80 matches found
PT-2023-23176 · Mage Ai · Mage Ai
Name of the Vulnerable Software and Affected Versions: mage-ai versions 0.8.34 through 0.8.71 Description: The issue affects mage-ai, an open-source data pipeline tool, when used with user authentication enabled. It allows the terminal to be accessed by users who are not signed in or do not have...
CVE-2022-46416
Parrot Bebop 4.7.1. allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network e.g., by guessing the password. Then, the attacker would need to send...
PT-2023-21661 · Opendoas +1 · Opendoas +1
Name of the Vulnerable Software and Affected Versions: OpenDoas versions 6.8.2 and earlier Description: The issue allows privilege escalation due to sharing a terminal with the original session when TIOCSTI is available. TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable...
Design/Logic Flaw
An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication...
SUSE CVE-2010-4242
The hciuartttyopen function in the HCI UART driver drivers/bluetooth/hcildisc.c in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service NULL pointer dereference via vectors related to the...
Foresight Sports GC3 安全漏洞
Foresight Sports GC3 is a full-featured golf ball launch monitor from Foresight Sports. A security vulnerability exists in Foresight Sports GC3 Launch Monitor prior to version 1.5.0.2, which originated from a vulnerability that allows process debugging, file system modification, and terminal acce...
CVE-2021-26758
Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system...
CVE-2021-26758
Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system...
pam_tacplus Log Message Disclosure Vulnerability
pamtacplus is a PAM module for authenticating users via TACACS + Terminal Access Controller Access Control System from Pawe Krawczyk Software Developers in the UK. A log information disclosure vulnerability exists in the support.c file in pamtacplus versions 1.3.8 through 1.5.1, which can be...
Graffiti - A Tool To Generate Obfuscated One Liners To Aid In Penetration Testing
NOTE : Never upload payloads to online checkers Graffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. Graffiti accepts the following languages for encoding: Python Perl Batch Powershell PHP Bash Graffiti will also accept a language that is not currently on...
CVE-2018-17495
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerability using the terminal to launch the command prom...
CVE-2018-9083
In System Management Module SMM versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability...
Cisco Wireless LAN Controller Software GUI Elevation of Privilege Vulnerability
Cisco Wireless LAN Controller WLC is a wireless LAN controller product from Cisco USA. The product provides security policy, intrusion detection and other functions in the wireless LAN. The Cisco Wireless LAN Controller Software GUI elevation of privilege vulnerability is caused by incorrect...
CVE-2018-0417
A vulnerability in TACACS authentication with Cisco Wireless LAN Controller WLC Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific...
CVE-2018-18386
drivers/tty/ntty.c in the Linux kernel before 4.14.11 allows local attackers who are able to access pseudo terminals to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ...
Cisco IOS and IOS XE Software Denial of Service Vulnerability (CNVD-2019-01903)
Cisco IOS Software and IOS XE Software are both operating systems developed by Cisco for its network devices.TACACS+ is one of the terminal access control subsystems. An input validation vulnerability exists in the TACACS+ client subsystem in Cisco IOS Software and IOS XE Software, which stems fr...
CVE-2018-15369
A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is due to improper handling of crafted TACACS+...
Privilege Escalation
github.com/juju/juju is vulnerable to privilege escalation. A malicious user with access to the terminal can gain root privileges through the command juju-run 'whoami'...
Updated lxterminal package fixes security vulnerability
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service preventing terminal launch, or possibly have other impact bypassing terminal access control. CVE-2016-10369...
CVE-2016-10369
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service preventing terminal launch, or possibly have other impact bypassing terminal access control...