Xorg X11 Server SUID modulepath Privilege Escalation
This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges…
PHP Laravel Framework Token Unserialize Remote Command Execution
This Metasploit module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x up to 5.6.29. Remote command execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header, due to an insecure unserialize call of the decrypt method in Illuminate/Encryption/Encrypter.php. Authentication is not…
Blue Prism Robotic Process Automation (RPA) Privilege Escalation
Blue Prism Robotic Process Automation (RPA) versions prior to 6.5.0.12573 suffer from a privilege escalation vulnerability. ———————————————————————— SySS Security Advisory: Blue Prism Robotic Process Automation (RPA) – Privilege Escalation ———————————————————————— Advisory ID: SYSS-2019-002 Product: Blue Prism Robotic Process Automation (RPA) Manufacturer: Blue Prism Affected Version(s):…
Hackers exploit Jenkins flaw CVE-2018-1000861 to Kerberods malware
Threat actors are exploiting a Jenkins vulnerability (CVE-2018-1000861) disclosed in 2018 to deliver a cryptocurrency miner using the Kerberods dropper. SANS expert Renato Marinho uncovered an ongoing malicious campaign that is targeting vulnerable Apache Jenkins installs to deliver a Monero cryptominer dubbed Kerberods. According to the SANS…
Exploit for Apple iOS version 12.1.3
Following our previous blog post “Analysis and Reproduction of iOS/OSX Vulnerability: CVE-2019-7286” we discussed the details of CVE-2019-7286 vulnerability – a double-free vulnerability that was patched in the previous release of iOS and was actively exploited in the wild. There is no public information about…
Stay connected