CentOS Control Web Panel version 0.9.8.836 suffers from an authentication bypass vulnerability.
56140eff369b0e1d3f217bda727af43d8f0f5ceb66c1dcb4909cca19c89f6159
CentOS Control Web Panel version 0.9.8.836 suffers from a privilege escalation vulnerability.
6786ad452c534bb2d1a1aaaed04c6ae8ce8e9dea3946bcbb6f5b478fb4cac7ff
CentOS version 7.6 ptrace_scope misconfiguration local privilege escalation exploit.
608a9d5a7538ce173fdb713a8da2de1c7c54e2161d857c0ae1d0aa7e4f2899b2
CentOS Web Panel versions 0.9.8.793 (Free), 0.9.8.753 (Pro), and 0.9.8.807 (Pro) suffer from a domain field (Add DNS Zone) cross site scripting vulnerability.
ee3961407a160b37541218eebc898754276a429b1858ce385e94e5bb1c7f1e43
CentOS Web Panel versions 0.9.8.793 (Free) and 0.9.8.753 (Pro) suffer from an email field persistent cross site scripting vulnerability.
90cf8505ed265b5039863670819570430e5a685098f0e31f04e64699ac31401f
CentOS Web Panel version 0.9.8.78 suffers from a persistent cross site scripting vulnerability.
4404e8c938f6d4d0e0d317bd05a0446f824bd543b0d4a1da16bcbf824fe4bf32
CentOS Web Panel version 0.9.8.763 suffers from a cross site scripting vulnerability.
363a981e5d0b6820f7dbde5f83a8e9b84e0cc2a0208e369d24a824efdd7dd5ee
This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This Metasploit module has been tested with OpenBSD 6.3, 6.4, and CentOS 7 (1708). CentOS default install will require console auth for the users session. Cron launches the payload so if Selinux is enforcing exploitation may still be possible, but the module will bail. Xorg must have SUID permissions and may not start if running. On exploitation a crontab.old backup file will be created by Xorg. This Metasploit module will remove the .old file and restore crontab after successful exploitation. Failed exploitation may result in a corrupted crontab. On successful exploitation artifacts will be created consistent with starting Xorg and running a cron.
720e628b35284931ff0424715e648634cd3ec31db1a89c8b1fff88eddfb6f4ab
CentOS Web Panel versions 0.9.8.740 and below suffer from cross site request forgery and cross site scripting vulnerabilities that can be leveraged to achieve remote root command execution.
5a8b5c22b6f88d4b23b7a0d7443350b170fd00adeeb921e879705dd19fe1cdd5
Centos Web Panel version 0.9.8.480 suffers from code execution, cross site scripting, and local file inclusion vulnerabilities.
da7448095beee0a9404501410a6c17d3b84e462f6e9fd8661ca126562704b03a
Linux Kernel version 4.14.7 (Ubuntu 16.04 / CentOS 7) arbitrary file read exploit with KASLR and SMEP bypass.
1ae85ec6d04c32f099ad5a0ffd9c537802c71e873dfb28f79abf9a426f8557a6
This Metasploit module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. This Metasploit module makes use of the roothelper.c exploit from Qualys to insert a new user with UID=0 in /etc/passwd. Note, the password for the current user is required by userhelper. Note, on some systems, such as Fedora 11, the user entry for the current user in /etc/passwd will become corrupted and exploitation will fail. This Metasploit module has been tested successfully on libuser packaged versions 0.56.13-4.el6 on CentOS 6.0 (x86_64); 0.56.13-5.el6 on CentOS 6.5 (x86_64); 0.60-5.el7 on CentOS 7.1-1503 (x86_64); 0.56.16-1.fc13 on Fedora 13 (i686); 0.59-1.fc19 on Fedora Desktop 19 (x86_64); 0.60-3.fc20 on Fedora Desktop 20 (x86_64); 0.60-6.fc21 on Fedora Desktop 21 (x86_64); 0.60-6.fc22 on Fedora Desktop 22 (x86_64); 0.56.13-5.el6 on Red Hat 6.6 (x86_64); and 0.60-5.el7 on Red Hat 7.0 (x86_64). RHEL 5 is vulnerable, however the installed version of glibc (2.5) is missing various functions required by roothelper.c.
ce28cd945d7001cbd85762b794a3e30da40438ee327042dacf17e52946e63f92
This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LD_AUDIT environment variable when loading setuid executables which allows control over the $ORIGIN library search path resulting in execution of arbitrary shared objects. This Metasploit module opens a file descriptor to the specified suid executable via a hard link, then replaces the hard link with a shared object before instructing the linker to execute the file descriptor, resulting in arbitrary code execution. The specified setuid binary must be readable and located on the same file system partition as the specified writable directory. This Metasploit module has been tested successfully on glibc version 2.5 on CentOS 5.4 (x86_64), 2.5 on CentOS 5.5 (x86_64) and 2.12 on Fedora 13 (i386). RHEL 5 is reportedly affected, but untested. Some versions of ld.so hit a failed assertion in dl_open_worker causing exploitation to fail.
