71 matches found
Input validation
A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploi...
CVE-2021-1449 Cisco Access Point Software Arbitrary Code Execution Vulnerability
A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploi...
CVE-2021-1449
Cisco CVE-2021-1449 affects Cisco Access Points Software. A vulnerability in the boot logic allows an authenticated, local attacker to execute unsigned code at boot time by exploiting an improper startup check, requiring access to the device devshell. This could bypass software image verification...
Cisco Access Point Software Arbitrary Code Execution Vulnerability
A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploi...
openGauss: Ensuring the Existence of the Socket File
Some application programs may search for the socket file in the /tmp directory to deceive the server. During the system startup, the socket file /tmp/ $ USER gaussdb/.s.PGSQL. $PGPORT is created by default to prevent some applications from creating or overwriting the socket file in the /tmp...
Cisco FXOS Software Secure Configuration Bypass (cisco-sa-20190515-nxos-conf-bypass)
According to its self-reported version, Cisco FXOS Software is affected by a configuration bypass vulnerability due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An authenticated, local attacker can exploit this, by...
openSUSE Security Update : systemd (openSUSE-2019-97)
This update for systemd provides the following fixes : Security issues fixed : - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled allocas bsc1120323 - CVE-2018-16866: Fixed an information leak in journald bsc1120323 - Fixed an issue during system startup in...
Security update for systemd (important)
openSUSE Security Update: Security update for systemd Announcement ID: openSUSE-SU-2019:0098-1 Rating: important References: 1005023 1045723 1076696 1080919 1093753 1101591 1111498 1114933 1117063 1119971 1120323 Cross-References: CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 CVE-2018-6954 Affecte...
Security update for systemd (moderate)
openSUSE Security Update: Security update for systemd Announcement ID: openSUSE-SU-2019:0097-1 Rating: moderate References: 1005023 1076696 1101591 1114981 1115518 1119971 1120323 Cross-References: CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 Affected Products: openSUSE Leap 42.3 An update that...
CVE-2018-19071
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at...
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit
Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Remote Root
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 IPn4Gb 1.1.0 R...
Linux /dev/urandom RNG Flaws Exploit
There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and shortly after boot. Linux RNG flaws CVE-2018-1108 There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and...
dnscrypt-autoinstall - Automatic installation and configuration of DNSCrypt
A script for installing and automatically configuring DNSCrypt on Linux-based systems. Description DNSCrypt is a protocol for securing communications between a client and a DNS resolver by encrypting DNS queries and responses. It verifies that responses you get from a DNS provider have actually...
Windows Multiple - Registry Only Persistence Exploit
Exploit for windows platform in category local exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/powershell' require 'msf/core/post/file' class Metasploit4 'Windows...
Windows Registry Only Persistence
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/powershell' require 'msf/core/post/file' class Metasploit4 'Windows Registry Only Persistence', 'Description' = %q This modul...
Thomson Reuters Fixed Assets CS 13.1.4 - Local Privilege Escalation
Thomson Reuters Fixed Assets CS 13.1.4 - Local Privilege Escalation Exploit Title: Thomson Reuters Fixed Assets CS Windows 7, Windows 8 CVE : 2014-9141 Product Affected: Fixed Assets CS =13.1.4 Workstation Install Note: 2003/2008 Terminal Services/Published apps may be vulnerable, depending on...
Time of Last System Startup
Using the supplied credentials, Nessus was able to determine when the host was last started. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid56468; scriptversion"1.7"; scriptcvsdate"Date: 2018/06/19 13:32:15"; scriptnameenglish:"Time of Last System Startup";...
Debian: Security Advisory (DSA-580-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2006-0623
QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable permissions, which allows local users to modify the file and execute arbitrary code at system startup...