969 matches found
CVE-2017-14432
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0tmp= parameter in the...
CVE-2017-12121
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\name= parm in the...
PT-2018-5635 · Moxa · Moxa Edr-810
Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 version 4.1 build 17030317 Description: A command injection issue exists in the web server functionality, allowing for privilege escalation to root shell. This can be triggered by injecting OS commands into the remoteNetmask0...
PT-2018-5634 · Moxa · Edr-810
Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 version 4.1 build 17030317 Description: A command injection issue exists in the web server functionality, allowing a specially crafted HTTP POST to cause a privilege escalation resulting in a root shell. An attacker can inject OS...
PT-2018-5362 · Moxa · Moxa Edr-810
Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 version 4.1 build 17030317 Description: A command injection issue exists in the web server functionality, allowing a specially crafted HTTP POST to cause a privilege escalation resulting in a root shell. An attacker can inject OS...
Pwning CCTV cameras
CCTV is ubiquitous in the UK. A recent study estimates there are about 1.85m cameras across the UK – most in private premises. Most of those cameras will be connected to some kind of recording device, which these days means a Digital Video Recorder or DVR. DVRs take video feeds from multiple...
Design/Logic Flaw
An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root the default. This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system...
CVE-2018-9310
An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root the default. This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system...
CVE-2018-9310
An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root the default. This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system...
CVE-2018-9310
An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root the default. This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system...
CVE-2018-9310
MagniComp SysInfo (before version 10-H82) on Linux/UNIX, when installed setuid root by default, is vulnerable. A local user can execute SysInfo to obtain a root shell, enabling local compromise of the host. The connected documents do not disclose patch/version-specific fixes or mitigation steps. ...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux Linux_Kernel
Vulnerability Description Ubuntu is an open-source GNU/Linux o...
Moxa EDR-810 Web Server Certificate Signing Request Command Injection Vulnerability(CVE-2017-12125)
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the...
Moxa EDR-810 Web RSA Key Generation Command Injection Vulnerability(CVE-2017-12121)
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakeyname= parm in the...
Moxa EDR-810 Web Server OpenVPN Config Multiple Command Injection Vulnerabilities(CVE-2017-14432 - CVE-2017-14434)
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into various paramaters in the...
Moxa EDR-810 Command Injection Vulnerability
The Moxa EDR-810 is an industrial security router with firewall/NAT/VPN and managed Layer 2 switch functionality. It is designed for Ethernet-based security applications in remote control or monitoring networks. A command injection vulnerability exists in the web server functionality of the Moxa...
Moxa EDR-810 Web Server OpenVPN Config Multiple Command Injection Vulnerabilities
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into various paramaters in the...
Moxa EDR-810 Web Server Certificate Signing Request Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the...
Moxa EDR-810 Web Server ping Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the...
Cisco IOS XE Software CLI Parser Local Elevation of Privilege Vulnerability
Cisco IOS XE Software is an operating system developed by Cisco for its network devices.CLI parser is one of the command line command parsers. A local elevation of privilege vulnerability exists in the Cisco IOS XE Software CLI parser because the program fails to properly filter command parameter...