CVE-2018-15371 Cisco IOS XE Software Shell Access Authentication Bypass Vulnerability

A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient...

CVE-2018-15368 Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperl...

CVE-2018-15371

CVE-2018-15371 affects Cisco IOS XE Software, specifically the shell access request mechanism. The issue is an authentication bypass that could let an authenticated, local attacker request access to the root shell and gain unrestricted root access due to insufficient authentication for certain co...

Nine NAS Bugs Open LenovoEMC, Iomega Devices to Attack

Lenovo is warning of nine vulnerabilities rated “high” and impacting 20 separate network attached storage NAS devices sold by the company, including its LenovoEMC, Iomega and its Lenovo-branded NAS devices. By exploiting one of several command-injection vulnerabilities in the devices’ operating...

Cisco IOS XE Software Shell Access Authentication Bypass Vulnerability

A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient...

Charles Proxy 4.2 - Local Privilege Escalation

Charles Proxy is a great mac application for debugging web services and inspecting SSL traffic for any application on your machine. In order to inspect the SSL traffic it needs to configure the system to use a proxy so that it can capture the packets and use its custom root CA to decode the SSL...

Charles Proxy 4.2 Local Root Privilege Escalation

Charles Proxy is a great mac application for debugging web services and inspecting SSL traffic for any application on your machine. In order to inspect the SSL traffic it needs to configure the system to use a proxy so that it can capture the packets and use its custom root CA to decode the SSL...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape Vulnerability

Exploit for hardware platform in category local exploits Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 buil...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 IPn4Gb 1.1.0 Re...

glibc - realpath() Privilege Escalation Exploit

Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "glibc 'realpath' Privilege Escalation", 'Description' = %q This module attempts to gain roo...

CVE-2018-9322

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware...

Design/Logic Flaw

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware...

CVE-2018-9322

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware...

glibc 'realpath()' Privilege Escalation

This module attempts to gain root privileges on Linux systems by abusing a vulnerability in GNU C Library glibc version 2.26 and prior. This module uses halfdog's RationalLove exploit to exploit a buffer underflow in glibc realpath and create a SUID root shell. The exploit has offsets for glibc...

Moxa EDR-810 Command Injection Vulnerability (CNVD-2018-11722)

The EDR-810 is a highly integrated industrial multi-port security router with firewall/NAT/VPN and two-layer manageable switch functionality. A command injection vulnerability exists in the web server functionality of the Moxa EDR-810 V4.1 build 17030317. The vulnerability can be exploited to gai...

Moxa EDR-810 Command Injection Vulnerability (CNVD-2018-11733)

The EDR-810 is a highly integrated industrial multi-port security router with firewall/NAT/VPN and two-layer manageable switch functionality. A command injection vulnerability exists in the Web server functionality of the Moxa EDR-810 V4.1 build 17030317. The vulnerability can be exploited to...

Moxa EDR-810 Command Injection Vulnerability (CNVD-2018-11723)

The EDR-810 is a highly integrated industrial multi-port security router with firewall/NAT/VPN and two-layer manageable switch functionality. A command injection vulnerability exists in the Web server functionality of the Moxa EDR-810 V4.1 build 17030317. The vulnerability can be exploited to...

CVE-2017-14432

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0tmp= parameter in the...

Command injection

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0tmp= parameter in the...