Privilege escalation

A local privilege escalation PE vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges...

CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine

A local privilege escalation PE vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges...

Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine

A local privilege escalation PE vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges. Work around: There are no known workarounds for this issue...

Palo Alto Networks Cortex Xsoar 数据伪造问题漏洞

Palo Alto Networks Cortex Xsoar is a Security Orchestration Automation and Response Soar platform from Palo Alto Networks, USA. Palo Alto Networks Cortex Xsoar suffers from a data forgery issue vulnerability that originates from a local elevation of privilege PE, which allows a local attacker wit...

ORing Net IAP-420+ 安全漏洞

The ORing Net IAP-420+ is a wireless access point from China Power ORing. A security vulnerability exists in the ORing Net IAP-420+ version 2.0m, which stems from a telnet server that is enabled by default and cannot be permanently disabled, which can be used to connect to the device and obtain a...

Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution (cisco-sa-ios-xe-cat-verify-D4NEQA6q)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned...

Security Bulletin: IBM QRadar SIEM can be affected by a command injection vulnerability (CVE-2013-2970)

Abstract A vulnerability has been discovered within the IBM QRadar Security Information and Event Manager SIEM software that allows an authenticated user to execute limited operating system commands on the QRadar device and gain limited remote shell access. Content VULNERABILITY DETAILS:...

CVE-2022-2025

an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access...

CVE-2022-2025 Grandstream GSD3710 Stack-based Buffer Overflow

an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access...

EUVD-2022-34329

an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access...

Grandstream GSD3710 缓冲区错误漏洞

The Grandstream GSD3710 is an HD video access control system from Grandstream. A security vulnerability exists in the Grandstream GSD3710 version 1.0.11.13, which originates from not checking the length of parameters before using the strcopy command, and can be exploited by an attacker to create ...

CVE-2022-40297

UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated...

CVE-2022-31791

WatchGuard Firebox and XTM appliances allow a local attacker that has already obtained shell access to elevate their privileges and execute code with root permissions. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...

CVE-2022-31791

WatchGuard Firebox and XTM appliances are affected by CVE-2022-31791, a local privilege escalation that, after an attacker gains shell access, allows execution of code with root privileges. Affected devices run Fireware OS with vulnerable configurations prior to fixed versions: 12.1.4, 12.5.10, a...

CVE-2021-43076

An improper privilege management vulnerability CWE-269 in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access...

CVE-2021-43076

An improper privilege management vulnerability CWE-269 in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access...

Privilege escalation

An improper privilege management vulnerability CWE-269 in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access...

CVE-2021-43076

CVE-2021-43076 concerns an improper privilege management vulnerability (CWE-269) in FortiADC. A remote authenticated attacker with a restricted user profile may modify system files via shell access. Affected FortiADC versions include 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and be...

PT-2022-11771 · Fortinet · Fortiadc

Name of the Vulnerable Software and Affected Versions: FortiADC versions 6.2.1 and below FortiADC versions 6.1.5 and below FortiADC versions 6.0.4 and below FortiADC versions 5.4.5 and below FortiADC versions 5.3.7 and below Description: An improper privilege management issue may allow a remote...

WatchGuard Firebox 安全漏洞

WatchGuard Firebox is a U.S. WatchGuard company that provides a comprehensive range of Internet security services, from traditional IPS and GAV, to website/application control and malicious software prevention. A security vulnerability exists in the WatchGuard Firebox and XTM devices that...