205 matches found
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
CVE-2024-25008
Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for examp...
CVE-2024-25008 Ericsson RAN Compute and Site Controller 6610 - Improper Input Validation Vulnerability
Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for examp...
CVE-2024-25008 Ericsson RAN Compute and Site Controller 6610 - Improper Input Validation Vulnerability
Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for examp...
CVE-2024-25008
Ericsson RAN Compute and Site Controller 6610 is affected by an Improper Input Validation vulnerability that can lead to arbitrary code execution, including obtaining a Linux shell with attacker privileges. The issue affects Ericsson RAN Compute and Site Controller 6610 software, with exploitatio...
PT-2024-20697 · Ericsson · Ericsson Ran Compute/Site Controller 6610
Name of the Vulnerable Software and Affected Versions: Ericsson RAN Compute and Site Controller 6610 versions prior to 24.Q2 Description: The issue is related to improper input validation in the Control System, which can lead to arbitrary code execution. For example, it can be used to obtain a...
SUSE-SU-2023:4372-1 Security update for util-linux
This update for util-linux fixes the following issues: - CVE-2018-7738: Fixed shell code injection in umount bash-completions bsc1213865...
TFTP Fetch, Linux Command Shell, Bind TCP Stager
Fetch and execute an x64 payload from a TFTP server. Spawn a command shell staged. Listen for a connection Module Options msf use payload/cmd/linux/tftp/x64/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set...
TFTP Fetch, Linux Command Shell, Find Port Inline
Fetch and execute an x64 payload from a TFTP server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/tftp/x64/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show and...
Oracle RMAN Missing Auditing
Title: CVE-2020-2978 - Oracle RMAN Audit table point in time recovery not recorded Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 19c Risk Level: Medium Score: 4.1 Solution Status: Fixed CVE Reference: CVE-2020-2978 Author of Advisory: Emad...
Exploit for Deserialization of Untrusted Data in Apache Log4J
This is a proof-of-concept PoC exploit for CVE-2021-44228, a v...
Six Malicious Linux Shell Scripts Used to Evade Defenses and How to Stop Them
Siddartha Sharma and Adhokshaj Mishra Evasive techniques used by attackers, date back to the earlier days, when base64 and other common encoding schemes were used. Today, attackers are adopting new Linux shell script tactics and techniques to disable firewalls, monitoring agents and modifying...
Denver Smart Wifi Camera SHC-150 - (Telnet) Remote Code Execution Vulnerability
Exploit Title: Denver Smart Wifi Camera SHC-150 - 'Telnet' Remote Code Execution RCE Exploit Author: Ivan Nikolsky enty8080 Vendor Homepage: https://denver.eu/products/smart-home-security/denver-shc-150/c-1024/c-1243/p-3824 Version: Denver SHC-150 all firmware versions Tested on: Denver SHC-150...
Denver Smart Wifi Camera SHC-150 - 'Telnet' 远程代码执行漏洞
Exploit Title: Denver Smart Wifi Camera SHC-150 - 'Telnet' Remote Code Execution RCE Date: 27 July 2021 Exploit Author: Ivan Nikolsky enty8080 Vendor Homepage: https://denver.eu/products/smart-home-security/denver-shc-150/c-1024/c-1243/p-3824 Version: Denver SHC-150 all firmware versions Tested o...
Denver Smart Wifi Camera SHC-150 - 'Telnet' Remote Code Execution (RCE)
Exploit Title: Denver Smart Wifi Camera SHC-150 - 'Telnet' Remote Code Execution RCE Date: 27 July 2021 Exploit Author: Ivan Nikolsky enty8080 Vendor Homepage: https://denver.eu/products/smart-home-security/denver-shc-150/c-1024/c-1243/p-3824 Version: Denver SHC-150 all firmware versions Tested o...
iSH - Linux Shell For iOS
A project to get a Linux shell running on iOS, using usermode x86 emulation and syscall translation. For the current status of the project, check the issues tab, and the commit logs. App Store page TestFlight beta Discord server Wiki with help and tutorials README in Chinese may be out of date, i...
Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Static Credentials (cisco-sa-ios-iot-vds-cred-uPMp9zbY)
According to its self-reported version, IOS is affected by a server static credentials vulnerability. The vulnerability is due to the presence of weak, hard-coded credentials. An attacker could exploit this vulnerability by authenticating to the targeted device and then connecting to VDS through...
Cisco IOS XE Software Web UI RCE (cisco-sa-iosxe-webui-rce-uk8BXcUD)
According to its self-reported version, Cisco IOS XE Software is affected by a remote code execution vulnerability. An authenticated, remote attacker can exploit this, by supplying improperly validated input, to execute arbitrary code with root privileges on the underlying Linux shell. Please see...
CVE-2020-3234
A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an authenticated but low-privileged, local attacker to log in to the Virtual...
CVE-2020-3210
A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server...