This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LD_AUDIT environment variable when loading setuid executables which allows control over the $ORIGIN library search path resulting in execution of arbitrary shared objects. This Metasploit module opens a file descriptor to the specified suid executable via a hard link, then replaces the hard link with a shared object before instructing the linker to execute the file descriptor, resulting in arbitrary code execution. The specified setuid binary must be readable and located on the same file system partition as the specified writable directory. This Metasploit module has been tested successfully on glibc version 2.5 on CentOS 5.4 (x86_64), 2.5 on CentOS 5.5 (x86_64) and 2.12 on Fedora 13 (i386). RHEL 5 is reportedly affected, but untested. Some versions of ld.so hit a failed assertion in dl_open_worker causing exploitation to fail.
9a6bdfa99ad597fe9f9517dd0f8bdc9cdeba67fff5dacc64d849ac9bf5bfbfedWordPress Bookly Lite plugin version 13.2 suffers from a persistent cross site scripting vulnerability.
1e099cc6690be2bd8587eb15b9d5614597c0c1247f792e3a27b45507ad09905aThis Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LD_AUDIT environment variable when loading setuid executables. This allows loading arbitrary shared objects from the trusted library search path with the privileges of the suid user. This Metasploit module uses LD_AUDIT to load the libpcprofile.so shared object, distributed with some versions of glibc, and leverages arbitrary file creation functionality in the library constructor to write a root-owned world-writable file to a system trusted search path (usually /lib). The file is then overwritten with a shared object then loaded with LD_AUDIT resulting in arbitrary code execution. This Metasploit module has been tested successfully on glibc version 2.11.1 on Ubuntu 10.04 x86_64 and version 2.7 on Debian 5.0.4 i386. RHEL 5 is reportedly affected, but untested. Some glibc distributions do not contain the libpcprofile.so library required for successful exploitation.
79d3dcb40544179ef2c545514e54b7352e225d51c57c720672f33d1b717c00e5Multi Language Olx Clone Script version 2.0.6 suffers from a persistent cross site scripting vulnerability.
64e50ed099cde351e46f83e423e1d0f8b43ee73da55244234d3947d24a3924acMulti Religion Responsive Matrimonial version 4.7.2 suffers from a persistent cross site scripting vulnerability.
cfed3f090e03e0d3d2a4637df4fcea9eb85049e0840aced24aee1c1658abbf16Select Your College Script version 2.0.2 suffers from an authentication bypass vulnerability.
38ff594038aa929afa90c92373306ee91db98acc117208e61f10149f49cd4a3cSSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
f32c7fd760a45bb521adb8d96c819173fcaed1964bf114e666fcd7cf7ff043a8DNS Spider is a multi-threaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.
2a1c19a15fae3931628d48366690c0774b30ef7952d0bd8404c0f1b59751fbb3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed