CVE-2019-1000018

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission...

CVE-2019-1000018

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission...

UBUNTU-CVE-2019-1000018

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission...

CVE-2019-3575

Sqlayamlfixtures 0.9.1 allows local users to execute arbitrary python code via the fixturetext argument in sqlayamlfixtures.load...

McAfee Agent Privilege Vulnerability

McAfee Agent MA is the United States of America McAfee McAfee company's set of Linux-based platform provides ePolicy Orchestrator antivirus management platform and managed products between the security of the client components of communication. A privilege extraction vulnerability exists in...

rust: rustdoc loads plugins from world writable directory allowing for arbitrary code execution

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

CVE-2018-6700

DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key TK before 5.1.165 allows local users to execute arbitrary code via specially crafted malware...

Symantec Norton Remove and Reinstall DLL Load Local Code Execution Vulnerability

Symantec Norton Remove and Reinstall is a reinstallation or uninstallation tool. A local arbitrary code execution vulnerability exists in Symantec Norton Remove and Reinstall that stems from a failure to adequately validate user input. An attacker could execute arbitrary code within the environme...

Race condition

An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a special...

Cisco IOS XE Software CLI Parser OS Command Injection Vulnerability

Cisco IOS XE Software is an operating system developed by Cisco for its network devices.CLI parser is one of the command line command parsers. The CLI parser in Cisco IOS XE Software is vulnerable to an operating system command injection vulnerability that arises from a program that fails to...

CVE-2018-0224

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validati...

Sony Playstation 4 (PS4) 4.07 < 4.55 - 'bpf' Local Kernel Code Execution (PoC)

function stage4 function mallocsz var backing = new Uint8Array1000+sz; window.nogc.pushbacking; var ptr = p.read8p.leakvalbacking.add320x10; ptr.backing = backing; return ptr; function malloc32sz var backing = new Uint8Array0x1000+sz4; window.nogc.pushbacking; var ptr =...

CVE-2017-12552

A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found...

CVE-2017-12552

CVE-2017-12552 is a local arbitrary command-execution flaw in HPE System Management Homepage (SMH) for Windows and Linux, affecting versions prior to 7.6.1. The root cause is an issue in SMH that permits execution of OS commands from a crafted request. The documented impact includes potential com...

Code injection

The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created...

DEBIAN-CVE-2014-0145

Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service crash or possibly execute arbitrary code via a large 1 L1 table in the qcow2snapshotloadtmp in the QCOW 2 block driver block/qcow2-snapshot.c or 2 uncompressed chunk, 3 chunk length...

Moxa SoftNVR-IA Live Viewer DLL Local Arbitrary Code Execution Vulnerability

Moxa SoftNVR-IA Live Viewer is a video surveillance software package developed by Moxa for industrial automation systems. A DLL local arbitrary code execution vulnerability exists in Moxa SoftNVR-IA Live Viewer 3.30.3122 and earlier versions, which stems from the program failing to properly filte...

CVE-2017-6249

An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A...

PT-2017-6769 · Lenovo · Lenovo Mouse Suite

Name of the Vulnerable Software and Affected Versions: Lenovo Mouse Suite versions prior to 6.73 Description: The issue allows local users to run arbitrary code with administrator privileges. Recommendations: For versions prior to 6.73, update to version 6.73 or later to resolve the issue...

Disk Sorter 9.7.14 Input Directory Buffer Overflow

!/usr/bin/python Exploit Title: DiskSorter v9.7.14 - Local Buffer Overflow Date: 10-06-2017 Exploit Author: abatchy17 -- @abatchy17 Vulnerable Software: DiskSorter v9.7.14 Vendor Homepage: http://www.disksorter.com/ Version: 9.7.14 Software Link:...