308 matches found
CVE-2022-1537
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privilege...
Exploit for Incomplete Cleanup in Linux Linux_Kernel
CVE-2021-4032-NoGCC Test in: Ubuntu 20...
RiteCMS 3.1.0 Arbitrary File Overwrite
Exploit Title: RiteCMS 3.1.0 - Arbitrary File Overwrite Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: Browse...
CVE-2021-45043
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang sLanguage parameter...
Directory traversal
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang sLanguage parameter...
CVE-2021-45043
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang sLanguage parameter...
CVE-2021-45043
HD-Network Real-time Monitoring System 2.0 is affected by a Local File Inclusion vulnerability. The NUCLEI template for CVE-2021-45043 describes an LFI flaw exposed via the /language/lang s_Language parameter, enabling remote unauthenticated attackers to view confidential information (e.g., /etc/...
PT-2022-1944
Name of the Vulnerable Software and Affected Versions D-Link DAP-1620 affected versions not specified Description The issue is related to Local File Inclusion due to path traversal errors in the software, allowing unauthorized access to internal files. This can lead to the reading of sensitive...
CVE-2021-43043
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule...
CVE-2021-43043
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule...
GHSA-QH54-9VC5-M9FG MD5 hash support in github.com/foxcpp/maddy
Impact This vulnerability affects maddy 0.5.1, 0.5.0 users using auth.shadow module and an extremely outdated system that still allows MD5 hashes in /etc/shadows. Patches Patch is available as part of the 0.5.2 release. Workarounds Ensure MD5 hashes are not present in /etc/shadow...
CVE-2021-40960
Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow...
Directory traversal
Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow...
CVE-2021-40960
Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow...
Galera WebTemplate 路径遍历漏洞
Galera WebTemplate is a web template. A path traversal vulnerability exists in Galera WebTemplate 1.0 that could disclose information from /etc/passwd and /etc/shadow...
Haserl Arbitrary File Reader
This module exploits haserl prior to 0.9.36 to read arbitrary files. The most widely accepted exploitation vector is reading /etc/shadow, which will reveal root's hash for cracking. Module Options msf use post/linux/gather/haserlread msf posthaserlread show actions ...actions... msf posthaserlrea...
Linux/x64 - execve (cat /etc/shadow) Shellcode (66 bytes)
Exploit Title: Linux/x64 - execve "cat /etc/shadow" Shellcode 66 bytes Author: Felipe Winsnes Tested on: Debian x64 Shellcode Length: 66 / global start start: xor rax, rax ; Zeroes out RAX. xor rbp, rbp ; Zeroes out RBP. push rax ; Pushes RAX's NULL-DWORD. mov rbp, 0x776f646168732f63 ; Moves valu...
Design/Logic Flaw
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interfac...
CVE-2020-13859
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interfac...
Linux: Get access permissions to configuration files
Get access permissions to relevant Linux config files like /etc/shadow, /etc/passwd and other. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-lat...