LEGAL
HACK
ERS

Dawid Golunski

Information Security.

Security Research.

Legal/ethical Hacking.

Penetration Testing.

Contact

e-mail  >

twitter > @dawid_golunski

Security advisories

Some of the released advisories can be found below:


  1. Zend Framework / zend-mail < 2.4.11 Remote Code Execution (CVE-2016-10034)
  2. SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)
  3. PHPMailer < 5.2.20 Remote Code Execution (CVE-2016-10045) (0day Patch Bypass/Exploit)
  4. PHPMailer < 5.2.18 Remote Code Execution (CVE-2016-10033)
  5. Nagios Core < 4.2.4 Root Privilege Escalation (CVE-2016-9566)
  6. Nagios Core < 4.2.2 Curl Command Injection / Code Execution (CVE-2016-9565 / CVE-2008-4796)
  7. Wget < 1.18 Access List Bypass / Race Condition (CVE-2016-7098)
  8. Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation (CVE-2016-1247)
  9. MySQL / MariaDB / Percona - Privilege Esc. / Race Condition (CVE-2016-6663 / CVE-2016-5616)
  10. MySQL / MariaDB / Percona - Root Privilege Escalation (CVE-2016-6664 / CVE-2016-5617)
  11. Apache Tomcat (RedHat-based distros) - Root Privilege Escalation (CVE-2016-5425)
  12. Apache Tomcat (Debian-based distros) <= 6/7/8 Root Privilege Escalation (CVE-2016-1240)
  13. MySQL / MariaDB / Percona - Remote Root Code Execution / Privilege Esc. (0day) (CVE-2016-6662)
  14. Adobe ColdFusion <= 11 XML External Entity (XXE) Injection (CVE-2016-4264)
  15. vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) (CVE-2016-6483)
  16. Wget < 1.18 Arbitrary File Upload / Remote Code Execution (CVE-2016-4971)
  17. CakePHP Framework <= 3.2.4 IP Spoofing Vulnerability
  18. Exim <= 4.86.2 Local Root Privilege Escalation
  19. Google AdWords API PHP client library <= 6.2.0 PHP Code Execution
  20. Google AdWords API client libraries - XML eXternal Entity Injection (XXE)
  21. eBay Magento <= 1.9.2.1 XML eXternal Entity Injection (XXE) on PHP FPM
  22. eBay Magento <= 1.9.2.1 Unrestricted Cron Script (Potential Code Execution / DoS)
  23. Kirby CMS <= 2.1.0 Authentication Bypass via Path Traversal
  24. Kirby CMS <= 2.1.0 CSRF Content Upload and PHP Script Execution
  25. Zend Framework <= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM
  26. Nagios - Nagios Plugins - check_dhcp = 2.0.2 Race Condition
  27. Nagios - Nagios Plugins - check_dhcp <= 2.0.1 Arbitrary Option File Read
  28. Nagios - NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution
  29. Zabbix <= 1.8.1 SQL Injection
  30. Invision Power Board <= 3.0.4 Local PHP File Inclusion and SQL Injection
  31. WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution


