CVE-2022-38372

FortiTester CLI contains a hidden functionality vulnerability (CWE-1242) that can allow a local, privileged user to obtain a root shell via an undocumented command. Affected versions are FortiTester CLI 2.3.0–3.9.1, 4.0.0–4.2.0, and 7.0.0–7.1.0. Red Hat and other sources reference the same issue,...

FortiTester - Undocumented shell command

A hidden functionality vulnerability CWE-1242 in FortiTester CLI may allow a local, privileged user to obtain a root shell on the device via an undocumented command...

Zimbra sudo + postfix privilege escalation

This module exploits a vulnerable sudo configuration that permits the zimbra user to execute postfix as root. In turn, postfix can execute arbitrary shellscripts, which means it can execute a root shell. Module Options msf use exploit/linux/local/zimbrapostfixprivesc msf exploitzimbrapostfixprive...

Zimbra Privilege Escalation Exploit

This Metasploit module exploits a vulnerable sudo configuration that permits the Zimbra user to execute postfix as root. In turn, postfix can execute arbitrary shellscripts, which means it can execute a root shell. This module requires Metasploit: https://metasploit.com/download Current source:...

Zimbra Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra sudo + postfix privilege escalation', 'Description' = %q This module exploits a vulnerable sudo configuration that permits the zimbra user...

Exploit for Improper Initialization in Linux Linux_Kernel

!Dirty Pipehttps://forum.hackersploit.org/uploads/default/ori...

CVE-2022-20944 Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution Vulnerability

A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function tha...

Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution (cisco-sa-ios-xe-cat-verify-D4NEQA6q)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned...

Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution Vulnerability

A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function tha...

CVE-2022-36323

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell...

CVE-2022-36323

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell...

Input validation

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell...

CVE-2022-36323

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell...

CVE-2022-36323

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell...

CVE-2022-36323

Consolidated disclosure shows CVE-2022-36323 as an input sanitization vulnerability that can let an authenticated admin inject code or spawn a system root shell. The follow-up CVE-2023-44373 (in Siemens SCALANCE/W700 family and related devices) confirms this issue as a cross-contract injection vu...

Siemens SCALANCE 安全漏洞

SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants over mobile networks e.g. GPRS or UMTS with integrated security features of firewalls to prevent unauthorized access, and VPNs to protect data transmission.SCALANCE SC-600 devices...

PT-2022-4149 · Siemens · Scalance W-700 +9

Name of the Vulnerable Software and Affected Versions: SCALANCE M-800 / S615 versions prior to V2.3.1 SCALANCE SC-600 family versions prior to V2.3.1 SCALANCE W-1700 IEEE 802.11ac version not specified SCALANCE W-700 IEEE 802.11ax version not specified SCALANCE W-700 IEEE 802.11n version not...

Emerson DeltaV Distributed Control System Use of Hard-Coded Credentials (CVE-2022-29963)

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. - The...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-4034 One day for the polkit privilege escalation expl...

CVE-2022-29964

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350...