Linux

Drupal core - SQL injection Exploit

This update is to add the exploit in order to attack Drupal core CMS 7.x versions prior to 7.32 using default configuration (CVE-2014-3704).

Symantec Messaging Gateway performRestore OS Command Injection Exploit

Symantec Messaging Gateway is prone to an Authentication Bypass vulnerability that allows attackers to take advantage of an improper validation of user-supplied data in the RestoreAction.performRestore method. An attacker can leverage this vulnerability to execute arbitrary code in the context of root.

Spectre Checker (CVE-2017-5153)

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre

Linux Kernel Dirty COW Race Condition Privilege Escalation Exploit Update

This module exploits a race condition vulnerability in the Linux Kernel via MAP_PRIVATE COW. The bug relies in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. This update improves the post-escalation execution.

Meltdown Checker Update (CVE-2017-5154)

This module performs a local check in order to detect if the target is vulnerable to CVE 2017-5154 (aka Meltdown). This update adds Windows support.

Linux waitid Privilege Escalation Exploit Update

The waitid implementation in upstream kernels did not restrict the target destination to copy information results. This can allow local users to write to otherwise protected kernel memory, which can lead to privilege escalation. This update fixes the way non-vulnerable targets are handled

GoAhead WebServer Remote Code Execution Exploit

Embedthis GoAhead before 3.6.5 and after 2.5.0 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.

Meltdown Checker (CVE-2017-5154)

This module performs a local check in order to detect if the target is vulnerable to CVE 2017-5154 (aka Meltdown).

Linux waitid Privilege Escalation Exploit

The waitid implementation in upstream kernels did not restrict the target destination to copy information results. This can allow local users to write to otherwise protected kernel memory, which can lead to privilege escalation.

REDDOXX Appliance ExecuteDiag Remote Command Injection Exploit

This module exploits a command injection vulnerability in REDDOXX Appliance to install an agent.