EUVD-2019-8971

Malware in sbrugna...

Ensure That All Groups Exist in /etc/passwd

All user groups in /etc/passwd must exist in the /etc/group file. If the administrator manually modifies the two files, the user groups may be incorrectly set due to human errors. If a user group in /etc/passwd does not exist in /etc/group, risks of user group permission management may occur...

CVE-2024-6331 Injection by Prompt Injection in stitionai/devika

stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read LFI by Prompt Injection. The integration of Google Gimini 1.0 Pro with HarmBlockThreshold.BLOCKNONE for HarmCategory.HARMCATEGORYHATESPEECH and HarmCategory.HARMCATEGORYHARASSMENT i...

CVE-2024-37630

The CVE-2024-37630 affects D-Link DIR-605L v2.13B01 (firmware). A hardcoded password in /etc/passwd allows an attacker to log in as root and obtain administrator privileges. Public documents consistently describe root-level compromise; no explicit firmware fix version is provided. PT-Security not...

CVE-2024-28753

RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request...

CVE-2023-38633

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element...

Reddit: critical file found etc/passwd on www.reddit.com

1.go to this link https://www.reddit.com/etc%2fpasswd 2.youll find all the etc/passwd files this data should be protected. 3.these passwd can be used for many illegal purpose and can damage the comapny poc attched: HTTP/2 200 OK Content-Type: text/plain; charset=UTF-8 X-Ua-Compatible: IE=edge...

CVE-2019-19352

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...

Design/Logic Flaw

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...

Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal

Path Traversal on Yeastar TG400 GSM Gateway - 91.3.0.3 This is a Proof of Concept for CVE-2021-27328 Example to get firmware decrypting password http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../bin/firmwaredetect to get /etc/paswd...

Linux: Get access permissions to configuration files

Get access permissions to relevant Linux config files like /etc/shadow, /etc/passwd and other. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-lat...

CVE-2019-19351

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera ...

Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)

Exploit Title: Linux/x86 - adduser 'User' to /etc/passwd ShellCode 74 bytes Author: bolonobolo Vendor Homepage: None Software Link: None Tested on: Linux x86 Comments: add user "User" to /etc/passwd CVE: N/A / 00000000 31DB xor ebx,ebx 00000002 31C9 xor ecx,ecx 00000004 66B90104 mov cx,0x401...

Deltek Maconomy 2.2.5 - Local File Inclusion

Exploit Title: Maconomy Erp local file include Date: 22/05/2019 Exploit Author: JameelNabbo Website: jameelnabbo.com Vendor Homepage: https://www.deltek.com Software Link: https://www.deltek.com/en-gb/products/project-erp/maconomy CVE: CVE-2019-12314 POC: POC:...

CVE-2019-12314

Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.WMCS/ PATHINFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.WMCS/etc/passwd URI...

FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure

FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Auhor: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13 O...

GeoVision GV-SNVR0811 Directory Traversal Vulnerability

Exploit for linux platform in category web applications Exploit Title: GeoVision GV-SNVR0811 Directory Traversal Exploit Author: Berk Dusunur Google Dork: N/A Type: Hardware Vendor Homepage: http://www.geovision.com.tw/product/GV-SNVR0811 Software Link:...

Unikrn: Urgent: Server side template injection via Smarty template allows for RCE

Hi All, I've found an issue which has allowed me to execute filegetcontents and extract your /etc/passwd file. Description It appears as though you are using smarty on the backend for templating. Entering a malicious payload as my firstname, lastname and nickname and then inviting a user to join...

JVC IP-Camera VN-T216VPRU - Local File Disclosure

Advisory Information ======================================== Title : JVC IP-Camera VN-T216VPRU Local File Inclusion Vendor Homepage : http://pro.jvc.com/ Remotely Exploitable : Yes Tested on Camera types : VN-T216VPRU Product References :...

Ubiquiti airOS Arbitrary File Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ubiquiti airOS Arbitrary File Upload', 'Description' = %q This module exploits a pre-auth file upload to install a new root user to /etc/passwd an...