CVE-2025-5088

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...

CVE-2025-68716

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to...

New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions

Cybersecurity researchers have uncovered two local privilege escalation LPE flaws that could be exploited to gain root privileges on machines running major Linux distributions. The vulnerabilities, discovered by Qualys, are listed below - CVE-2025-6018 - LPE from unprivileged to allowactive in...

Anevia Flamingo XL 3.2.9 Remote Root Jailbreak Vulnerability

Anevia Flamingo XL 3.2.9 login Remote Root Jailbreak Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.2.9 Hardware revision 1.0 SoapLive 2.0.3 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL...

Anevia Flamingo XL 3.2.9 Remote Root Jailbreak

Anevia Flamingo XL 3.2.9 login Remote Root Jailbreak Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.2.9 Hardware revision 1.0 SoapLive 2.0.3 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL...

Input validation

A vulnerability in Cisco access points AP software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker...

GNU Hurd has an unspecified vulnerability (CNVD-2021-100615)

Gnu Hurd is a Gnu Project replacement for the Unix kernel. Used to implement the file system, network protocols, file access control, and other features implemented by the Unix kernel or similar kernels such as Linux, GNU Hurd has a security vulnerability that could be exploited by an attacker to...

Privilege escalation

An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access...

Design/Logic Flaw

An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root...

CVE-2021-43411

An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root...

CVE-2018-17208

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface. This occurs because shell...

CVE-2018-17208

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface. This occurs because shell...

GNU Screen 4.5.0 - Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits Commit f86a374 "screen.c: adding permissions check for the logfile name", 2015-11-04 The check opens the logfile with full root privileges. This allows us to truncate any file or create a root-owned file with any contents in any directory and...

GNU Screen 4.5.0 - Local Privilege Escalation (PoC)

Commit f86a374 "screen.c: adding permissions check for the logfile name", 2015-11-04 The check opens the logfile with full root privileges. This allows us to truncate any file or create a root-owned file with any contents in any directory and can be easily exploited to full root access in several...

SideDoor - Debian/Ubuntu Backdoor Using A Reverse SSH Tunnel

sidedoor maintains a reverse tunnel to provide a backdoor. sidedoor can be used to remotely control a device behind a NAT. sidedoor is packaged for Debian-based systems with systemd or upstart. It has been used on Debian 8 jessie and Ubuntu 14.04 LTS trusty. The sidedoor user has full root access...

Riorey RIOS Hardocded Password

Title: Riorey "RIOS" Hardcoded Password Vulnerability Severity: High Full root access to the device Date: 07 October 2009 Versions Affected: RIOS 4.6.6 , 4.7.0 possibly others Discovered on: 25 July 2009 Vendor URL: www.riorey.com Author: Marek Kroemeke Overview: Riorey DDoS mitigation appliences...