PGP key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFXIwTYBCACx+HDekh0eiPpqXZOfbrQKKrbc5VZw6dB1HSIHPXZ9ifGMhGow
T6f8+gYU4SSlN/T9KiamAzlA9Nz7QdgEcXPq8tMexKQnoCyDM0wSHqOB1en7RRTN
JdchOynTYzFWt+IBoQRGspQE1SXP2RLUwioedtDz+C21iyNMwR6OcCoCFfGV2eeZ
aFM7oCKwSz9oxCJ+D3SUv5U9AZjKFoV0B52dJVVzeaqtnO3lJi7dK8+NTNY5ML+N
3cacO9qnngoNJ/iy/AtjTdmX+XHgCuSnEbY2kh3A1uAyr5ygh1YQ7K4kG7I7AXo9
lgrzQY7/xg8+uSY0NS4kJG/OEDBxX+yhNNBhABEBAAG0J0Rhd2lkIEdvbHVuc2tp
IDxkYXdpZEBsZWdhbGhhY2tlcnMuY29tPokBOAQTAQIAIgUCVcjBNgIbAwYLCQgH
AwIGFQgCCQoLBBYCAwECHgECF4AACgkQU/e+VX9sCuRSmAf+MXvieaQiPYNgjey0
lVmvEw/+6EJ4DFZ203mLdrDwKLPSe0GrzbYyma2AA8XcWDimuhvsJLJ4Rt8j7F9W
G8kyaCh0ms/NTlSI3aI5ctcaX79WtmOLwfTo+rtl0czj/3ZMXHHnH1ky0M390VQ8
ixsk5Y53wAeTSrvN8Rwyg0x1ZHanwBmgDtFPa1ubYmFDHx/Ke1H57EvVMlyi4Yz5
vs58rqr3UNKxwoANQ0X38BGHZ7K1zObZGOwJGkuGt+K3LvBOLn7fbS1P4i6u5oIw
vJRDyq6ZWrLivkc3pypUV09jjQ9vQIRSXwhfCPwRb/U45SgnO5zTq8Ospb9qsG2E
remeaLkBDQRVyME2AQgArg35L60GCpwFjMGZ4KhHedD+ioaW08E4S9pCuxsE2kzC
D/0RfzAlKeCgvrULGCTXU4kcy3ODAeNlByEtF1SE7FlSteS1X12S4Kyn8RXhYhjI
XNwYzTGTStwprYMaRSEcIqCIAHa/dcOZzsiibf+G1phwKs7FU31TSgZrbpEjNdYO
AzFpeV7BqHoo2lMQJCDEN2EIb5KEQvNxyzFjyjHcnuJ/4GQRYF0xBcVqjoiqoedF
8Uib8WM9yFF+W21auZ+yURPp6HdqT6Cv6Qx2djpC3uKfms6VOJKBDVSiQhx/GcKh
dPAobFVDfOdeWj88v3RZyR9wwRAlur5qRVIzD75iTQARAQABiQEfBBgBAgAJBQJV
yME2AhsMAAoJEFP3vlV/bArktOoH/2ID21GHxsDX/x6cutapMuveK/4pmZ/U2jWr
r+urzFYKV+muezkJCm2qy02pcJYud1DxRY5aCe2J5m1WYGROnCm5CyBb8NiQLBeK
uzk4cK1fYqk35475dE+vHdnFdz1Td2laSafYze+M2KPX82YN4R/dGsOn8hR+39b4
WXS7zzoHh+KSwvs2ab6E8Nd3p4s0jvOvQo/+L52q1+iWSnzahXRTc3u1RHIzTf+f
X6NszAhli121jVQxLeaSuxkXyuKZM5IcFfojY55GSjLUblA1A+I2qmkcheA6rs4E
hZ+4m5DgtVG5+fJpoDLLxtKYp4hSxhd59Z9mlTWMqptK0WGkW48=
=vtjs
-----END PGP PUBLIC KEY BLOCK-----

PoC Videos

  1. PHPMailer / SwiftMailer / Zend-mail - Remote Code Execution
    (CVE-2016-10033 / CVE-2016-10045 / CVE-2016-10074 / CVE-2016-10034)
  2. Nagios Core < 4.2.4 Root Privilege Escalation (CVE-2016-9566)
  3. Nagios Core < 4.2.2 Curl Command Injection / Remote Code Execution (CVE-2016-9565)
  4. MySQL / MariaDB / Percona - Race Cond. & Root Privilege Esc. (CVE-2016-6663 & CVE-2016-6664)
  5. Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation (CVE-2016-1247)
  6. Apache Tomcat (Debian-based distros) <= 6/7/8 Root Privilege Escalation (CVE-2016-1240)
  7. Adobe ColdFusion <= 11 XML External Entity (XXE) Injection Exploit (CVE-2016-4264)