970 matches found
CVE-2019-8313
CVE-2019-8313 affects D‑Link DIR-878 devices running firmware 1.12A1. The issue is a Command Injection vulnerability where an attacker can execute arbitrary OS commands via a crafted /HNAP1 POST request. The root cause is input from the request body being passed to the internal twsystem function ...
CVE-2019-8317
CVE-2019-8317 affects D-Link DIR-878 devices running firmware 1.12A1. The issue is a Command Injection via a crafted /HNAP1 POST request, where an HNAP API function invokes system with untrusted input from the request body (SetStaticRouteIPv6Settings) and shell metacharacters appear in the DestNe...
CVE-2019-8315
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST...
CVE-2019-8319
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST...
CVE-2019-8317
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST...
CVE-2019-8316
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST...
CVE-2019-8314
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST...
CVE-2019-8316
CVE-2019-8316 (D-Link DIR-878) involves a command injection in firmware 1.12A1 where any HNAP API function can trigger execution of system commands via untrusted input in the WebFilterURLs field of SetWebFilterSettings, delivered through a crafted /HNAP1 POST request. The vulnerability allows a r...
AddressSanitizer (ASan) SUID Executable Privilege Escalation
This module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer ASan. ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The logpath option can be set using the ASANOPTIONS...
systemd-journald Memory Corruption / Information Leak Vulnerability
This is a thorough analysis of how Qualys approached exploiting three vulnerabilities in systemd-journald. Although they have not released formal exploits yet, they detail in here is useful in understanding the flaws. Qualys Security Advisory System Down: A systemd-journald exploit...
Deepin Linux 15 - 'lastore-daemon' Local Privilege Escalation
!/bin/bash Deepin Linux 15.5 lastore-daemon D-Bus Local Root Exploit The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user in the sudo group to install arbitrary packages without providing a password, resulting in code execution as root. By default, the first user created o...
Privilege escalation
The Leagoo P1 Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical acce...
Command Execution Vulnerability in China Telecom's Smart Gateway Management Platform
China Telecom Group Corporation is a large state-owned communications enterprise in China, a global partner of Shanghai World Expo, and one of the "World's Top 500 Enterprises" for many years in a row. It mainly operates integrated information services such as fixed-line telephony, mobile...
xorg-x11-server 1.20.1 - Local Privilege Escalation
xorg-x11-server 1.20.1 - Local Privilege Escalation Exploit Title: xorg-x11-server bolo console opened Building root shell wait 2 minutes crontab overwritten ... cut Xorg output ... Xorg killed II Server terminated successfully 0. Closing log file. Don't forget to cleanup /etc/crontab and /tmp di...
xorg-x11-server < 1.20.1 - Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits Exploit Title: xorg-x11-server bolo console opened Building root shell wait 2 minutes crontab overwritten ... cut Xorg output ... Xorg killed II Server terminated successfully 0. Closing log file. Don't forget to cleanup /etc/crontab and /tmp...
xorg-x11-server < 1.20.1 - Local Privilege Escalation
Exploit Title: xorg-x11-server bolo console opened Building root shell wait 2 minutes crontab overwritten ... cut Xorg output ... Xorg killed II Server terminated successfully 0. Closing log file. Don't forget to cleanup /etc/crontab and /tmp dir sh-4.2 id && whoami uid=0root gid=0root...
Cradlepoint Router Password Disclosure
Many vulnerabilities in the built-in software of the Cradlepoint Router. 100000 such routers can be seen in the shodan https://www.shodan.io/search?query=cradlepointhttpservice. These vulnerabilities were reported to Cradlepoint in august. A hardcoded password allows you to retrieve sensitive...
Solaris - RSH Stack Clash Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Solaris RSH Stack Clash Privilege Escalation', 'Description' = %q This module exploits a vulnerability in RSH on unpatched Solaris systems which...
Solaris RSH Stack Clash Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in RSH on unpatched Solaris systems which allows users to gain root privileges. The stack guard page on unpatched Solaris systems is of insufficient size to prevent collisions between the stack and heap memory, aka Stack Clash. This Metasploit modul...
CVE-2018-15371
A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient...