualized file.

Recent Exploits: