/*
Go PoC exploit for git-lfs - Remote Code Execution (RCE)
vulnerability CVE-2020-27955
git-lfs-RCE-exploit-CVE-2020-27955.go
Discovered by Dawid Golunski
https://legalhackers.com
https://exploitbox.io
Affected (RCE exploit):
Git / GitHub CLI / GitHub Desktop / Visual
n. It seems like the 1.4.23
version that got released is also vulnerable.
Regards,
Dawid Golunski
https://legalhackers.com
https://ExploitBox.io
t: @dawid_golunski
On Wed, Apr 19, 2017 at 2:17 PM, Filippo Cavallarin
wrote:
> Hi Dawid,
> ok great, I added the credits to the advisory..
ould be rejected and marked as duplicate, but I don't
> know how to handle situations like this.. any idea?
> In the meantime, do you want me to put your name in the credits on my website?
>
> Best,
> Filippo
>
>> On 19 Apr 2017, at 16:36, Dawid Golunski wrote:
>>
&
Hi Filippo,
I actually reported this vulnerability to the vendor at the beginning
of this year. I also got the following CVEID assigned for it in
January: CVE-2017-5181.
I was waiting on the vendor to patch the vulnerability since then
before I publish the details.
Has he got back to you?
On
:
https://security.gentoo.org/glsa/201701-22
Follow:
https://twitter.com/dawid_golunski
for more vulns.
Regards,
Dawid Golunski
https://legalhackers.com
t: @dawid_golunski
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo
Zend Framework < 2.4.11Remote Code Execution (CVE-2016-10034)
zend-mail < 2.7.2
Discovered by Dawid Golunski (@dawid_golunski)
https://legalhackers.com
Desc:
An independent research uncovered a critical vulnerability in zend-mail, a
Zend Framework's component that could potentia
Vulnerability:
SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)
Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com
Severity: CRITICAL
Desc:
An independent research uncovered a critical vulnerability in SwiftMailer that
could potentially be used
PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit
(CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)
Discovered by Dawid Golunski (@dawid_golunski)
https://legalhackers.com
Desc:
I discovered that the current PHPMailer versions (< 5.2.20) were still
vulnerable to RCE as it is po
tml
and the feed:
https://twitter.com/dawid_golunski
--
Regards,
Dawid Golunski
https://legalhackers.com
t: @dawid_golun
PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033]
Severity: CRITICAL
Discovered by:
Dawid Golunski (@dawid_golunski)
https://legalhackers.com
PHPMailer
"Probably the world's most popular code for sending email from PHP!
Used by many open-source projects: WordPress,
Vulnerability:
Nagios Core < 4.2.4 Root Privilege Escalation
CVE-2016-9566
Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com
Severity: High
Nagios Core daemon in versions below 4.2.4 was found to perform unsafe
operations when handling the log file. This could
Vulnerability:
Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution
CVE-2016-9565
Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com
Severity: High
Nagios Core comes with a PHP/CGI front-end which allows to view status
of the monitored hosts.
T
Vulnerability: GNU Wget < 1.18 Access List Bypass / Race Condition
CVE-2016-7098
Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com
Severity: Medium
GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode,
is affected by a Race Condition vulnerabil
Vulnerability: Nginx (Debian-based distros) - Root Privilege
Escalation (CVE-2016-1247)
Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com
Nginx web server packaging on Debian-based distributions such as Debian or
Ubuntu was found to create log directories with insecure
CVE-2016-6664 / (Oracle)CVE-2016-5617
Vulnerability: MySQL / MariaDB / PerconaDB - Root Privilege Escalation
Discovered by:
Dawid Golunski
@dawid_golunski
https://legalhackers.com
MySQL-based databases including MySQL, MariaDB and PerconaDB are affected
by a privilege escalation vulnerability
CVE-2016-6663 / OCVE-2016-5616
Vulnerability: MySQL / MariaDB / PerconaDB - Privilege Escalation /
Race Condition
Discovered by:
Dawid Golunski
@dawid_golunski
http://legalhackers.com
Affected versions:
MariaDB
< 5.5.52
< 10.1.18
< 10.0.28
MySQL
<= 5.5.51
<= 5.6.32
<= 5.7.
/Apache-Tomcat-DebPkg-Root-PrivEsc-Exploit.html
--
Regards,
Dawid Golunski
http://legalhackers.com
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Vulnerability: Apache Tomcat packaging on RedHat-based distros
CVE-2016-5425
Discovered by:
Dawid Golunski (http://legalhackers.com)
Affected systems: Multiple Tomcat packages on RedHat-based systems
including: CentOS,Fedora,OracleLinux,RedHat etc.
Short Description:
Apache Tomcat packages
CVE: CVE-2016-1240
Vulnerability: Tomcat packaging on Debian-based distros - Local Root
Privilege Escalation
Affected packages: Tomcat 6/7/8 deb packages (up to 8.0.36-2)
Systems affected: Debian & Ubuntu & possibly others (using the
affected deb packages)
Discovered by:
Dawid Goluns
lhackers.com
or my twitter feed:
https://twitter.com/dawid_golunski
Thanks for reading all of that (if you got here that is :)
--
Regards,
Dawid Golunski
http://legalhackers.com
On Tue, 13 Sep 2016 12:27:29 +0200, Mark Koek wrote:
> Well, 'remote root'... The PoC asks
Vulnerability: MySQL Remote Root Code Execution / Privilege Escalation 0day
CVE: CVE-2016-6662
Severity: Critical
Affected MySQL versions (including the latest):
<= 5.7.15
<= 5.6.33
<= 5.5.52
Discovered by:
Dawid Golunski
http://legalhackers.com
An independent research has revealed
Vulnerability: Adobe ColdFusion <= 11 XXE Injection
CVE: CVE-2016-4264
Vendor ID: APSB16-30
Discovered by: Dawid Golunski (http://legalhackers.com)
Adobe ColdFusion in versions 11 and below is vulnerable to XXE
Injection when processing untrusted office documents.
Depending on a
etin-SSRF-Vulnerability-Exploit.txt
--
Regards,
Dawid Golunski
http://legalhackers.com
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
has been made public.
You can see my full advisory at:
http://legalhackers.com/advisories/Wget-Arbitrary-File-Upload-Vulnerability-Exploit.txt
--
Regards,
Dawid Golunski
http://legalhackers.com
___
Sent through the Full Disclosure mailing list
ht
http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt
=
- Release date: 12.05.2016
- Discovered by: Dawid Golunski
- Severity: Medium
=
I. VULNERABILITY
-
CakePHP
this is silly to take credit for.
>
>
>> On Mar 10, 2016, at 11:20, Dawid Golunski wrote:
>>
>> Advisory URL:
>> http://legalhackers.com/advisories/Exim-Local-Root-Privilege-Escalation.txt
>>
>> =====
>> - Rel
Advisory URL:
http://legalhackers.com/advisories/Exim-Local-Root-Privilege-Escalation.txt
=
- Release date: 10.03.2016
- Discovered by: Dawid Golunski
- Severity: High/Critical
=
I. VULNERABILITY
Advisory URL:
http://legalhackers.com/advisories/Google-AdWords-API-libraries-XXE-Injection-Vulnerability.txt
=
- Release date: 06.11.2015
- Discovered by: Dawid Golunski
- Severity: Medium/High
=
I
Advisory URL:
http://legalhackers.com/advisories/Google-AdWords-PHP-Client-library-PHP-Code-Execution.txt
=
- Release date: 06.11.2015
- Discovered by: Dawid Golunski
- Severity: Medium/High
=
I
same link:
http://legalhackers.com/advisories/eBay-Magento-XXE-Injection-Vulnerability.txt
The Magento/Zend Framework exploit provided was successfully tested on
a new PHP version of 5.6.14, released a month ago.
Regards,
Dawid Golunski
http://legalhackers.com
eBay Magento CE <= 1.9.2.1 XML eXternal Entity Injection (XXE) on PHP FPM
eBay Magento EE <= 1.14.2.1
Details at:
http://legalhackers.com/advisories/eBay-Magento-XXE-Injection-Vulnerability.txt
Regards,
Dawid Golunski
http://legalhacke
=
- Release date: 14.09.2015
- Discovered by: Dawid Golunski
- Severity: Medium/High
=
I. VULNERABILITY
-
Kirby CMS <= 2.1.0 Authentication Bypass via Path Traversal
=
- Release date: 14.09.2015
- Discovered by: Dawid Golunski
- Severity: High
=
I. VULNERABILITY
-
Kirby CMS <= 2.1.0 CSRF Content Upload and PHP Script Execution
II. BACKGRO
=
- Release date: 12.08.2015
- Discovered by: Dawid Golunski
- Severity: High
- CVE-ID: CVE-2015-5161
=
I. VULNERABILITY
-
Zend Framework <= 2.4.2 XML eXternal Entity Inject
=
- Release date: 28.06.2014
- Discovered by: Dawid Golunski
- Severity: Moderate
=
I. VULNERABILITY
-
check_dhcp - Nagios Plugins = 2.0.2 Race Condition
II. BACKGROUND
=
- Release date: 15.05.2014
- Discovered by: Dawid Golunski
- Severity: Moderate
=
I. VULNERABILITY
-
check_dhcp - Nagios Plugins <= 2.0.1 Arbitrary Option File Read
II. BACKGRO
36 matches
Mail list logo