Most of these CVEs are accreddited to oxagast as well Contact: Marshall Whittaker
This exploit, lifts a Webmin cookie with a directory transversal and aritrary read exploit, then reuses the cookie to use an authenticated user exploit to get root remotely.
This exploit uploads a perl program via buggy perl open reads (|). After pushing the program it chmods and spawns a shell. Should work regaurdless if the server is firewalled or not.
Uses known telnet user and root pass to log in as root.
This is example code that crashes udisks2 via malformed filesystem label that when mounted then logged a string format vulnerability exists allowing arbitrary read/write of memory as root.
This code demonstrates crafted ioctl calls to the i915 garphics driver that allow overwrite of CR2 register in kernel space triggering a NULL pointer dereference.
This exploit recovers wallet.dat's that were loaded at the time of a crash from bitcoin-qt .core crash dump files by grepping for a magic string at the beginning of the wallet, calculating the offset, then reconstructing the wallet.dat(s) with xxd.
Incorrect santization of input leads to a remote code execution vulnerabilty within dbman.exe of the HP iMC PLAT 7.3 suite. Code execs with SYSTEM privileges.
A race condition exists in polkit where if you send dbus messages, then kill the process midway through, incorrect permissions are set on users that were never intended to be able to be created, with system priviledges. This leads to local root compromise.
If you can get an unsuspecting user to connect to an attacking machine, by maquorading it as a speaker (or whatever), you can inject HID codes and take control over the device, to the extent where you can blindly pop a shell if termux is installed, al-la rubber-ducky style. Working PoC and video included.
