Microsoft Security Response Center (MSRC) updated a security advisory for Microsoft Windows Defender Elevation of Privilege Vulnerability CVE-2023-38175 (7.8 high, disclosed 08 August 2023 on a Patch Tuesday) to include a sizeable Frequently Asked Questions section. It's marked not publicly disclosed, not exploited, and exploitation less likely.
🔗 https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-38175
"🚨 Critical Vulnerability in Cisco IOS XE Software Web UI! 🚨"
Cisco has identified a critical privilege escalation vulnerability in the web UI feature of Cisco IOS XE Software. If exposed to the internet or untrusted networks, this flaw allows remote, unauthenticated attackers to create an account with privilege level 15 access, potentially gaining control of the affected system. 🕸️💻
Cisco is actively aware of the exploitation of this vulnerability. The issue was discovered during the resolution of multiple Cisco TAC support cases. There are currently no workarounds available. However, Cisco recommends disabling the HTTP Server feature on all internet-facing systems as a precautionary measure. 🚫🌐
For more details and to check if your system might be affected, visit the official advisory: Cisco Security Advisory
Interesting #samba smbd #vulnerability CVE-2023-3961 allows samba client to connect to any server side unix domain socket. The access occurs as root user and thus any named unix domain socket is fully accessible. If suitable service exist on the server this will lead to unauthorized access to the service, assuming the socket file access rights are the only means of authorization. The impact depends entirely on the available services on the server, but may lead to #privilegeescalation or similar high severity impacts.
Updated to add: This vulnerability is made more difficult to exploit since the attacker has somewhat limited control on the data being sent to the socket.
Be mindful of python-daemon default umask. For some unfathomable reason the default umask is 0. This leads to newly created files having default permissions of -rw-rw-rw (666) and directories rwxrwxrwx (777), or “world writable”. This can easily lead to #privilegeescalation vulnerabilities if the daemon is running as privileged user.
EASY LINUX PRIVILEGE ESCALATION, WORKS 100% OF THE TIMEEE!!!!111
simply write:
PS1="root@root# "
alias whoami="echo root"
And that's it!!!
works on every Linux system!
This is what real hackers don't want you to know!
Next time: how to protect against this! (hint, just use windowssss?? :O)
Buy my course for more AMAZING TRICKS THEY HIDE FROM YOU!
HACKING HAS NEVER BEEN THIS EASYYYYY!!!!!11112222