SGI IRIX versions 6.4.x and below run-time linker (rld) arbitrary file creation exploit.

IBM AIX High Availability Cluster Multiprocessing (HACMP) suffers from a local privilege escalation vulnerability that results in root privileges.

IBM AIX versions 6.1, 7.1, and 7.2 suffer from a Bellmail privilege escalation vulnerability.

CA Technologies support is alerting customers about a medium risk vulnerability that may allow a local attacker to gain additional privileges with products using CA Common Services running on the AIX, HP-UX, Linux, and Solaris platforms. The vulnerability, CVE-2016-9795, occurs due to insufficient validation by the casrvc program. A local unprivileged user can exploit the vulnerability to modify arbitrary files, which can potentially allow a local attacker to gain root level access.

Bull / IBM AIX Clusterwatch / Watchware suffers from having trivial admin credentials, system file writes, and OS command injection vulnerabilities.

Xorg X11 server on AIX local privilege escalation exploit.

This Metasploit module has been tested with AIX 7.1 and 7.2, and should also work with 6.1. Due to permission restrictions of the crontab in AIX, this module does not use cron, and instead overwrites /etc/passwd in order to create a new user with root privileges. All currently logged in users need to be included when /etc/passwd is overwritten, else AIX will throw 'Cannot get "LOGNAME" variable' when attempting to change user. The Xorg '-fp' parameter used in the OpenBSD exploit does not work on AIX, and is replaced by '-config', in conjuction with ANSI-C quotes to inject newlines when overwriting /etc/passwd.

The imap_open function within PHP, if called without the /norsh flag, will attempt to preauthenticate an IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's ProxyCommand option can be passed from imap_open to execute arbitrary commands. While many custom applications may use imap_open, this exploit works against the following applications: e107 v2, prestashop, SuiteCRM, as well as Custom, which simply prints the exploit strings for use. Prestashop exploitation requires the admin URI, and administrator credentials. suiteCRM/e107/hostcms require administrator credentials.

This Metasploit module exploits a vulnerability in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the server. For all supported targets except Linux (cmd), the module uses a command stager to write the exploit to the target via the malicious plugin. This may not work if Nagios XI is running in a restricted Unix environment, so in that case the target must be set to Linux (cmd). The module then writes the payload to the malicious plugin while avoiding commands that may not be supported. Valid credentials for a user with administrative privileges are required. This module was successfully tested on Nagios XI 5.6.5 running on CentOS 7. The module may behave differently against older versions of Nagios XI.

This is bash programmable completion for the netfilter.org accounting tool nfacct.

This is bash programmable completion for the conntrack-tools from netfilter.org. The package contains completions for conntrack, conntrackd, and nfct.

iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic retrieval of data from the system i.e: chain-, set-names, interfaces, hostnames, etc. Environment variables allow to fine grade completion options. IP and MAC addresses can be fed by file.

HPP (HTTP Parameter Pollution) protection patch for ModSecurity version 2.5.9.

This patch mitigates allowing launcher the ability to execute arbitrary programs.

SolarWinds MSP PME Cache Service versions prior to 1.1.15 suffer from insecure file permission and code execution vulnerabilities.

Create-Project Manager version 1.07 suffers from cross site scripting and html injection vulnerabilities.

Samsung Android suffers from multiple interaction-less remote code execution vulnerabilities as well as other remote access issues in the Qmage image codec built into Skia.