9a6bdfa99ad597fe9f9517dd0f8bdc9cdeba67fff5dacc64d849ac9bf5bfbfed
CentOS Web Panel version 0.9.8.12 suffers from a remote SQL injection vulnerability.
3db41401f2e00a5db932e37c8fc0a771ed760a70844c881bcce7d3a12b328d04
CentOS Web Panel version 0.9.8.12 suffers from multiple cross site scripting vulnerabilities.
2f15889b2ebcb4dd99de034b0dc3a99c1c6af1379127f700fd30f0b39f9664e5
CentOS Web Panel version 0.9.8.12 suffers from multiple cross site scripting vulnerabilities.
e08ba1d354490f39f581cf8b0def3996074ffdae9b0652403933c6bfd0029dbd
A Linux PIE/stack corruption vulnerability exists. Most notably, all versions of CentOS 7 before 1708 (released on September 13, 2017), all versions of Red Hat Enterprise Linux 7 before 7.4 (released on August 1, 2017), and all versions of CentOS 6 and Red Hat Enterprise Linux 6 are exploitable.
e629fc1437f3afd0ad4608b004f8c31a78825d7d031176a742308b19fc02b46d
This Metasploit module exploits a vulnerability in VICIdial versions 2.9 RC 1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled (disabled by default). When password encryption is enabled the user's password supplied using HTTP basic authentication is used in a call to exec(). This Metasploit module has been tested successfully on version 2.11 RC2 and 2.13 RC1 on CentOS.
9eb1e6c5340ea76cc93256435c463b701834212afc1bee15eb34fd6f73202c7d
Linux kernel ldso_hwcap_64 stack clash privilege escalation exploit. This affects Debian 7.7/8.5/9.0, Ubuntu 14.04.2/16.04.2/17.04, Fedora 22/25, and CentOS 7.3.1611.
7c324e4c61aee597fae1e36e8fbd936e360099156578d347ef8a0c10d633cce6
Linux kernel ldso_hwcap stack clash privilege escalation exploit. This affects Debian 7/8/9/10, Fedora 23/24/25, and CentOS 5.3/5.11/6.0/6.8/7.2.1511.
e3bc684fbe0cc5c683f1e0aa4b3c0294f9ee713b3f50398609a3d2677cd20406
This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura has a module named keditorservices that takes user input and then uses it as an unserialized function parameter. The constructed object is based on the SektionEins Zend code execution POP chain PoC, with a minor modification to ensure Kaltura processes it and the Zend_Log function's __destruct() method is called. Kaltura versions prior to 11.1.0-2 are affected by this issue. This Metasploit module was tested against Kaltura 11.1.0 installed on CentOS 6.8.
ba9012dd4f49aefcf4379514160c82dc80f1785189dc8f95974035d6f73830f1
HP Security Bulletin HPSBGN03547 3 - A security vulnerability in glibc has been addressed with HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus components. The vulnerability could be exploited remotely resulting in arbitrary execution of code. Revision 3 of this advisory.
3a3a7da261ca85e7feb593ac3b1137b0a8baf5a5661d975d9cd76acfc0ff825f
CentOS version 7.1 and Fedora version 22 abrt local root exploit. It leverages abrt-hook-ccpp insecure open() usage and abrt-action-install-debuginfo insecure temp directory usage.
2e6ff628343956da9862f4ece546ad0fa5bec7f2f3e42781031bd4c8eee3ff37
This Metasploit module will exploit the Werkzeug debug console to put down a Python shell. This debugger "must never be used on production machines" but sometimes slips passed testing. Tested against 0.9.6 on Debian, 0.9.6 on Centos, 0.10 on Debian.
c66135298bdbc3ecf2b75f9d3d628a64cee1d120ca05cf2ddac7c252fa2aba07
This Metasploit module exploits a command injection vulnerability on HP Client Automation, distributed actually as Persistent Systems Client Automation. The vulnerability exists in the Notify Daemon (radexecd.exe), which doesn't authenticate execution requests by default neither. This Metasploit module has been tested successfully on HP Client Automation 9.00 over Windows 2003 SP2 and CentOS 5.
d843ef58af2b82e590925f0a42de6759952ad10722aca5dd7bb3fdf81fef83ab