352 matches found
FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Vulnerability
Exploit for hardware platform in category web applications Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Auhor: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13 OS...
CVE-2018-1113
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstance...
CVE-2018-12640
CVE-2018-12640 affects Insteon HD IP Camera White 2864-222. The webService binary is vulnerable to a buffer overflow triggered by crafted pid, pwd, or usr keys in a GET request on port 34100. The vulnerability is documented in multiple sources (NVD entry and CNVD/CNVD-related advisories). A relat...
CVE-2018-11481
TP-LINK IPC TL-IPC223P-6, TL-IPC323K-D, TL-IPC325KP-, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters...
Solaris 10 (sparc) : 148423-01
SunOS 5.10: /usr/ccs/bin/error patch. Date this patch was last updated by Sun : Feb/06/13 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if descripti...
Solaris 10 (sparc) : 141014-01
SunOS 5.10: /usr/bin/dircmp patch. Date this patch was last updated by Sun : Mar/19/09 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
CVE-2018-6577
SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usrplan parameter in a view=myplans&task=myplans.usersubscriptions request...
CVE-2017-1000372
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions...
CVE-2017-5671
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriti...
CVE-2017-5671
CVE-2017-5671 affects Honeywell Intermec PM23/PM42/PM43/PC23/PC43/PD43/PC42 printers (firmware before 10.11.013310 and 10.12.x before 10.12.013309). The vulnerability arises because /usr/bin/lua is installed setuid to the itadmin account, enabling local users to perform a BusyBox jailbreak and es...
Solaris 8/9 ps - Environment Variable Information leak Exploit
Exploit for linux platform in category local exploits !/bin/sh $Id: raptorucbps,v 1.1 2006/07/26 12:15:42 raptor Exp $ raptorucbps - information leak with Solaris /usr/ucb/ps Copyright c 2006 Marco Ivaldi A security vulnerability in the "/usr/ucb/ps" see ps1B command may allow unprivileged local...
The vulnerability of the Linter Bastion database management system allows a malicious individual to decode user credentials.
User accounts in a database are stored in the system table “$$$USR”. This table contains the names of users and their encrypted passwords. By default, the Linter Bastion database management system encrypts user passwords using the user’s name as the encryption key; that is, the encryption key is...
Moderate: Red Hat Security Advisory: docker security, bug fix, and enhancement update
An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Brocade Fabric OS 6.3.1b Weak System Configuration
Title: Brocade Fabric OS v6.3.1b - Multiple vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.brocade.com Versions Reported: Kernel 2.6.14.2 + FabOS v6.3.1b + BootProm 1.0.9 version Kernel: 2.6.14.2 Fabric OS: v6.3.1b BootProm: 1.0.9 1 Default diagnostic accounts root and factory...
issetugid() + rsh + libmalloc OS X Local Root Exploit
The default root-suid binary /usr/bin/rsh on Mac OS X uses execv in an insecure manner. /usr/bin/rsh will invoke /usr/bin/rlogin if launched with only a host argument, without dropping privileges or clearing the environment. This exploit will pass "MallocLogFile" to /usr/bin/rsh, which is then...
linux/x86 execve("/usr/bin/ssh", "127.0.0.1") - 50 bytes
// linux/x86 execve"/usr/bin/ssh", "/usr/bin/ssh", "127.0.0.1", NULL - 50 bytes // Febriyanto Nugroho include char shellcode = "\x6a\x0b" "\x58" "\x99" "\x52" "\x68\x2f\x73\x73\x68" "\x68\x2f\x62\x69\x6e" "\x68\x2f\x75\x73\x72" "\x89\xe3" "\x52" "\x6a\x31" "\x66\x68\x30\x2e" "\x66\x68\x30\x2e"...
ALCASAR 2.8 - Remote Code Execution
!/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db ad88888ba db 88888888ba d88b 88 d8"' "8b d88b d8" "8b d88b 88 "8b d8'8b 88 d8' d8'8b Y8, d8'8b 88 ,8P d8' 8b 88 88 d8' 8b Y8aaaaa, d8' 8b 88aaaaaa8P'...
linux/x86 Run /usr/bin/python | setreuid(),execve() - 54 Bytes
Exploit Title: Shellcode Linux x86 Run /usr/bin/python | setreuid,execve Date: 31/7/2014 Exploit Author: Ali Razmjoo Tested on: kali-linux-1.0.4-i386 3.7-trunk-686-pae 1 SMP Debian 3.7.2-0+kali8 i686 GNU/Linux / Ali Razmjoo , email protected Shellcode Linux x86 Run /usr/bin/python | setreuid,exec...
SunOS <= 4.1.3 LD_LIBRARY_PATH and LD_OPTIONS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/43/info There exists a vulnerability involving environment variables and setuid/setgid programs under SunOS 4.0 and higher. A dynamically-linked program that is invoked by a setuid/setgid program has access to the caller'...
Digital Ultrix 4.0/4.1 /usr/bin/chroot Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17/info By default, /usr/bin/chroot is improperly installed in Ultrix versions 4.0 and 4.1. Anyone can execute /usr/bin/chroot this can lead to system users to gain unauthorized privileges. $ mkdir /tmp/etc $ echo...