OpenSSHd 9.2 and below do not properly check permissions and ownership on files used as banners. If the banner is set to a user writeable file, this allows an attacker to remove the file, create a symbolic link to any root-only readable file on the system (like /etc/shadow for example), and it will be dumped on next connection to the sshd daemon. Successful login to sshd is not required for this to work.
This is a fuzzer, written in C++, designed to find bugs in C/C++ programs.
This is a tool for building wordlists out of things known about a user.
This tool creates a list of all suid 0 executables from apt archives.
A tool that builds metasploit resource scripts from nmap scans.
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGdD+HgBDACb+QSV8mAmPzaPiPmbB7Ut2PzUNprs+rxbeS2Y8cbmPcMgYIuz
oHRTaJq8Hv5FvfzxrX7UcuNZXI26AOUUrjQJR44i/I5bUQQigjSLnUsUaQLAoX1d
rZ7O53aADC9e2JHeMYQoqmI/hcgw3IFD5gswC30dVp3O9To/3tD6BUm3Li7LMMkW
uiOPNfnLFYAbBjrmmUlwCXvaxpHXbh7S5DT4r/WzIVHrLNjkzR13HVq8nOkVpHSd
4QfLtKHYBKY8VPfSj7Lbmc3e/18pyv2e+p5v6aY2Q/r4jKP0lPG1myyGv97tTB16
YNAwQTQNR4VFVB2oDyUDEdonVfQ/PFaXvaMs5Odwe4xRTL3i+zVzpiDL6z4m5J9W
peZVrZsQqPCZfd4iN0aZBJMn1YFLPONHQtBnnQvOveiLjjW3YGb8Wy2mjf0lR9kR
ZB7wztxI6RfwtsY03LOZdD04hjjboVSu5y55210hEhKf0YNtJRGqjjZdLLxMVOaQ
MF6bpvacqKKwSd0AEQEAAbQwTWFyc2hhbGwgTGVlIFdoaXR0YWtlciA8bWFyc2hh
bGxAb3hhc3Bsb2l0cy5jb20+iQHUBBMBCgA+FiEEaEWcjZTjjCCR8kQ9sgYs1shy
i08FAmdD+HgCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQsgYs
1shyi0/kDwwAmMfcuf8MQAXKteUH1VXhhuRj9daBjUmrIK14PwYIgQYHNeiQhhF0
TF+WW8ZgXQXZxi7H8zFwDBmIPibybN3AMsPWSYGHngM2KjYOgiEOPWzOkPTkZ51Z
X4XRHBWGAobW/PdYKezTZJiTWWl7+cVX7vR7rVst/yeNvvTBkFtY3C2HChcY7BJD
VR5IGFv4+RfSZ/HbXx2uNdO5Ge1wx6qQiXnfVyMWVPjNCabU9byJltih5pLH+0WQ
ypwuBu9PVgg4HmepGZUfC1KKxKNU8U1jl/5t6hzXT7RmdoODkdrW23qeCbP+XCug
TpFTPWrgAXLrS4c0/AWKG72GjxYI2Ux18m3JsgomL8jbTk0F2uD35sw04iWgn9g1
4Q842NOEjWq+h0kqi+7FO92QT6uD9hD9uKR8z3T+fHtDPOcdXpxVx2w2dT5g3L2v
kuUSIIX7MkKFrETiFHnWZ3CBoNjfJu7X4+qzYOuPBxE2pr/iUdnqWHBHvJcRXNnm
x1owVsMBJ7O50dDC0MABEAABAQAAAAAAAAAAAAAAAP/Y/+AAEEpGSUYAAQEBASwB
LAAA/9sAQwAKBwgJCAYKCQgJDAsKDA8aEQ8ODg8fFhgTGiUhJyYkISQjKS47Miks
