Lucene search
K

92 matches found

BDU FSTEC
BDU FSTEC
added 2024/08/09 12:0 a.m.4 views

The vulnerability of the restapi.service (/lib/systemd/system/restapi.service) software for creating wireless routers based on Debian RaspAP allows a attacker to escalate their privileges and execute arbitrary commands.

The vulnerability of the restapi.service file /lib/systemd/system/restapi.service in the software for creating wireless routers based on Debian RaspAP is related to the lack of measures taken to neutralize special elements used in commands, due to insufficient access control for users belonging t...

8.7CVSS6.1AI score0.0081EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/07/29 12:0 a.m.4 views

RaspAP 安全漏洞

RaspAP is the RaspAP open source application a simple wireless AP setup and management software for Debian-based devices. A security vulnerability exists in RaspAP versions prior to 3.1.5, which stems from a vulnerability that allows an attacker to elevate privileges...

8.3CVSS6.7AI score0.0081EPSS
Exploits0References3
Talos
Talos
added 2023/10/12 12:0 a.m.20 views

SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability

Talos Vulnerability Report TALOS-2023-1736 SoftEther VPN DCRegister DDNSRPCMAXRECVSIZE denial of service vulnerability October 12, 2023 CVE Number CVE-2023-22325 SUMMARY A denial of service vulnerability exists in the DCRegister DDNSRPCMAXRECVSIZE functionality of SoftEther VPN 4.41-9782-beta,...

5.9CVSS6AI score0.00957EPSS
Exploits1
Metasploit
Metasploit
added 2023/08/15 7:50 p.m.254 views

RaspAP Unauthenticated Command Injection

RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running...

9.8CVSS9AI score0.98725EPSS
Exploits3
0day.today
0day.today
added 2023/08/15 12:0 a.m.416 views

RaspAP 2.8.7 Unauthenticated Command Injection Exploit

RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running...

9.8CVSS8.3AI score0.98725EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/08/15 12:0 a.m.376 views

RaspAP 2.8.7 Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'RaspAP Unauthenticated Command Injection', 'Description' = %q RaspAP is feature-rich wireless router software that just works on many popular...

9.8CVSS7.1AI score0.98725EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/05/25 12:0 a.m.399 views

SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)

!/usr/bin/python3 Exploit Title: SCM Manager 1.60 - Cross-Site Scripting Stored Authenticated Google Dork: intitle:"SCM Manager" intext:1.60 Date: 05-25-2023 Exploit Author: neg0x https://github.com/n3gox/CVE-2023-33829 Vendor Homepage: https://scm-manager.org/ Software Link:...

5.4CVSS5.5AI score0.07258EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/02/06 12:0 a.m.283 views

Apache Tomcat On Ubuntu Log Init Privilege Escalation

This exploit sample shows how an exploit module could be written to exploit a bug in a command on a linux computer for priv esc. class MetasploitModule 'Apache Tomcat on Ubuntu Log Init Privilege Escalation', 'Description' = %q Tomcat 6, 7, 8 packages provided by default repositories on...

7.8CVSS0.7AI score0.09783EPSS
Exploits8
0day.today
0day.today
added 2023/02/06 12:0 a.m.579 views

Apache Tomcat On Ubuntu Log Init Privilege Escalation Exploit

This Metasploit module targets a vulnerability in Tomcat versions 6, 7, and 8 on Debian-based distributions where these older versions provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account to escalate their privileges from the...

7.8CVSS7.7AI score0.09783EPSS
Exploits8
Kitploit
Kitploit
added 2022/09/13 11:30 a.m.54 views

Pinecone - A WLAN Red Team Framework

Pinecone is a WLAN networks auditing tool, suitable for red team usage. It is extensible via modules, and it is designed to be run in Debian-based operating systems. Pinecone is specially oriented to be used with a Raspberry Pi, as a portable wireless auditing box. This tool is designed for...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2022/07/19 12:30 p.m.40 views

Pinecone - A WLAN Red Team Framework

Pinecone is a WLAN networks auditing tool, suitable for red team usage. It is extensible via modules, and it is designed to be run in Debian-based operating systems. Pinecone is specially oriented to be used with a Raspberry Pi, as a portable wireless auditing box. This tool is designed for...

7.4AI score
Exploits0References2
OSV
OSV
added 2022/06/07 6:15 p.m.2 views

CVE-2019-9971

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...

8.8CVSS5.7AI score0.01565EPSS
Exploits1References3
NVD
NVD
added 2022/06/07 6:15 p.m.25 views

CVE-2019-9972

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling...

9CVSS0.01613EPSS
Exploits1References2
NVD
NVD
added 2022/06/07 6:15 p.m.23 views

CVE-2019-9971

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...

9CVSS0.01565EPSS
Exploits1References3
Prion
Prion
added 2022/06/07 6:15 p.m.20 views

Command injection

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...

9CVSS8.7AI score0.01565EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/06/07 5:57 p.m.23 views

CVE-2019-9972

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling...

8.7AI score0.01613EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/06/09 12:0 a.m.5 views

RaspAP 操作系统命令注入漏洞

RaspAP is a simple wireless AP setup and management for Debian-based devices. An operating system command injection vulnerability exists in RaspAP, which is caused by not properly filtering special characters such as ";" in the "iface" parameter in RaspAP versions 2.6 through 2.6.5. An attacker c...

9.8CVSS8.8AI score0.17905EPSS
Exploits1References2
Gitee
Gitee
added 2021/03/06 4:46 p.m.3 views

thorn-linux

This is a Debian-based research and development platform for information security called Thorn Linux. It is designed to keep users up to date with the latest cybersecurity news while providing a hardened and anonymized penetration-testing environment. The platform includes a highly customized...

6.7AI score
Exploits0
Kitploit
Kitploit
added 2020/07/23 12:30 p.m.80 views

Kali-Linux-Tools-Interface - Graphical Web Interface Developed To Facilitate The Use Of Security Information Tools

A graphical interface to use information security tools by the browser. Getting Started Kali Linux Tools Interface is a graphical interface to use information security tools by the browser. The project uses the Kali Linux tools as a reference because it is the distribution that has the largest...

7AI score
Exploits0References2
Kitploit
Kitploit
added 2020/04/09 10:0 p.m.48 views

Eavesarp - Analyze ARP Requests To Identify Intercommunicating Hosts And Stale Network Address Configurations (SNACs)

A reconnaissance tool that analyzes ARP requests to identify hosts that are likely communicating with one another, which is useful in those dreaded situations where LLMNR/NBNS aren't in use for name resolution. Requirements/Installation This is only gon' work on Kali or other Debian-basedLinux...

7.3AI score
Exploits0References1
Rows per page
Query Builder