11 matches found
CVE-2019-25241
FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...
CVE-2019-25241
FaceSentry Access Control System 6.4.8 contains a critical authentication flaw: hard-coded SSH credentials for the wwwuser and an insecure sudoers configuration allow privilege escalation to root via sudo without authentication. This is documented across multiple sources (EUVD-2025-205313, NVD, C...
Linux Distros Unpatched Vulnerability : CVE-2022-42717
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configure...
CVE-2025-34112
An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection vulnerability in the '/api/common/1.0/login' endpoint can be exploited to create a new user account in the appliance database. Thi...
Privilege Escalation
Overview Affected versions of this package are vulnerable to Privilege Escalation due to the recommended sudoers configuration for Vagrant on Linux being insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the...
AZL-11115 CVE-2022-42717 affecting package packer for versions less than 1.8.7-1
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh wit...
CVE-2021-38557
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh wit...
RaspAP安全漏洞
RaspAP is a software solution that can easily deploy Raspberry Pi as a wireless AP access point with a set of responsive WebUI to control WiFi, as easy to use as a home router. raspap-webgui in RaspAP version 2.6.6 is vulnerable to remote code execution. The vulnerability stems from insecure...
FaceSentry Access Control System 6.4.8 Remote SSH Root Access
!/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorith...
FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit
Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...