GHSA-HHJV-JQ77-CMVX zeptoclaw has Android device shell blocklist bypass via argument permutation

Summary zeptoclaw implements a blocklist to prevent dangerous commands running in android device shell, but this blocklist has several blocked commands with argements in the pattern literal, such as rm -f and rm -rf, this can be simply bypassed by using different orders for these arguments, such ...

Linux Distros Unpatched Vulnerability : CVE-2016-3833

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGEUSERS and CREATEUSERS...

CVE-2023-33745

TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access without requiring a password...

CVE-2022-26580

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have physical USB access to the device in order to exploit this vulnerability...

CVE-2019-1010221

LineageOS 16.0 and earlier is affected by: Incorrect Access Control. The impact is: The property checked by adb root can also be set in a normal adb shell session. The component is: adb shell patches to fix this are at https://review.lineageos.org/c/LineageOS/androidsystemcore/+/234800,...

Airba.sh - A POSIX-compliant, Fully Automated WPA PSK Handshake Capture Script Aimed At Penetration Testing

Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell tested on Kali Linux and Cyanogenmod 10.2 and uses aircrack-ng to scan for clients that are currently connected to access points AP. Those...

CVE-2016-3833

The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGEUSERS and CREATEUSERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712...

Google Android Remote Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Consortium. There is a security vulnerability in the Android Shell, which can be exploited by remote attackers to build special applications, induce application parsing, and elevate privileges...