September 6, 2019
CVE-2019-10149 Exim 本地权限提升 LPE <!–more–> 正文 git clone https://github.com/dhn/exploits docker build -t vuln/cve-2019-10149 . docker run –rm -it vuln/cve-2019-10149 测试过程 team@blackloutus01 >>> ~/develop/vulhub-master/exploits/CVE-2019-10149 > master > sudo su [sudo] password for team: [root@blackloutus01 CVE-2019-10149]# docker run –rm -it vuln/cve-2019-10149 No directory, logging in with HOME=/ $ cd /tmp $ vim sh $ cat /tmp/sh #!/usr/bin/env […]
September 4, 2019
MikroTik RouterOS 的越狱 (JailBreaks)
September 3, 2019
CVE-2018-14847 MikroTik RouterOS Winbox arbitrary file read 简易复现 <!–more–> 基本信息 Mikrotik 是一家拉脱维亚的路由器设备供应商,绝大多数 Mikrotik 生产的设备运行 RouterOS 操作系统,这个系统的 kernel 也是基于 Linux 的。RouterOS 提供了丰富的管理配置接口: 1) winbox:GUI软件管理; 2) cli:命令配置; 3) webfig :网页图形化管理。 > MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability […]
September 2, 2019
CVE-2019-15107 Webmin RCE
August 30, 2019
CVE-2019-3394: Atlassian Confluence Server 敏感信息读取
August 30, 2019
VSFTPD v2.3.4 Backdoor Command Execution 简易分析