1614 matches found
SQLite report about CVE-2021-31239
This is a bug in the CLI. It allows a user with unrestricted shell access to cause a denial-of-service. Of course, there are a million easier ways for a user with unrestricted shell access to cause far worse mischief. The problem was in the appendvfs extension which is not a part of standard...
Victor CMS 1.0 Shell Upload
Exploit Title: Victor CMS 1.0 - File Upload To RCE Date: 20.12.2020 Exploit Author: Mosaaed Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Apache2/Linux Step1: register...
Ghost Framework - An Android Post-Exploitation Framework That Exploits The Android Debug Bridge To R emotely Access An Android Device
About Ghost Framework Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration. Getting started Ghost installation To install...
CVE-2020-29669
In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password...
CVE-2020-29669
In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password...
Design/Logic Flaw
In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password...
CVE-2020-29669
This CVE refers to Macally WIFISD2-2A82 (firmware 2.000.010). A vulnerability lets the Guest user reset its own password, enabling takeover of the administrator account and resulting in shell access. The admin user may read /etc/shadow, allowing password hashes (including root) to be dumped; the ...
CVE-2020-29669
In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password...
Macally WIFISD2-2A82 Media and Travel Router Authorization Issues Vulnerability
The Macally WIFISD2-2A82 Media and Travel Router is a convenient multi-function router from Macally USA. Macally WIFISD2-2A82 Media and Travel Router 2.000.010 suffers from an authorization issue vulnerability that stems from a guest user being able to reset their own password. This process has a...
Exploit for Improper Authentication in Macally Wifisd2-2A82_Firmware
PoC exploit for CVE-2020-29669, an arbitrary file upload vulnera...
My-PWN-Life
This repository is an exploit for a buffer overflow vulnerability in a binary called "bof". The exploit is written in Python and uses the pwntools library to interact with the binary. The binary is a simple program that takes user input and stores it in a buffer. The buffer is not properly...
Cisco IOS XE Consent Token Bypass Vulnerability (CNVD-2020-57581)
Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A consent token bypass vulnerability exists in the persistent Telnet/Secure Shell SSH CLI of Cisco IOS XE. The vulnerability stems from insufficient enforcement of consent tokens ...
CVE-2020-3404
A vulnerability in the persistent Telnet/Secure Shell SSH CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system OS with root privileges. The vulnerability is due to insufficient...
Design/Logic Flaw
A vulnerability in the persistent Telnet/Secure Shell SSH CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system OS with root privileges. The vulnerability is due to insufficient...
CVE-2020-3404 Cisco IOS XE Software Consent Token Bypass Vulnerability
A vulnerability in the persistent Telnet/Secure Shell SSH CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system OS with root privileges. The vulnerability is due to insufficient...
CVE-2020-3404
Cisco IOS XE Software is affected by a consent token bypass in the persistent Telnet/SSH CLI, allowing an authenticated, local attacker to gain root shell access and execute OS commands. The root cause is insufficient enforcement of consent tokens when authorizing shell access. Affected details i...
CVE-2020-3404 Cisco IOS XE Software Consent Token Bypass Vulnerability
A vulnerability in the persistent Telnet/Secure Shell SSH CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system OS with root privileges. The vulnerability is due to insufficient...
Cisco IOS XE Software Consent Token Bypass Vulnerability
A vulnerability in the persistent Telnet/Secure Shell SSH CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system OS with root privileges. The vulnerability is due to insufficient...
CVE-2020-16148
The ping page of the administration panel in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via authenticated code injection over the network...
CVE-2020-16147
The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...