CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2021/01/26 6:15 p.m.•2 views

CVE-2020-27542

Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code including network settings. The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command without...

6.8CVSS6.7AI score0.01169EPSS

NVD•added 2021/01/26 6:15 p.m.•9 views

CVE-2020-27540

9.8CVSS9.6AI score0.00828EPSS

NVD•added 2021/01/26 6:15 p.m.•9 views

CVE-2020-27542

6.8CVSS7.2AI score0.01169EPSS

Prion•added 2021/01/26 6:15 p.m.•17 views

Command injection

4.6CVSS7.2AI score0.01169EPSS

Prion•added 2021/01/26 6:15 p.m.•12 views

Design/Logic Flaw

7.5CVSS9.5AI score0.00828EPSS

CNNVD•added 2021/01/26 12:0 a.m.•3 views

Rostelecom CS-CSHW Command Injection Vulnerability

A security vulnerability exists in Rostelecom CS-C2SHW 5.0.082.1, which can be exploited by an attacker for bash injection...

6.8CVSS6.7AI score0.01169EPSS

Exploits1References2

CVE•added 2021/01/25 8:37 p.m.•38 views

CVE-2020-27542

CVE-2020-27542 affects Rostelecom CS-C2SHW 5.0.082.1. The camera reads configuration from a QR code (including network settings). The static IP config is written to /config/ip-static and, after reboot, its contents are inserted into a bash command without escaping, enabling a Bash command injecti...

6.8CVSS7.1AI score0.01169EPSS

Cvelist•added 2021/01/25 8:37 p.m.•11 views

CVE-2020-27542

7.2AI score0.01169EPSS

CVE•added 2021/01/25 8:17 p.m.•38 views

CVE-2020-27540

CVE-2020-27540 – Rostelecom CS-C2SHW 5.0.082.1 is a Bash injection and signature verification bypass vulnerability. The camera reads firmware update configuration from SDCard vc\version.json and directly inserts the fw-sign parameter into a Bash command, enabling potentially arbitrary command exe...

9.8CVSS9.5AI score0.00828EPSS

Cvelist•added 2021/01/25 8:17 p.m.•14 views

CVE-2020-27540

9.6AI score0.00828EPSS

Gitee•added 2021/01/24 10:48 a.m.•2 views

Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software

PoC exploit for CVE-2020-3452, an unauthorized remote file reading vulnerability in Cisco Adaptive Security Appliance and FTD Software. The exploit uses Shodan to scan for vulnerable targets, then attempts to exploit the vulnerability by sending crafted HTTP requests to the identified targets. Th...

7.5CVSS9.3AI score0.99992EPSS

Exploits24

0day.today•added 2021/01/20 12:0 a.m.•53 views

Linux/x86 - Socat Bind Shellcode (113 bytes)

/ Exploit Title: Linux/x86 - Socat Bind Shellcode 113 bytes Author: Felipe Winsnes Tested on: Debian x86 Shellcode Length: 113 global start section .text start: xor eax, eax push eax PUSH 0x30303030 ; "tcp-listen:10000" PUSH 0x313a6e65 PUSH 0x7473696c PUSH 0x2d706374 mov esi, esp push eax PUSH...

Packet Storm•added 2021/01/15 12:0 a.m.•507 views

EyesOfNetwork 5.3 Remote Code Execution

Exploit Title: EyesOfNetwork 5.3 - File Upload Remote Code Execution Date: 10/01/2021 Exploit Author: Ariane.Blow Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3-10 12/9/2020-lastest !/bin/bash /!\ You...

Exploit DB•added 2021/01/15 12:0 a.m.•428 views

EyesOfNetwork 5.3 - File Upload Remote Code Execution

Kitploit•added 2021/01/14 11:30 a.m.•58 views

K55 - Linux X86_64 Process Injection Utility | Manipulate Processes With Customized Payloads

pronounced: "kay fifty-five" The K55 payload injection tool is used for injecting x8664 shellcode payloads into running processes. The utility was developed using modern C++11 techniques as well as some traditional C linux functions like ptrace. The shellcode spawned in the target process is 27...

7.7AI score

Exploits0References1

Packet Storm•added 2021/01/14 12:0 a.m.•240 views

Nagios XI 5.7.x Remote Code Execution

Exploit Title: Nagios XI 5.7.X - Remote Code Exection RCE Authenticated Date: 19/12/2020 Exploit Author: Haboob Team https://haboob.sa Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Version: Nagios XI 5.7.x Tested on: Ubuntu 18.04 / PHP 7.2.24 & Vendor's custom VM CVE: CVE-2020-35578...

7.2AI score0.81915EPSS

Exploits7

Exploit DB•added 2021/01/04 12:0 a.m.•285 views

CMS Made Simple 2.2.15 - RCE (Authenticated)

Exploit Title: CMS Made Simple 2.2.15 - RCE Authenticated Author: Andrey Stoykov Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Version: 2.2.15 Tested on: Debian 10 LAMPP Exploit and Detailed Info:...

Kitploit•added 2021/01/02 8:30 p.m.•679 views

Byp4Xx - Simple Bash Script To Bypass "403 Forbidden" Messages With Well-Known Methods Discussed In #Bugbountytips

byp4xx.sh / / / // / / / / / / / // /| |// |// / // / // / // / / /./, / ./ // //|//|| /// A bash script to bypass "403 Forbidden" responses with well-known methods discussed in bugbountytips Installation: git clone https://github.com/lobuhi/byp4xx.git cd byp4xx chmod u+x byp4xx.sh Usage: Start...

Hacker One•added 2020/12/26 5:34 a.m.•45 views

Exploits0References1

h1-ctf: Grinch Networks compromised!

Grinch Networks compromised! For fast triage/validation and inspired by @manoelt in other CTF, I made a bash script to find and print all the 12 flags of this CTF. The script uses curl, wget, google-chrome headless for flag 2, unzip, grep and sed. If any of these commands is missing, the script...

7.8AI score