Xorg X11 server on AIX local privilege escalation exploit.

This Metasploit module has been tested with AIX 7.1 and 7.2, and should also work with 6.1. Due to permission restrictions of the crontab in AIX, this module does not use cron, and instead overwrites /etc/passwd in order to create a new user with root privileges. All currently logged in users need to be included when /etc/passwd is overwritten, else AIX will throw 'Cannot get "LOGNAME" variable' when attempting to change user. The Xorg '-fp' parameter used in the OpenBSD exploit does not work on AIX, and is replaced by '-config', in conjuction with ANSI-C quotes to inject newlines when overwriting /etc/passwd.

The imap_open function within PHP, if called without the /norsh flag, will attempt to preauthenticate an IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's ProxyCommand option can be passed from imap_open to execute arbitrary commands. While many custom applications may use imap_open, this exploit works against the following applications: e107 v2, prestashop, SuiteCRM, as well as Custom, which simply prints the exploit strings for use. Prestashop exploitation requires the admin URI, and administrator credentials. suiteCRM/e107/hostcms require administrator credentials.

This Metasploit module exploits a vulnerability in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the server. For all supported targets except Linux (cmd), the module uses a command stager to write the exploit to the target via the malicious plugin. This may not work if Nagios XI is running in a restricted Unix environment, so in that case the target must be set to Linux (cmd). The module then writes the payload to the malicious plugin while avoiding commands that may not be supported. Valid credentials for a user with administrative privileges are required. This module was successfully tested on Nagios XI 5.6.5 running on CentOS 7. The module may behave differently against older versions of Nagios XI.

Whitepaper that shows how easy you can build a fuzzer for the MQTT protocol by using the Polymorph framework.

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads.

This is a tool that generates a Linux kernel module for custom rules with Netfilter hooking to block ports, run in hidden mode, perform rootkit functions, etc.

HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.

Unofficial patch for the ASPjar Guestbook login.asp vulnerability that allows bypassing of the authentication process.

Patch for the xine/gxine CD player that was found susceptible to a remote format string bug. The vulnerable code is found in the xine-lib library that both xine and gxine use. The vulnerable versions are at least xine-lib-0.9.13, 1.0, 1.0.1, 1.0.2 and 1.1.0.

Unofficial temporary fix for the critical Windows WMF vulnerability which Microsoft will patch on 1/10/06. Tested on Windows 2000, Windows XP, and Windows XP Professional 64 Bit. The author recommends switching to the official MS patch when it becomes available. Includes c++ source.

OpenSSH patch tested with versions 4.2p1 and 4.7p1 that allows for a hidden user to login with root permissions.

A patch for the popular open-source FreeRADIUS implementation to demonstrate RADIUS impersonation vulnerabilities by Joshua Wright and Brad Antoniewicz, demonstrated at Shmoocon 4.

Information regarding a simple mitigation to disable 32bit binaries in Linux.

This patch mitigates allowing launcher the ability to execute arbitrary programs.

Weekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the news the past week. In this issue: The phpinfo() function in PHP gives out lots of server information, NAV misses certain folers, JRun problems with web-inf directory, JRun 2.3 arbitrary file retrieval and command execution, Microsoft Session ID cookie marking bug patch, Hotjava Browser 3.0 Javascript bug, Windows ME printer sharing vulnerability, SuSE ncurses vulnerability, NetBSD global 3.55 vulnerability, NetBSD GNU CFEngine remote vulnerability, Cisco VCO/4000 SNMP bug, PAM_MYSQL local and remote bugs, cisco catalyst 3500 xl remote command execution. Security news: Virus threats getting worse, final vote on secret searches expected, protecting freedom of expression, islamic attackers crash israeli web sites, global hacker agreement could affect bug hunters, and more.

L0phtCrack 3 15 day trial - L0phtCrack is an NT password auditing tool. It will compute NT user passwords from the cryptographic hashes that are stored by the NT operation system. L0phtCrack computes the password from a variety of sources using a variety of methods. Uses include recovering a forgotten password, ensuring that users use strong passwords, retrieving the password of a user in order to impersonate them, or migrating NT users to another platform such as Unix. Tested on Windows 98SE, Windows ME, Windows NT, and Windows 2000.

Advanced NT Security Explorer (ANTExp) is an application for Microsoft Windows NT, Windows 2000 and Windows XP system administrators for finding holes in system security. It analyses user password hashes, and tries to recover plain-text passwords. If it's possible to recover the password in a reasonable time, the password should be considered to be insecure. ANTExp is very fast - tries about 900,000 passwords per second on a Pentium-III/450 CPU. Tested on Windows 95, Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP.

Yahoo Messenger 5.5 and below suffers from a buffer overflow that was originally discovered and fixed in May of 2002, but has since resurfaced. Systems Affected: Windows NT/2000/SP1/SP2/SP3, Windows ME, Windows 95/98, Windows XP.

Gentoo Linux Security Advisory 202004-14 - Multiple vulnerabilities have been found in FontForge, the worst of which could result in the arbitrary execution of code. Versions less than 20200314 are affected.

Gentoo Linux Security Advisory 202004-15 - Multiple vulnerabilities have been found in libu2f-host, the worst of which could result in the execution of code. Versions less than 1.1.10 are affected.

Gentoo Linux Security Advisory 202004-16 - Multiple vulnerabilities have been found in Cacti, the worst of which could result in the arbitrary execution of code. Versions less than 1.2.11 are affected.

Gentoo Linux Security Advisory 202004-17 - Multiple vulnerabilities have been found in Django, the worst of which could result in privilege escalation. Versions less than 2.2.11 are affected.

SolarWinds MSP PME Cache Service versions prior to 1.1.15 suffer from insecure file permission and code execution vulnerabilities.

Samsung Android suffers from multiple interaction-less remote code execution vulnerabilities as well as other remote access issues in the Qmage image codec built into Skia.