EdgeSwitch Command Injection Vulnerability

EdgeSwitch is a poe Gigabit switch from Ubiquiti Networks Ubiquiti Express and is part of the EdgeMAX series. A command injection vulnerability exists in EdgeSwitch versions prior to 1.9.1. The vulnerability stems from a guessable SIDSSL cookie in the administrator web interface of an older versi...

Command injection

A vulnerability exists in The EdgeMax EdgeSwitch firmware v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection...

Cisco IOS XE SD-WAN Software Authentication Bypass (cisco-sa-auth-b-NzwhJHH7)

According to its self-reported version, Cisco IOS XE SD-WAN Software is affected by a authentication bypass vulnerability. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An unauthenticated, physical attacker can exploit this...

Exploit for Improper Input Validation in Google Android

CVE-2020-0041 This repository contains LPE code for exploitin...

CVE-2020-5763

Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt...

CVE-2020-5763

Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt...

CVE-2020-5763

Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt...

CVE-2020-12880

An issue was discovered in Pulse Policy Secure PPS and Pulse Connect Secure PCS Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and...

CVE-2020-12880

An issue was discovered in Pulse Policy Secure PPS and Pulse Connect Secure PCS Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and...

Hardcoded credentials

An issue was discovered in Pulse Policy Secure PPS and Pulse Connect Secure PCS Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and...

CVE-2020-12880

CVE-2020-12880 affects Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance prior to 9.1R8. By manipulating a kernel boot parameter, an insider can drop into a root shell in a pre-install phase where the appliance source code is accessible. Root access risk is limited to the...

NETGEAR R6700v3 Password Reset / Remote Code Execution Exploit

This document describes a stack overflow vulnerability that was found in October, 2019 and presented in the Pwn2Own Mobile 2019 competition in November 2019. The vulnerability is present in the UPNP daemon /usr/sbin/upnpd, running on NETGEAR R6700v3 router with firmware versions V1.0.4.8210.0.57...

CVE-2020-3236

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This...

Path traversal

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This...

CVE-2020-3236 Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This...

CVE-2020-3236

CVE-2020-3236 (Cisco NFV Infrastructure Software NFVIS) – Path Traversal Description summary: A vulnerability in the NFVIS CLI allows an authenticated, local attacker with valid admin credentials to perform path traversal via CLI command arguments, potentially gaining root shell access and overwr...

Cisc IOS XE SD-WAN Software License Issue Vulnerability

Cisco IOS and IOS XE are both products of Cisco. the CLI is one of the command-line interfaces. the SD-WAN Software is one of the software-defined WAN software packages. An authorization issue vulnerability exists in Cisco IOS XE SD-WAN Software versions 16.9.1 through 16.10.1, which stems from a...

CVE-2020-3216

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for...

CVE-2020-3216

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for...

CVE-2020-3205

A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an unauthenticated, adjacent attacker to execute arbitrary shell comman...