969 matches found
CVE-2017-3819
A privilege escalation vulnerability in the Secure Shell SSH subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The...
Privilege escalation
A privilege escalation vulnerability in the Secure Shell SSH subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The...
CVE-2017-3819
A privilege escalation vulnerability in the Secure Shell SSH subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The...
CVE-2017-3819
A privilege escalation vulnerability in the Secure Shell SSH subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The...
Privilege escalation
A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This...
CVE-2017-6516
A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This...
DBLTek GoIP 'dbladm' User Unauthorized Access Vulnerability
DBL Technology is a communication equipment manufacturer located in Shenzhen, China. Its main products include GSM voice gateway, IP telephony gateway, enterprise softswitch, etc., which are mostly used by telephony companies and VoIP service providers. An unauthorized access vulnerability exists...
pfSense 2.3.2 - Cross-Site Scripting Cross-Site Request Forgery
pfSense 2.3.2 - Cross-Site Scripting Cross-Site Request Forgery Exploit Title: pfSense 2.3.2 XSS - CSRF-bypass & Reverse-root-shell Date: 01/03/2017 Author: Yann CAM @ASafety / Synetis Vendor or Software Link: www.pfsense.org Version: 2.3.2 Category: XSS, CSRF-bypass and Remote root reverse-shell...
pfSense 2.3.2 - Cross-Site Scripting / Cross-Site Request Forgery
Exploit Title: pfSense 2.3.2 XSS - CSRF-bypass & Reverse-root-shell Date: 01/03/2017 Author: Yann CAM @ASafety / Synetis Vendor or Software Link: www.pfsense.org Version: 2.3.2 Category: XSS, CSRF-bypass and Remote root reverse-shell Access Google dork: Tested on: FreeBSD pfSense firewall/router...
VirtualBox Privilege Escalation
Privilege Escalation in VirtualBox CVE-2017-3316 == Overview === System affected: VirtualBox Software-Version: prior to 5.0.32, prior to 5.1.14 User-Interaction: Required Impact: A Man-In-The-Middle could infiltrate an Extension-Pack-Update to gain a root-shell === Detailed description === In my...
Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Local Privilege Escalation
== Overview === System affected: VirtualBox Software-Version: prior to 5.0.32, prior to 5.1.14 User-Interaction: Required Impact: A Man-In-The-Middle could infiltrate an Extension-Pack-Update to gain a root-shell === Detailed description === In my research about update mechanism of open-source...
Telstra 4Gx Portable Router Persistent Root Shell Vulnerability
Exploit for hardware platform in category web applications Majority of this info was found from the 4dpa.ru forum but works well on Telstra Mobile routers. Telstra has been contacted and do not see it as a security issue so have fun messing with your 4g routers, not much of a security issue but i...
Apple macOS Sierra 10.12.1 - 'physmem' Local Privilege Escalation
physmem physmem is a physical memory inspection tool and local privilege escalation targeting macOS up through 10.12.1. It exploits either CVE-2016-1825 or CVE-2016-7617 depending on the deployment target. These two vulnerabilities are nearly identical, and exploitation can be done exactly the...
Apple macOS Sierra 10.12.1 - physmem Local Privilege Escalation
Apple macOS Sierra 10.12.1 - physmem Local Privilege Escalation physmem physmem is a physical memory inspection tool and local privilege escalation targeting macOS up through 10.12.1. It exploits either CVE-2016-1825 or CVE-2016-7617 depending on the deployment target. These two vulnerabilities a...
OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1010 This issue affects OpenSSH if privilege separation is disabled config option UsePrivilegeSeparation=no. While privilege separation is enabled by default, it is documented as a hardening option, and therefore disabling it shoul...
IBM AIX 6.1/7.1/7.2 - 'Bellmail' Local Privilege Escalation
!/usr/bin/sh CVE-2016-8972/bellmailroot.sh: IBM AIX Bellmail local root Affected versions: AIX 6.1, 7.1, 7.2 VIOS 2.2.x Fileset Lower Level Upper Level KEY --------------------------------------------------------- bos.net.tcp.client 6.1.9.0 6.1.9.200 keywfs bos.net.tcp.client 7.1.3.0 7.1.3.47...
Vesta Control Panel 0.9.8-16 Local Privilege Escalation
!/bin/bash Exploit Title: Vesta Control Panel 0.9.7 suid.c PWN Make PWN shell scrip...
Arbitrary Code Execution Vulnerability in MOMOCMS
MoMoCMS is an enterprise building system developed by php+MySQL. An arbitrary code execution vulnerability exists in version 5.6.1 of the MoMoCMS enterprise website builder system. It allows attackers to exploit the vulnerability to execute task code and write shell.php file in the web root...
Debian DLA-713-1 : sniffit security update
It was discovered that there was a buffer overflow in the packet sniffer and monitoring tool 'sniffit' which allowed a specially crafted configuration file to provide a root shell. For Debian 7 'Wheezy', this issue has been fixed in sniffit version 0.3.7.beta-16.1+deb7u1. We recommend that you...
DLA-713-1 sniffit - security update
Bulletin has no description...