October 2016 - XeroSecurity

Posts archive for October, 2016

xer0dayz Blog

Dirty COW EoP PoC (CVE-2016-5195)

Quick and dirty PoC for Dirty Cow CVE-2016-5195 by [email protected] Source code here: https://github.com/dirtycow/dirtycow.github.io

October 24, 2016 xer0dayz Exploits & PoC's, Hacking Tutorials, Uncategorized No comments yet

CVE-2016-4401 – Unauthenticated Database Credential Leak In Aruba ClearPass

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-010.txt

It is possible for an unauthenticated user with network access to a ClearPass server to expose database credentials.  
This vulnerability leads to complete system compromise.

Severity: CRITICAL
CVSSv3 Overall Score: 9.8
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Discovery: This vulnerability was discovered by [email protected] and reported through the BugCrowd managed bug bounty
program.

FIX: Fixed in 6.5.7 and 6.6.2

Bounty: $1,500

October 17, 2016 xer0dayz Bug Bounties, CVE's, Uncategorized No comments yet

Sn1per Professional v6.0 $40.00

Sn1per Professional v6.0 now available! December 17, 2018
Bug Bounty Recon Like A Pro October 9, 2018
IPSwitch MoveIt Stored Cross Site Scripting (XSS) January 15, 2018
Exploiting Python Deserialization Vulnerabilities September 4, 2017
Exploiting Path Traversal in PSPDFKit for Android (2.3.3 – 2.8.0) August 11, 2017
Advanced Client Side Exploitation Using BeEF April 15, 2017
Aruba Networks AP-205 (Multiple Vulnerabilities) February 17, 2017
WordPress 4.7.0 – 4.7.1 REST API Content Injection Exploit February 1, 2017
Dirty COW EoP PoC (CVE-2016-5195) October 24, 2016
CVE-2016-4401 – Unauthenticated Database Credential Leak In Aruba ClearPass October 17, 2016
Zabbix 2.2.x, 3.0.x SQL Injection/RCE 0day Vulnerability August 17, 2016
Droopy Boot2Root CTF Solution May 15, 2016
Exploiting PHP Serialization/Object Injection Vulnerabilities April 15, 2016
MS16-032 SYSTEM Privilege Escalation Exploit April 15, 2016
Pwning Windows Domains From The Command Line February 15, 2016