Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers Privileged EXEC Mode Root Shell Access (cisco-sa-20180328-privesc3)

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the CLI parser due to improperly sanitizing command arguments to prevent access to internal data structures on a device. An authenticated, local attacker with privileged EXEC mode privilege level 15...

welpwn

This is an exploit module for a vulnerability in a binary, targeting a heap-based overflow in a baby heap implementation. The exploit is designed to execute a shell on the vulnerable system. The exploit uses a combination of alloc, show, and delete functions to manipulate the heap and create a...

Ghost Framework - An Android Post Exploitation Framework That Uses An Android Debug Bridge To Remotely Access A n Android Device

Ghost Framework is an Android post exploitation framework that uses an Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration. Getting started Ghost installation cd ghost chmod +x install.sh ./install....

CVE-2019-5162

An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...

CVE-2019-5162

An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...

Improper access control

An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...

CVE-2019-5162

An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...

CVE-2019-5162

The CVE-2019-5162 issue affects Moxa AWK-3131A firmware v1.13 (iw_webs account settings). A crafted username can overwrite an existing user password, allowing remote shell access as that user when authenticated as a low-privilege user. Talos reports this as an exploitable improper access control ...

Moxa AWK-3131A iw_webs Account Settings Improper Access Control Vulnerability

Summary An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the...

CVE-2020-5855

When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user...

Information disclosure

When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user...

CVE-2020-5855

When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user...

CVE-2019-19834

Directory Traversal in ruckuscli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable-debug-script-exec with ../../../bin/sh as the parameter...

CVE-2014-6448

Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access...

Code injection

Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access...

CVE-2014-6448

CVE-2014-6448 affects Juniper Networks Junos OS: versions 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3. The vulnerability allows local users to bypass restrictions and execute arbitrary Python code through vectors involving shell access. The cited sources describe a local privileg...

CVE-2014-6448

Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access...

Ltd. CmsEasy station building system file contains vulnerabilities

Through the enterprise website system Alias CmsEasy is the domestic free WeChat + cell phone end + micro site + cell phone text message + online sales + multi-language website combination of enterprise marketing management platform. Siping City, Jiuzhou Yi Tong Technology Co., Ltd CmsEasy...

CVE-2015-4553

A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell...

vsftpd OS Command Injection Vulnerability

vsftpd is an FTP File Transfer Protocol server for Unix-like systems. An operating system command injection vulnerability exists in vsftpd version 2.3.4 downloaded between June 30, 2011 and July 3, 2011, which originates from a backdoor in the software that can be used to open a shell, which can ...