PT-2024-13032 · Pax · Pax Android

Name of the Vulnerable Software and Affected Versions: PAX Android based POS devices versions prior to PayDroid 8.1.0 Sagittarius V11.1.61 20240226 Description: The issue allows for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account...

CVE-2023-42136

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this...

CVE-2023-42137

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability...

CVE-2023-42137

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability...

Design/Logic Flaw

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability...

CVE-2023-42137

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability...

PT-2024-1563 · Pax · Paydroid

Name of the Vulnerable Software and Affected Versions: PAX Android based POS devices with PayDroid versions 8.1.0 Sagittarius V11.1.50 20230614 or earlier Description: The issue exists due to insufficient input validation in the PayDroid operating system, allowing an attacker to execute arbitrary...

PT-2024-1566 · Pax · Paydroid

Name of the Vulnerable Software and Affected Versions: PAX Android based POS devices with PayDroid versions 8.1.0 Sagittarius V11.1.50 20230614 or earlier Description: The issue is due to insufficient input validation in the PayDroid operating system, allowing an attacker to execute arbitrary...

CVE-2023-51984

D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell...

ThinkAdmin Security Vulnerability

ThinkAdmin is a general purpose backend management system based on the ThinkPHP framework. A security vulnerability exists in ThinkAdmin version v6.1.53. An attacker can exploit this vulnerability to download malicious PHP files by providing a specially crafted URL to obtain a shell...

Exploit for Incorrect Authorization in Atlassian Confluence_Data_Center

CVE-2023-22518 Exploit for Confluence CVE-2023-22518 backup-...

F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BIG-IP TMUI Directory Traversal and File Upload RCE', 'Description' = %q This module exploits a directory traversal in F5's BIG-IP Traffic...

Siemens SCALANCE 注入漏洞

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...

PYSEC-2023-241

Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...

CVE-2023-3282

A local privilege escalation PE vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine...

CVE-2023-3282

A local privilege escalation PE vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine...

CVE-2023-3282 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine

A local privilege escalation PE vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine...

PT-2023-9826

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.1 Description The issue is related to errors in handling symbolic links in the Gogs self-hosted Git service. A malicious user can commit and edit a crafted symlink file to a repository, allowing them to gain SSH...

The vulnerability of the microprogrammed software in Siemens SICAM CP-8031 and CP-8050 control modules allows a hacker to gain full control over the device.

The vulnerability of the microprogrammed software in Siemens SICAM CP-8031 and CP-8050 control modules is related to the presence of a rigidly programmed “authorizedkeys” identifier in the SSH configuration file. Exploiting this vulnerability allows a malicious actor to gain full control over the...

BeyondTrust Privileged Remote Access Authorization Issues Vulnerability

BeyondTrust Privileged Remote Access BeyondTrust PRA is a privileged remote access software from BeyondTrust Corporation. A security vulnerability exists in BeyondTrust Privileged Remote Access PRA versions 22.2.x , 22.3.x , and 22.4.x series, which stems from the presence of a local authenticati...