Posted by Pedro Ribeiro on Nov 06

Hi,

This is the 6th part of the ManageOwnage series. For previous parts see [1].

This time we have two 0 day vulns (CVE-2014-6038 and 6039) that can be
abused to dump information from the database and obtain the superuser
credentials for Windows and AS/400 hosts which are managed by EventLog
Analyzer. A Metasploit module has also been released and should be
integrated in the framework in the next few days [2].

I’m releasing these as a 0…