Cisco Firepower Threat Defense Software Shell Access (cisco-sa-ftd-shell-9rhJF68K)

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a shell access vulnerability in the support tunnel feature due to improper configuration of that feature. An authenticated, local attacker can exploit this, by enabling the support tunnel, setting a key...

CVE-2020-1994

A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions...

CVE-2020-1994

A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions...

Input validation

A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the support tunnel feature...

CVE-2020-3253 Cisco Firepower Threat Defense Software Shell Access Vulnerability

A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the support tunnel feature...

CVE-2020-3253

Cisco Firepower Threat Defense (FTD) Software contains a shell access vulnerability in the support tunnel feature. An authenticated, local attacker can enable the support tunnel, set a key, and derive the tunnel password to execute arbitrary commands with root privileges, even when expert mode is...

CVE-2020-3253 Cisco Firepower Threat Defense Software Shell Access Vulnerability

A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the support tunnel feature...

CVE-2020-12142

IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative...

CVE-2020-12142 IPSec UDP key material can be retrieved from EdgeConnect by a user with admin credentials

IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative...

PT-2020-13061 · Riverbed · Edgeconnect Appliance

Name of the Vulnerable Software and Affected Versions: EdgeConnect appliance affected versions not specified Description: The issue allows an admin user with shell access to retrieve IPSec UDP key material from both machine-to-machine interfaces and human-accessible interfaces. This material can...

Exploit for CVE-2020-11651

SaltStack-Exp CVE-2020-11651&&CVE-2020-11652 EXP...

Code Execution Vulnerability in OurPHP Aopia Website Building System of Harbin Weicheng Technology Co.

OurPHP AoP website builder is a multi-language website, multi-city website, all-in-one cross-platform website builder. Harbin Weicheng Technology Co., Ltd OurPHP OurPHP website builder system has a code execution vulnerability, which can be exploited by an attacker to write arbitrary PHP code,...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 Remote Code Execution POC c 2020 ZecOps, Inc...

Serverless Prey - Serverless Functions For Establishing Reverse Shells To Lambda, Azure Functions, And Google Cloud Functions

Serverless Prey is a collection of serverless functions FaaS, that, once launched to a cloud environment and invoked, establish a TCP reverse shell, enabling the user to introspect the underlying container: Panther: AWS Lambda written in Node.js Cougar: Azure Function written in C Cheetah: Google...

Juniper Networks Junos Elevation of Privilege Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A security vulnerability exists in the Juniper Networks Junos OS configured with a dual Routing Engine RE, Virtual Chassis...

CVE-2020-1623

A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1...

CVE-2020-10263

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can i read Wi-Fi SSID or password, ii read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, iii use Text-To-Speech tools pretend...

File upload vulnerability in the website building system of Anhui Fishing Blue Education Software Technology Co.

Anhui Fishing Blue Education Software Technology Co., Ltd. is a science and technology enterprise specializing in secondary vocational education technology research and education informatization software research and development, and is one of the first batch of listed enterprises in Anhui Provin...

Command Execution Vulnerability in Daimi CMS Backend

DAMI CMS is a free open source, fast, simple PC building and mobile building integrated all-in-one system. A command execution vulnerability exists in the backend of Daimi CMS, which can be exploited by an attacker to back up the database and cause a getshell...

File Upload Vulnerability in the Backend of UWA Universal Building System

UWA is a general-purpose website builder based on PHP and MySQL. UWA general-purpose site-building system background file upload vulnerability , the vulnerability is due to the UWA background allows customized php template files , and in the saving of the content of the PHP file does not do the...