PT-2026-45006

NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...

EUVD-2019-4994

Malware in sbrugna...

CVE-2025-34200

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA and SaaS deployments provision the appliance with the network account credentials in clear-text inside /etc/issue, and the file is world-readable by default. An attacker with local shell access can read /etc/issue to...

CVE-2025-34200 Vasion Print (formerly PrinterLogic) Network Account Password Stored in Cleartext

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA and SaaS deployments provision the appliance with the network account credentials in clear-text inside /etc/issue, and the file is world-readable by default. An attacker with local shell access can read /etc/issue to...

CVE-2019-13539

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...

PT-2022-6375 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.2.x through 9.4.x Description: The issue is related to a command injection vulnerability. An authenticated user with access to the local shell and the privilege to gather logs from the cluster could potentiall...

Authorization Bypass

clamav is vulnerable to authorization bypass. The vulnerability exists as a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could...

CVE-2020-3350 Cisco AMP for Endpoints and ClamAV Privilege Escalation Vulnerability

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. A...

Valleylab FT10 and Valleylab FX8 Input Validation Error Vulnerability

The Medtronic Valleylab FT10 and Valleylab FX8 are both power supply devices for the medical industry from Medtronic. An input validation error vulnerability exists in the Valleylab FT10 and Valleylab FX8, which can be exploited by an attacker to gain local shell access...

CVE-2019-13539

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...

CVE-2019-13539

CVE-2019-13539 affects Medtronic Valleylab FT10 and FX8 platforms (Exchange Client v3.4 and below; FT10 v4.0.0 and below; FX8 v1.1.0 and below) due to the use of the descrypt OS password hashing (CWE-328). The issue enables an attacker who can access the device to obtain local shell access and re...

CVE-2019-13539 Medtronic Valleylab FT10 and FX8 Reversible One-way Hash

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...

CVE-2018-10905

CloudForms Management Engine cfme is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user...

Local Privilege Escalation

Palo Alto Networks firewalls do not properly validate certain environment variables which can potentially allow executing code with higher privileges Ref PAN-61104/100499/CVE-2016-9151 A potential attacker with local shell access could manipulate arbitrary environment variables which could result...

CVE-2016-1435

Cisco 8800 phones with software 11.01 do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014...

Multiple Cisco IP Phones Firmware Image Upload Vulnerability

A vulnerability in the TFTP implementation of the Cisco Small Business SPA30X and SPA50X IP Phones could allow an unauthenticated, local attacker to load arbitrary firmware images onto the affected device. The vulnerability is due to insufficient file integrity checks of the firmware image. An...

SOL17049 - PHP vulnerability CVE-2015-4598

Important: Although the software of the affected F5 products contains the vulnerable code, the affected F5 products do not use the vulnerable code in a way that exposes the vulnerability in a standard configuration. An attacker must have local shell access to the affected F5 products, to trigger ...

Kootenay Web Inc whois 1.0 - Remote Command Execution

Kootenay Web Inc whois 1.0 - Remote Command Execution source: https://www.securityfocus.com/bid/1883/info whois is a utility used to find general information and technical details about registered domain names. A vulnerability exists in Kootenay Web Inc's Whois release v.1.9, a web interface to...