1821 matches found
UBUNTU-CVE-2021-42375
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input...
Privilege Escalation
github.com/fluxcd/kustomize-controller is vulnerable to privilege escalation. Users with privilege to create Kubernetes Secrets, Service Accounts and Flux Kustomization objects is allowed to use kustomize-controller to execute shell commands on the container OS via embedding a shell script in a...
BusyBox 代码问题漏洞
BusyBox is a suite of applications containing several linux commands and tools from the Ukrainian personal developer Denis Vlasenko. A code issue vulnerability exists in the Busybox hush applet, which stems from the fact that dereferencing the NULL pointer in Busybox's hush applet will result in ...
CVE-2021-42372
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...
LPAR2RRD 操作系统命令注入漏洞
Xorux LPAR2RRD is a server monitoring tool from the Czech company Xorux. A security vulnerability in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD versions prior to 7.30 can be exploited by an attacker to execute arbitrary shell commands while a user is running a service...
Tor-Rootkit - A Python 3 Standalone Windows 10 / Linux Rootkit Using Tor
A Python 3 standalone Windows 10 / Linux Rootkit. The networking communication get's established over the tor network. Disclaimer Use for educational purposes only. How to use 1. Clone the repo and change directory: git clone https://github.com/emcruise/TorRootkit.git cd ./tor-rootkit 2. Build...
Sophos UTM WebAdmin SID Command Injection
This module exploits an SID-based command injection in Sophos UTM's WebAdmin interface to execute shell commands as the root user. Module Options msf use exploit/linux/http/sophosutmwebadminsidcmdinjection msf exploitsophosutmwebadminsidcmdinjection show targets ...targets... msf...
NewStart CGSL CORE 5.04 / MAIN 5.04 : ImageMagick Vulnerability (NS-SA-2021-0100)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ImageMagick packages installed that are affected by a vulnerability: - ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF...
Sophos UTM WebAdmin SID Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sophos UTM WebAdmin SID Command Injection', 'Description' = %q This module exploits an SID-based command injection in Sophos UTM's WebAdmin...
NewStart CGSL CORE 5.05 / MAIN 5.05 : ImageMagick Vulnerability (NS-SA-2021-0186)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ImageMagick packages installed that are affected by a vulnerability: - ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF...
CVE-2021-31358
A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allow...
CVE-2021-31358
A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allow...
CVE-2021-31357
A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability...
Command injection
A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability...
CVE-2021-31358 Junos OS Evolved: shell-injection vulnerabilities in evo_sftp UI wrapper script
A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allow...
CVE-2021-31357 Junos OS Evolved: shell-injection vulnerabilities in evo_tcpdump UI wrapper script
A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability...
PT-2021-19257 · Juniper Networks · Junos Evolved
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved versions prior to 20.3R2-S1-EVO Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R2-S2-EVO Juniper Networks Junos OS Evolved 21.1 versions prior to 21.1R2-EVO Juniper Networks Junos OS Evolved 21....
Juniper Networks Junos OS 操作系统操作系统命令注入漏洞
Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS suffers from an operating system command injection vulnerability that stems from a command...
VMware vCenter Server Analytics (CEIP) Service File Upload
This module exploits a file upload in VMware vCenter Server's analytics/telemetry CEIP service to write a system crontab and execute shell commands as the root user. Note that CEIP must be enabled for the target to be exploitable by this module. CEIP is enabled by default. Module Options msf use...
VMware vCenter Server Analytics (CEIP) Service File Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Analytics CEIP Service File Upload', 'Description' = %q This module exploits a file upload in VMware vCenter Server's...