Arris Router Firmware 9.1.103 Remote Code Execution Exploit

Arris Router Firmware version 9.1.103 authenticated remote code execution exploit that has been tested against the TG2482A, TG2492, and SBG10 models. Exploit Title: Arris Router Firmware 9.1.103 - Remote Code Execution RCE Authenticated Exploit Author: Yerodin Richards Vendor Homepage:...

CVE-2023-25152

Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their...

CVE-2023-25152 Symbolic Link (Symlink) Following in github.com/pterodactyl/wings

Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their...

CVE-2022-47769

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell...

PT-2022-6375 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.2.x through 9.4.x Description: The issue is related to a command injection vulnerability. An authenticated user with access to the local shell and the privilege to gather logs from the cluster could potentiall...

CVE-2022-26579

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability...

CVE-2022-26582

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the device in order to exploit this vulnerability...

CVE-2022-26582

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the device in order to exploit this vulnerability...

CVE-2022-26582

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the device in order to exploit this vulnerability...

CVE-2022-26579

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability...

CVE-2022-26579

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability...

Design/Logic Flaw

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability...

Command injection

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the device in order to exploit this vulnerability...

K16863: Apache vulnerability CVE-2013-5704

Security Advisory Description The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in...

CVE-2022-26579

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability...

CVE-2022-26582

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the device in order to exploit this vulnerability...

Amazon Linux AMI : git (ALAS-2022-1653)

The version of git installed on the remote host is prior to 2.38.1-1.77. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1653 advisory. Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5,...

PT-2022-27168 · Thinkphp · Thinkphp

Name of the Vulnerable Software and Affected Versions: Thinkphp versions 5.0.24 through 5.1.41 Description: The issue is caused by a code logic error that leads to a file upload getting shell access. This allows an attacker to potentially execute arbitrary code on the server. Recommendations: For...

CVE-2022-3086 Cradlepoint IBR600 Command Injection

Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code...

Cradlepoint IBR600 命令注入漏洞

The Cradlepoint IBR600 is a router from Cradlepoint USA. The Cradlepoint IBR600 suffers from a command injection vulnerability that stems from poor shell escaping. An attacker can exploit this vulnerability to gain unrestricted shell access...