18 matches found
EUVD-2020-28931
Malware in sbrugna...
EUVD-2024-19635
Malicious code in bioql PyPI...
CVE-2024-20360
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...
CVE-2022-31254
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the rmt user to escalate to...
Design/Logic Flaw
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the rmt user to escalate to...
CVE-2022-31254 rmt-server-pubcloud allows to escalate from user _rmt to root
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the rmt user to escalate to...
CVE-2022-31251
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3...
CVE-2022-21944
A UNIX Symbolic Link Symlink Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman version...
CVE-2021-25314
A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linu...
CVE-2020-28046
An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user MAINAPP can escalate to root privileges by exploiting the setuid installation of the xtables-multi binary and leveraging the ip6tables --modprobe switch...
CVE-2019-18684
Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=ALL NOPASSWD:ALL" to...
Race condition
DISPUTED Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=ALL NOPASSWD:ALL" t...
CVE-2019-9160
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH on TCP port 22345 and escalate to root because the password for root is the WebUI admin password concatenated with a static string...
Design/Logic Flaw
If HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root...
CVE-2017-16777
If HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root...
CVE-2017-15884
In HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges...
PineApp Mail-Secure Command Execution
pineapp makes an anti-spam product, which can be downloaded for vmware, etc. the security of the product is a fucking joke, containing everything from authentication bypass to root exploits. there is really no hope, the developers didnt even try. they can patch those specific vulnerabilities, but...
unixware.auto.txt
Greetings, OVERVIEW Although UnixWare's /usr/X/bin/xauto is NOT suid/sgid, we can still overf= low a buffer within it and gain root privileges. BACKGROUND Only tested UnixWare 7.1, all other UnixWares should be assumed vulnerabl= e. DETAILS xauto is mode 755, root/sys and yet we can still use a...