CVE-2021-24023

FortiAI (Fortinet) systems running v1.4.0 and earlier are affected by an improper input validation in the diagnose command, which may allow an authenticated user to obtain a system shell through a malicious payload. The vulnerability stems from input validation flaws and is listed with high sever...

CVE-2021-24023

An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command...

CVE-2021-22733

Improper Privilege Management vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder...

CVE-2021-22733

Improper Privilege Management vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder...

Unrestricted file upload

A file upload issue exists in all versions of ArticleCMS which allows malicious users to getshell...

ArticleCMS 代码问题漏洞

ArticleCMS is an application system. A multifaceted information website built on Bootstrap and ThinkPHP. ArticleCMS has a file upload vulnerability. As there is no restriction on uploading files. An attacker can obtain a shell by uploading a file...

PT-2021-17778 · Hongdian · Hongdian H8922

Name of the Vulnerable Software and Affected Versions: Hongdian H8922 version 3.0.5 Description: The issue concerns an undocumented feature in the affected device, allowing unauthorized access to a shell with superuser privileges. This access is facilitated through the telnet service on port 5188...

Hongdian H8922 授权问题漏洞

The Hongdian H8922 is a router from China's Hongdian Corporation Hongdian. An authorization issue vulnerability exists in the Hongdian H8922 3.0.5 devices that allows superuser access to the shell...

FortiNDR - OS command injection due to improper input sanitization

An improper input validation in FortiNDR v1.4.0 may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command...

CVE-2021-0255

A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. ethtraceroute is shipped with setuid permissions enabled and is owned by the root use...

Information disclosure

A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with setuid permission...

vsftpd 2.3.4 Backdoor Command Execution

Exploit Title: vsftpd 2.3.4 - Backdoor Command Execution Date: 9-04-2021 Exploit Author: HerculesRD Software Link: http://www.linuxfromscratch.org/thomasp/blfs-book-xsl/server/vsftpd.html Version: vsftpd 2.3.4 Tested on: debian CVE : CVE-2011-2523 !/usr/bin/python3 from telnetlib import Telnet...

Cohesity DataPlatform 信任管理问题漏洞

Cohesity DataPlatform is a suite of platforms from Cohesity for managing ancillary data and applications. The platform is primarily used for data backup, instant recovery, and more. A security vulnerability exists in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 throu...

Metasploit Wrap-Up

Windows Server 2012 Fun Community contributor Erik Wynter added a local exploit module for a DLL hijacking vulnerability he discovered in Windows Server 2012. The TiWorker.exe process that runs as NT AUTHORITY\SYSTEM attempts to load SrClient.dll, which does not exist on the system. Because of...

KZTech / JatonTec / Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page:...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Hard-Coded Credentails / Shell Access

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Hard-coded Credentials Shell Access Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...

Exploit for CVE-2019-11580

CVE-2019-11580 Atlassian Crowd and Crowd Data Center RCE Usage: python CVE-2019-11580.py http://xx.xx.xx.xx/ Crowd-2.11.0 VulnVersion Donwload https://product-downloads.atlassian.com/software/crowd/downloads/atlassian-crowd-2.11.0.tar.gz Powered by Atlassian Crowd Version: 2.11.0 Build:725 -...

Apport 2.20 - Local Privilege Escalation Exploit

Exploit Title: Apport 2.20 - Local Privilege Escalation Exploit Author: Gr33nh4t Vendor Homepage: https://ubuntu.com/ Version: Apport: Ubuntu 20.10 - Before 2.20.11-0ubuntu50.5 Apport: Ubuntu 20.04 - Before 2.20.11-0ubuntu27.16 Apport: Ubuntu 18.04 - Before 2.20.9-0ubuntu7.23 Apport: Ubuntu 16.04...

CVE-2021-25780

An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell...

A New Linux Malware Targeting High-Performance Computing Clusters

High-performance computing clusters belonging to university networks as well as servers associated with government agencies, endpoint security vendors, and internet service providers have been targeted by a newly discovered backdoor that gives attackers the ability to execute arbitrary commands o...