OCwjJDNGNDg9P0JDQigxSE1IQE07QUI//9sAQwELDAwPDQ8eEREePyokKj8/Pz8/
Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8//8kA
EQgArQCqAwEiAAIRAQMRAf/MAAoAEBAFARARBf/aAAwDAQACEQMRAD8A0o5JI245
n3WoUSarXcilIWfsY6HZAu3EQqQG3+zkE43HeyeezzkXitomYTy0GrEy6QPMu9Iu
AUCT/CFb8ndkLHi1Xom3/WGuuIPvMGSHaT4fkuPK6sd4IrjYHqJvB1acbiff8LaI
boRF5b0XrHquLoTSWcsVA6sxID6mkmKBcrzXbk8jGuXCUQiJvx1F53A7QoGRaXPr
VkR5PVfHwH1fcUFYa7Q/utNVWefq5/JfJc7o7/edVpSm5Kxujtl5hJB+74z2OJu7
H43RPe+fO59+f5JJmeAxXDj40d3e90vVqg/ItDfWr7QNGybouMLxIB37nX3JC9vM
9K2uYA8mM8//AKWOqJsFyInLKELaicOnYgOxr1nYNYLupyk/zfKyeQCiuIhEokt5
lJD/AECOaY7kJFRxrj7Qi/BBU/8A3OzjggBizVVUH24Tn7xk/i9x9Ui5gxSVpMKU
D/Zqf1+7PMpYalPO09sQ7pbGoV3jnrnmVds9F6X0jxBZoQhSJ22E5LNE/VfmgBpC
oNn+jPuZUB2+YXCiK9x4xgaKM3/YLeS9hDZ/cSQrpodi7NdHYgtYdPAhJKxP30F9
h5iyLeG2fq3Yh1gUdF/c3b4INhG4nFUhO6UVtJoyPaVzKiZuIJMqyV4oSNWTRLTy
dtLRrBvtnSIAlduS8mWp/cmmGiPC1fyasGeMp4mLrMbT+LblBfrbwG139o7RVoo+
rOQ3odK+9ezC5lEA7zFbp8wkF5yUILfoC2nk1jLwy+3kO4FTPncV77L2xdkNaf05
90dT7LjJSGSlsN1q1SYclw3ZkykToMDzR+vAjQ8E+y2xgwT/AE2uXLWIPl45NhMY
soYBSAVkkKp4ZbztlwCFpNaAkEBKZNEkQU4HwYpIIEnGjNRsSsGrsxn8tpa4+yMv
yiuFukGaKbyW8WS5/LjujbIfgi9uNcgNZU3Vzr9s73w1VdPtlgpK+FvwZyiHmVqC
8oT8HHKvr4sBO0MR+ZFWoZGwwvr/ANNzHvr7TSASg9HiyrgQd7r4S73Mpl4MjXJg
ixq1aeYPxx5wowm5wHdcW0Y0DuBX6oVYc/KJP+pAr/e13melMvCwXjpaIN+QNhIH
BKAKmmjBoxXiXhAcZfwmzn4ssZNSXPt7KCxy/VH/ADW7nUaDswm20qjlrvngrUyn
KV0JBEyKG80batrpubZbnwhtVfUklsV67tYt7HVYnV88wWA4l5+5v94OTAJp5W/d
cGwnEWYOvjS6AdPZnxNjG/4/qFkr8I4YDkRGjCYCm8jgnSrpyjg6UP2mBZjFSv66
bnQFPlxqyyvZAeCUAtpOjAxGZIDmfhctNUFHhRt+dQPoMD/OakU2omfadCGfNAO9
AS/fwkpuS6vmeQPsB1hjzdVPf+4uIP2zUs/xhBLbLzHiDYRZNCKlebHQnufA24Qk
qKEQw8sw1AidkCjYV70UGSyJnKPVQTRQXu+OzGXu2XHxh5/1Ow1BqsJ90hEx+hBU
ZKHtsLFM+DAG4LDjGfnaLIpLDcjK+D86Sgh5GyT2bOBumyPJG0FVamaKw8znVDJq
7hwg04zswB7UL3Y6m4Z2z664xjOWwFzQW+3+d2OGH7wNr2YBEa+EK62IyDd5YUu6
KcuvHnm08D9ALspR50Pv2AcAiYb+H+m0iDuB6PU64ky1qyMXDAb8+Q89F69RLj5D
0cJnOGg48uoMUwmq3ZpaoJbN8awuzmpcUdh3KhMdWY4pHUNlSK0krwDCCzblSdqe
