8 matches found
Udev Persistence Script
This Metasploit module will add a script in /lib/udev/rules.d/ in order to execute a payload written on disk. It will be executed with root privileges every time a network interface other than l0 comes up. Execution is triggered through the at command, so it must be installed on the target...
CVE-2025-34244 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxDeviceFwRulesAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
CVE-2025-34244 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxDeviceFwRulesAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
OPENSUSE-SU-2024:0274-1 Security update for cacti, cacti-spine
This update for cacti, cacti-spine fixes the following issues: - cacti 1.2.27: CVE-2024-34340: Authentication Bypass when using using older password hashes boo1224240 CVE-2024-25641: RCE vulnerability when importing packages boo1224229 CVE-2024-31459: RCE vulnerability when plugins include files...
UBUNTU-CVE-2022-46338
g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data...
PT-2022-27827 · G810-Led · G810-Led
Name of the Vulnerable Software and Affected Versions: g810-led version 0.4.2 Description: The issue allows any process on the system to read traffic from keyboards, including sensitive data, due to a udev rule that makes supported device nodes world-readable and writable. This affects a LED...
OPENSUSE-SU-2021:1370-1 Security update for systemd
This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa on a path bsc1188063. - logind: terminate cleanly on SIGTERM/SIGINT bsc1188018. - Adopting BFQ to control I/O jscSLE-21032, bsc1134353. - Rules weren't applied to dm devices multipath bsc1188713. - Ignore...
The vulnerability of the fly-admin-local-se component in the FLY operating system of the Astra Linux platform allows a attacker to compromise data integrity, gain unauthorized access to protected information, and cause service interruptions.
The vulnerability of the fly-admin-local-se component in the FLY operating system of Astra Linux is related to logging errors when changing user privileges, as well as errors in creating rules for devices with the same name. Exploiting this vulnerability can allow attackers to compromise data...