7194 matches found
Dell Command Intel vPro Out of Band 安全漏洞
Dell Command | Intel vPro Out of Band is an application from Dell, Inc. that provides an out-of-band management solution. You are able to remotely manage client systems regardless of the power status of the system. A security vulnerability exists in Dell Command Intel vPro Out of Band. A locally...
Openshift Enterprise source-to-image vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip)
Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command. Specific Go Packages...
Apache Tomcat On Ubuntu Log Init Privilege Escalation Exploit
This Metasploit module targets a vulnerability in Tomcat versions 6, 7, and 8 on Debian-based distributions where these older versions provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account to escalate their privileges from the...
macOS Dirty Cow Arbitrary File Write Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'macOS Dirty Cow Arbitrary File Write Local Privilege Escalation', 'Description' = %q An app may be able to execute arbitrary code with kernel...
ASUS RT-AC68U 路径遍历漏洞
The ASUS RT-AC68U is a router from Asus China. A security vulnerability exists in ASUS RT-AC68U router firmware versions prior to 3.0.0.4.386.41634, which originates from a directory traversal vulnerability in the cloud disk. An attacker can exploit this vulnerability to write to arbitrary files ...
CVE-2021-37315
Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations...
macOS Dirty Cow Arbitrary File Write Local Privilege Escalation Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'macOS Dirty Cow Arbitrary File Write Local Privilege Escalation', 'Description' = %q An app may be able to execute arbitrary code with kernel...
macOS Dirty Cow Arbitrary File Write Local Privilege Escalation
An app may be able to execute arbitrary code with kernel privileges Module Options msf use exploit/osx/local/macdirtycow msf exploitmacdirtycow show targets ...targets... msf exploitmacdirtycow set TARGET msf exploitmacdirtycow show options ...show and set options... msf exploitmacdirtycow exploi...
CVE-2022-47769
An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell...
CVE-2022-47769
An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell...
CVE-2022-47769
An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell...
CVE-2022-47769
An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell...
CVE-2022-47769
CVE-2022-47769 involves Serenissima Informatica Fast Checkin v1.0 and is an arbitrary file write vulnerability. An unauthenticated attacker can upload malicious files to the web root, which can lead to full server access via a web shell. The underlying issue is improper handling of file uploads a...
io_uring Same Type Object Reuse Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iouring Same Type Object Reuse Priv Esc', 'Description' = %q This module exploits a bug in iouring leading to an additional putcred that can be...
yaffshiv 路径遍历漏洞
yaffshiv is a simple YAFFS filesystem parser and extractor from the devttys0 personal developer. A security vulnerability exists in yaffshiv. An attacker can exploit this vulnerability to write arbitrary files outside of the extraction directory by crafting a malicious YAFFS file...
VulnCheck KEV: CVE-2020-6008
LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution...
CentOS: Security Advisory for sudo (CESA-2023:0291)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
sudo security update
CentOS Errata and Security Advisory CESA-2023:0291 An update for sudo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
EulerOS Virtualization 3.0.2.2 : gzip (EulerOS-SA-2023-1258)
According to the versions of the gzip package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file nam...
CVE-2022-39045
A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability...