### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpServer include M
# With CVE-2017-7643 I disclosed a command injection vulnerablity in the KLoader # binary that ships with Proxifier = 2.18. # # Unfortunately 2.19 is also vulnerable to a slightly different attack that # yields the same result. # # When Proxifier is
# A couple of weeks ago I disclosed a local root privesc in Hashicorp's # vagrant-vmware-fusion plugin: # # https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmw ... # # The initial patch they released was 4.0.21 which unfortu
# I have previously disclosed a couple of bugs in Hashicorp's vagrant-vmware-fusion plugin for vagrant. # Unfortunately the 4.0.23 release which was supposed to fix the previous bug I reported didn't address the issue, so Hashicorp quickly put out an
# After three CVEs and multiple exploits disclosed to Hashicorp they have finally upped their game with this plugin. Now the previously vulnerable non-root-owned # ruby code that get executed as root by the sudo helper is no more and the sudo helper
# Sera is a free app for mac and iOS that lets you unlock your mac automatically # when your iphone is within a configured proximity. # Unfortunately to facilitate this it stores the users login password in their # home directory at: # ~/Library/Pref
# I recently blogged about how the installation process of version 5.0.0 of this # plugin could be hihacked by a local attacker or malware in order to escalate # privileges to root. Hashicorp pushed some mitigations for this issue fairly # quickly bu
# Another day, another root privesc bug in this plugin. Not quite so serious this # time - this one is only exploitable if the user has the plugin installed but # VMware Fusion *not* installed. This is a fairly unlikely scenario but it's a # straight
# Arq Backup from Haystack Software is a great application for backing up macs and # windows machines. Unfortunately versions of Arq for mac before 5.9.7 are # vulnerable to a local root privilege escalation exploit. # The updater binary has a setper
# I recently blogged about the prevalence of escalation hijack vulnerabilities amongst macOS applications. One example of this is the latest version of Murus # firewall. By design it requires the user to authenticate every time in order to obtain the
=begin As well as the other bugs affecting Arq = 5.9.6 there is also another issue with the suid-root restorer binaries in Arq for Mac. There are three of them and they are used to execute restores of backed up files from the various cloud providers.