NxDSXKP7EugK8A8Z1ijQ0c/TJBarQS8yAqDd+OUseL94qnkh1pMLVO4eH50D+y2b
PcQSghFCFpauOxCY545dX2053G5tKeNd9u9BWI9Q+sYbyfdoFBq323MejGWMy62K
ixCpjugjEbdV3PLcI2AhMhXNGdVBlBvdXP8Ak5CV/ofdUT3Zd0adQFEPiyj4ZIbu
TzctXc+RWMj0sBPslI/gb/YBTHt/i3fzqft71VNvItybfwfHve5v/f8A9QssQ1YA
K/Qya1XRUsAMt2XDYXHqG5q1F7GuRFxU1YWRgbSokGL8BIFsVbxmE+qEgPfK5z/l
kpgrkdVPJEnoxa8BhFolAlZpXjSwThS1Tk6HNmPa45/YeUgwRsZtnYYqbGg0ud+M
rx0WFOjwVUO/uK/B4icVGqf5n8NbFbvOHKd27Ke5vrvmRsvO6UZzdJyHFmd86QTR
IC9jQEtxpFj60azFhAlXf7a5cxnvskDarGu08t+yTB3bCRPjfFUbndDCaY/eqaya
w8rKZQVdZ/bjwPhTDxdDfXtLdRooSBpUyOyzkueo5mJVes5aygLHLLoLIVVI5Avi
HJzeDAfR2upsqxF9v6atVeu/qxZJirdD9oDLsdszg3Q0+C5PlBJy2qY306mQ9SJo
jT5IanvZbCIFsAXlzTdM46MvUzld3p1TmUoeYERhjEveBqteGCRl4fFG/X/QYL4k
pMf2XTb9B0/5xLDfYLUhxNLfVkW6XFauGYZ8kE3CvEp5x2mv8kCPs9fdh+N+M3jA
CSrrA+1Pki6pgW0SI0IDTWcehqqg8QhrIigOGC7GhctZalulHhYFk2fEgVcMz7KI
H+wLEjRW5RY69+ad+JbJuV22gtrIrg7mtmbYdALWzpYjyRpAFW0R86fjR7Ubeg5I
m9UE933qHue1g5Htd6EFSGKD2j2czSE1v6qha3i4j/8A+6WwN67ffTmyzz77Rslt
q+6fVA/zLAyU3+bCIl+ATEDCWg2UpfJlc6QMpCQo0J3N7ZbTFRRvXnXIC3DqELwb
t0j2cjL5YwaQRR3AUapij8Ol7Z627nL56VhoygdPKfXlH3ALB/Ze2Li033MBTIsE
S9i6hiSl1T8/tADqw00jAJUddw4l3NfKpU9h5xZKlmDJ7PU8u9oF7SG7usygumZY
YuaVfBNmGw+MvcEV/wDug9h19Kx9iXxvXXsQL0aYfABhiaYrzPT3OmFIiHxuRD83
JSDobqlNuc1fH+RvXIcdVIbyIh/UPWI6jELMGgaGgTOmUbTFnw9nSsjAWbJR1W07
SJeSd6nrvDwBsbOzFK2mIkfqSfuABU32L5DiJYphGu7LbAXYRqYRhJPPnQoX4BC5
rycAAzh05U+BJlzIBOLGb2QBLbPXKUtq63hF6JZFy4/SK8zz5lIgzJpXeajEmAqj
8Wb6Zp2ii/GlMSNpNnpIdiugtWuQP6tPnhJiLxmRJNnfUSXE4Ac23jmSYBzFYlJ3
+lacAB7HSE+7g3YEyWMiGxWjAF4/TLVtp0sPoWgsscWedJwS/wCzhIRnBQ4ToYOA
Sphv3bC/v9nd+L7Vl7v1nEcwdeS7uwVjCfo7QGpWxH5RoHhaIeExiji3XjJkkrcO
6+M8FPvR3p07YFjh8eopQs2oX0pEFCVszewebwMGOEqfSblJybsBw5gdv1ScJ3HT
aNUpyjDitgDBz1GbeQFe+ywtYwDykF2dG0XHaLIHotxpz4XUb7fff+tLjYIa48io
FsbptA7hVgOko7tU1y+42U0hhGWtQqmf76ZQ2H2wGNzLYQ7iwnqNP+Aej9Brd0CM
2eqvLpQ8hxfDnHkEdh9AI/B3sop7k49W0TvpgLDEWOK1gkCkc1htm/Zfs8nODAVr
tusYRZ8Zi2FsIhw0htms1alYaMi2cAHpTATlpouLQHVyD/8AMfgtQy3Q3IWk0Elz
