-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
additional info from the Twitters #16
Comments
I've tested apache-ssl-linux_v1,2,3 on OpenSSL 1.0.2g-1ubuntu4.6; whatever vulnerability they were exploiting has been patched. |
You can open a PR with the following information - it's community based anyway (I didn't check all of them) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Not sure if you want to integrate the following, how you want to credit, etc. So opening a ticket instead of a PR.
https://twitter.com/RevBits/status/851083571506929670
Our early analysis: "esna" is a 0day RCE for iPlanet Messaging Server.Have hardcoded offsets for different versions
https://twitter.com/juliocesarfort/status/850755910322532353
up/extinctspinach seems to be exploiting this vulnerability from 2001 in Chili!Soft:
https://lwn.net/2001/0222/a/sec-chilisoft.php3
https://twitter.com/buherator/status/851170464466653185
estopmoonlit is a Linux kernel exploit
https://twitter.com/buherator/status/851169307060994048
estesfox is a logwatch race condition privesc, probably CVE-2002-0162 http://www.securityfocus.com/bid/4374 (possible bug collision?)
https://twitter.com/buherator/status/851173226088730625
evolvingstrategy seems to exploit a basic SUID command injection in /var/emdg/sbin/iptaction - any ideas what this SW is?
https://twitter.com/buherator/status/851174712965312512
./Linux/bin/EE is a remote post-auth proftpd 1.2.8 exploit
https://twitter.com/buherator/status/851176013103026176
ESCROWUPGRADE seems like this Solaris cachefsd exploit by LSD - copyright notice removed :P https://www.exploit-db.com/exploits/21437/
https://twitter.com/GlassKeys/status/850780470682030081
xmlrpc.php used in Drupal, b2evolution, TikiWiki
https://twitter.com/buherator/status/850710836259815424
Based on strings EXACTCHANGE looks like a kernel exploit
https://twitter.com/juliocesarfort/status/850753804790312968
/Linux/bin/apache-ssl-linux seems to be a variant of openssl-too-open.c SSL2 KEY_ARG overflow - maybe OpenFuckv2?
https://twitter.com/adriaan92/status/850746329578638289
ELECTRICSLIDE: "Heap Overflow in squid 2.5.STABLE1-2 redhat 9.0" #shadowbrokers
https://twitter.com/RevBits/status/851077319485784064
Our early analysis: sneer is a 0day remote root exploit for SunOS snmp agent, mibissa. Uses UDP. ~takes 4:04 mins
https://twitter.com/hackerfantastic/status/850797960652890112
dw.linux - this looks like a previously unknown one (0day?), RPC dmispd exploit for Solaris 6 / 7 / 8
The text was updated successfully, but these errors were encountered: