24 matches found
CVE-1999-0712
A vulnerability in Caldera Open Administration System COAS allows the /etc/shadow password file to be made world-readable...
Barco ClickShare Devices Path Traversal (CVE-2016-3151)
Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified...
EUVD-2024-27849
Malicious code in bioql PyPI...
Moderate: rpm-ostree security update
The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-ostree-client package provides commands for client systems to perform upgrades and...
Fedora 39 : rpm-ostree (2024-4afd3d38ae)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-4afd3d38ae advisory. Backport fix for /etc/gshadow permissions Tenable has extracted the preceding description block directly from the Fedora security advisory. Note tha...
PT-2024-10759 · Rad · Rad Secflow-2
Name of the Vulnerable Software and Affected Versions: RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 Description: The issue allows URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow. This can potentially lead to unauthorized...
Design/Logic Flaw
In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password...
CVE-2020-29669
In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password...
CVE-2020-13695
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/.db or /etc/shadow file...
WAGO PFC100/200 Web-Based Management (WBM) Authentication Timing Information Disclosure Vulnerability
Summary An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials...
CVE-2017-5671
CVE-2017-5671 affects Honeywell Intermec PM23/PM42/PM43/PC23/PC43/PD43/PC42 printers (firmware before 10.11.013310 and 10.12.x before 10.12.013309). The vulnerability arises because /usr/bin/lua is installed setuid to the itadmin account, enabling local users to perform a BusyBox jailbreak and es...
SSH2 3.0 Short Password Login Vulnerability
source: http://www.securityfocus.com/bid/3078/info An input validation error exists in version 3.0.0 of the SSH daemon sshd running on Unix platforms. It may be possible for remote users to log in to accounts for which there are two or less characters in the password field of the system password...
CVE-2014-0644
EMC Cloud Tiering Appliance CTA 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, as demonstrated by reading the /etc/shadow fi...
Quantum DXi V1000 2.2.1 - Static SSH Key
Quantum DXi® V-Series is a virtual deduplication backup appliance that protects physical and virtual data across remote sites, the datacenter and cloud deployments. Details: ---------- 0x01 - Default root user The root user has a hardcoded password that is unknown and not changeable. Normally...
Kindle Touch a remote code execution vulnerability-vulnerability warning-the black bar safety net
I don't know if amazon kindle fans? Recent foreign media reports, the Kindle Touch appears a remote executable code vulnerabilities. For Kindle Touch 5.1.0 firmware version, you can remotely execute code, The/etc/shadow file is sent to the specifiedweb server. Vulnerability relates to...
Code injection
Cisco Unified Videoconferencing UVC System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover encrypted passwords by reading this file, aka Bug ID CSCti54043...
CVE-2010-4303
Cisco Unified Videoconferencing UVC System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover encrypted passwords by reading this file, aka Bug ID CSCti54043...
change mode 0777 of "/etc/shadow" with sys_chmod syscall
change mode 0777 of "/etc/shadow" with syschmod syscall. Shellcode exploit for linux platform / 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 //...
Fedora Update for mod_auth_shadow FEDORA-2010-6359
Check for the Version of modauthshadow OpenVAS Vulnerability Test Fedora Update for modauthshadow FEDORA-2010-6359 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
linux/x86 - chmod("/etc/shadow", 0666) shellcode 36 bytes
Exploit for linux/x86 platform in category shellcode ========================================================= linux/x86 - chmod"/etc/shadow", 0666 shellcode 36 bytes ========================================================= include include / by Magnefikko 14.04.2010 email protected promhyl.oz.pl...