INbaEDmUvHR9PiuV3HZXpVP8eYZac4tTHswFnZl96+tst6G5aKyElXqOr4/fmUa4
Y1K6MyupqelD3f8Ah4BdnyT8Xaa0kJX6jEe88f8A1l1fnGC6Vlw57c3zf4g78joY
TOVH/h8bMczm651vvZvnUU3WCiD4itCSvx9g05tepv1Zenj9MLr8jRcHmyp2N6c7
lZpHiRc1/Ip9mwxHkD4PV5hGKAqPrTCzIswbDzFO/bhGLiWUbaBRk7tTNzN59n/F
gkxqzuhCoBj6GjRXZYVmWYcKufT/AMN3HSEzObY8ktevZEYDQRUzukjagVBWOage
5cNWHBU4TlC4ACnodoBgY8eIw4l7TD4NuqmwCZ0UPbOzpbhwnJ42q4AWue8FqJOs
QSXIqXNdsjCinwKb/TUFVxVRESQO/B/pXqAAmyOhDP8AIHQQQ916W3EYI8PRBB+D
+Qh+e3iS7ojMTmSHa9N7/wAQ6UbCNm97iIzrWx+PV98H4gvZKdaa9JWasUV+d8PA
XohRK7ViAnFVIyCi8wqpJRy1RImwyL97UYE4fMhFYeSRyqWu8iwfH2Wtx9W8aV9r
/wC37sKh6ijIAVuoffTDmwDKZFiSZcj34Ymp6FI1u5183znaEWIYWvCJy6/jNfrf
8/mJ4FzskcM/yMUdsbKTGJzcPRXNahQDggli/wA9hF2ubao12tX0WtLZQ3Gg6TLb
80EOqUBqf/IfWBji2laMaXhMw3OfnTEAUSRoPoLpF1Po0kWZZLTNG9tKU/n5+R07
hku/RzqvHE2mocUk/cPLyKL1MzVwrcsREZVU3kmwaSQXGuQVuHoSS4gtgb6B6but
301zlbQmnol1erQT5n+dLmmzQd7mktDqn3vfnbEfjAKdKlEbYtJ3hbMM6Hwu3OCE
2qvA9obVtT9NonYT9+aostlo39HC/rMa4PakvmaIkvmukfd4YUlfxTQFOkbJtWFT
vWk2fyizzu8IhvcEsRD9Ijk6TmVcspMx0U8na6bKC7hTorDfUM339lCMTJcaN082
aIoV9OIh2FJuHPRFrH8BbQEHiSyoX0Ay2uffGi1Mt7K+FOU1743QLzbY1M2aeqzg
3FX8FwOsZ8DN9E6F9HcPhI2Tt3wtBtWwI+at2drJwToehzntHITR3EsuBjW2m/WQ
JpdBg2ma5mHz7kI7qzhEZr5dStCnXPAAGlHeMrvH2T6c+jPRx08p6mIzH7DMk7Pa
1ReaUW815QU3w4dRhRoD3h6l7pN/YEq7bdYHY9bGgOUASD1hyDPGLUnEYrYG1Oqy
asvyD8c3eLwsani0aoTjLKoHtC4pigiih/KS1KIZiHWbM31nsCVkWbZ/jHJC2ElF
s5HDaHnHhfTg0VnM2VLQWSXLPOXKmKwJlhJUTsCoyLQ3Fy5NT9SpXZskqwaSf+zK
3UB3tAFjbO/ldK0ekv8A99SMHBppmTfQN7lodZXQEzw79KF3sA4DGxnygtqn1wOM
TCvqolQlC8mjJm1QHjYJVgNCsltupV/ok3L0UIppgA4/41I46JwUyhqw/JahJ3u9
B2MWH97tLHjeC7tJcPnQiw6YP7J94b6E/wDvnazYtO9m1x/MouEERauXm+Kq1knW
lIqZXHedflBvShOGMNdP8pzvB6065yucyEHOrBhN8geZMGOtRdQ7XNW7daQMQqAr
vPnJYX2/3A+vPmPp2iewzhPOwqIT/kHkR1AYuk9oFc+MOGvM7FcTLyYGMT94oHM3
p0EM742uuEPqNfyq7KFgrTaCYNyGskd+/QDO30G0b49ZLjsLMS0AZsTieQd7iKOq
ebeFCbMOxQ5DQuOBc3rZCNa+Q2R/SjbuBEiSEjU39ZhN1pvdS6ijVzfcjLo4+QEY
aSFhANbrxqzBFq13J2a7iT9GKbTZCGwstCx0zKwMAbuQ7+3SXYI7mktxKcuE4737
