969 matches found
CVE-2022-29963
The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350...
CVE-2022-29963
The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350...
CVE-2022-29963
Emerson DeltaV DCS and IO cards (S-series, P-series, CIOC/EIOC) up to 2022-04-29 are affected by CVE-2022-29963 due to hardcoded passwords enabling TELNET access on port 18550, yielding a root shell on vulnerable nodes. Root cause: misuse of passwords with static credentials. Impact is local (L) ...
CVE-2022-27483
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to...
CVE-2022-33936
Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity...
Code injection
Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity...
CVE-2022-33936
Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity...
Cloud Mobility for Dell EMC Storage 安全漏洞
Cloud Mobility for Dell EMC Storage is a feature from Dell USA that supports the transfer, storage, and access of volume snapshot copies between compatible local Dell EMC Storage devices and public cloud object storage. A security vulnerability exists in Cloud Mobility for Dell EMC Storage 1.3.0...
Infiray IRAY-A8Z3 1.0.957 Code Execution / Overflow / Hardcoded Credentials
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Infiray IRAY-A8Z3 thermal camera vulnerable version: V1.0.957 fixed version: None CVE number: CVE-2022-31208, CVE-2022-31209,...
Exploit for NULL Pointer Dereference in Linux Linux_Kernel
CVE-2022-23222 Chinese writeup: https://tr3e.ee/posts/cve-202...
Exploit for Off-by-one Error in Sudo_Project Sudo
CVE-2021-3156 Root shell PoC for CVE-2021-3156 no brutef...
D-Link DIR-816 A2 Buffer Overflow Vulnerability (CNVD-2022-42153)
The D-Link DIR-816 A2 is a wireless router from D-Link, Taiwan, China.A buffer overflow vulnerability exists in the D-Link DIR-816 A2, which stems from a boundary error in the addurlfilter parameter in /goform/websURLFilter when handling untrusted input, which could be exploited by an attacker to...
Cisco RV340 SSL VPN Unauthenticated Remote Code Execution
This module exploits a stack buffer overflow in the Cisco RV series routers SSL VPN functionality. The default SSL VPN configuration is exploitable, with no authentication required and works over the Internet! The stack is executable and no ASLR is in place, which makes exploitation easier...
Cisco RV340 SSL VPN Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco RV340 SSL VPN Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a stack buffer overflow in the Cisco RV serie...
Exploit for Incorrect Authorization in Polkit_Project Polkit
PolicyKit CVE-2021-3560 Exploit Authentication Agent ====...
CVE-2022-27022
There is a stack overflow vulnerability in the SetSysTimeCfg function in the httpd service of Tenda AC9 V15.03.2.21cn. The attacker can obtain a stable root shell through a constructed payload...
CVE-2022-27022
There is a stack overflow vulnerability in the SetSysTimeCfg function in the httpd service of Tenda AC9 V15.03.2.21cn. The attacker can obtain a stable root shell through a constructed payload...
CVE-2022-27022
There is a stack overflow vulnerability in the SetSysTimeCfg function in the httpd service of Tenda AC9 V15.03.2.21cn. The attacker can obtain a stable root shell through a constructed payload...
Stack overflow
There is a stack overflow vulnerability in the SetSysTimeCfg function in the httpd service of Tenda AC9 V15.03.2.21cn. The attacker can obtain a stable root shell through a constructed payload...
CVE-2022-27022
There is a stack overflow vulnerability in the SetSysTimeCfg function in the httpd service of Tenda AC9 V15.03.2.21cn. The attacker can obtain a stable root shell through a constructed payload...