wXSzPEJqOfkK47ixjQFyT2WGL3gO1wJQ+30zR22kqdccsBuJwEeu9NIm46/vLlpx
SqfXM1SlD05++6plw3XNsQQqTEB5GlAU85LAEP/ZiQHUBBMBCgA+FiEEaEWcjZTj
jCCR8kQ9sgYs1shyi08FAmdD+WgCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwEC
HgECF4AACgkQsgYs1shyi0+B2QwAmhy316CUuOJTecDYJTVnfRGWI8q2UL4o/s3V
ORg4V7ZVr12BUT+C1dWWMi1BhoaCVpoaIuAdGoQFgO5DfB4f29zMAQrp7f6nChYv
3h8YouUE0WCCUJ36IPmJ634O5GXiTSm8hQgFbo/4SCfABrgiZ1HNIsJfy/lNXvA6
0yqpToqrKePtvSSPioSCtH6cce42azlELG46+RKsnKHf9G9yOtju3mDXMrqt2QqG
xZD3AaA96Tehqy8eBla24ZstXOJDt1iVjcwHrysB9cj2ON2H1tYshhIjtlmOeoMO
jHnqXbvRFiNnJH9kWIDObebrdwotHNPql6D0CtV1hQ3TtV7eH9xRNCmNkn1wTXvB
y1OnTHtp393j/gKCGJIqMdpsm7lOdtGTpABdB13zCB0DxcHWNuIhS/Hh1brwvoFg
hlO/W+WDKE1VXO3Uh0kBqVvWBUwGkRduNMUmOQXeRHc8IqXDB49SwkPKcA8U/gY1
8hWWN0UVqQb9vWRDfk3fjf8umdILuQGNBGdD+HgBDADLmcbV/6hePYVUy2/J2a/C
XlWPeXWdtIFweWrir5sciJUtXSEKX8sCTiifiVF73OBAxmLL6sh2R5LTU0dvYarf
k7nvU57oksBWvxXond9oUPx8HkbmRY9ukm5DaLPavwEMLcw8XdRV604nj8vzrU4+
YeIKdUyspmZxw98LV1WZwNax5lhYm5hwMD70qum45Hxj1VxoiN1ifkFK6wcbsaLJ
OOz8qt1XSQkZh0WErCK4Hg1BEyFHymubzwr6k0t4+WxCO8YCuSicCbqLlmdXaVV+
lAZ589RO0UBoodcEi9OlsmTfTV6puJ/kiBNv9Yl6XMwbBIWspqkT93W49PIg3+Du
4C/RzgfL2NF0aC97wuqzJVx9gVMC5cUKeGL3je7BWOg8fGhH5yO0MS/KZMAjNiTE
tPHf2cyjIrcXULCIrWwgKm6KtfO/eU8Nns4Q79EwZN39XWwD+xqAAscaaVbHnBgv
5i1D+W9UuXuhryN1s/dT7MLzz2KP7KkA0pDHERYn3ssAEQEAAYkBvAQYAQoAJhYh
BGhFnI2U44wgkfJEPbIGLNbIcotPBQJnQ/h4AhsMBQkDwmcAAAoJELIGLNbIcotP
vXcL/A/beESjgLL/DQSQ3x7xVYkNic2WUyLaHN5H5jBzNvnM/Zrrg41KSwGF2j5h
XrBbYD2LxJMfGB+nKnKwKiUD3WQm94hR09CKfNRWNZ4lGqyKc53J7AduqQoEbDfb
YKVRR2HZKijfFoKipWVdiF5OBs3ce4sMnvtR0EkZSdFuJMoNlcRiWny4N6F28UuS
QjYcSepNtILiQN21ZNxd6zPV33Q6Ymk1zYLBNpfqUO9nWXQs/2tHfUen7FS2Jxf2
5gfJFUCLBufVd6ubBmn8M5lSXAgCpEmUpPwH63yK1A7qI8OZowvxJHdbA69HxSWC
7SeQxLPhs4XRkt3GysElhHKuj+PUk4xQRZfUqy7D7MfM9ULprfwZe448r4RBRw9/
6+3zp5Md2ZqubjtfuAmiQh4xaJH+zIxfW8h7HFw37GTrNLhf9/3E0BFU92tonYFy
/vSptnWzSIKiBS9hwk9oA9+2Vb56LQTYMEckfmByaNXIJEUWUVUIPDUSLdd1c7Us
m7M7xw==
=+wRv
-----END PGP PUBLIC KEY BLOCK-----