3296 matches found
CVE-2017-5671
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriti...
CVE-2017-5671
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriti...
Code injection
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriti...
CVE-2017-5671
CVE-2017-5671 affects Honeywell Intermec PM23/PM42/PM43/PC23/PC43/PD43/PC42 printers (firmware before 10.11.013310 and 10.12.x before 10.12.013309). The vulnerability arises because /usr/bin/lua is installed setuid to the itadmin account, enabling local users to perform a BusyBox jailbreak and es...
CVE-2017-5671
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriti...
Intermec PM43 Industrial Printer Privilege Escalation
TITLE: Intermec Industrial Printers Local root with Busybox jailbreak Date: March 28th, 2017 Author: Bourbon Jean-marie kmkz from AKERVA company | @kmkzsecurity Product Homepage: http://www.intermec.com/products/prtrpm43a/ Firmware download: http://www.intermec.com/products/prtrpm43a/downloads.as...
Intermec PM43 Industrial Printer - Privilege Escalation Vulnerability
Exploit for hardware platform in category local exploits TITLE: Intermec Industrial Printers Local root with Busybox jailbreak Date: March 28th, 2017 Author: Bourbon Jean-marie kmkz from AKERVA company | @kmkzsecurity Product Homepage: http://www.intermec.com/products/prtrpm43a/ Firmware download...
Intermec PM43 Industrial Printer - Local Privilege Escalation
TITLE: Intermec Industrial Printers Local root with Busybox jailbreak Date: March 28th, 2017 Author: Bourbon Jean-marie kmkz from AKERVA company | @kmkzsecurity Product Homepage: http://www.intermec.com/products/prtrpm43a/ Firmware download: http://www.intermec.com/products/prtrpm43a/downloads.as...
Halcyon - IDE for Nmap Script (NSE) Development
Halcyon is the first IDE specifically focused on Nmap Script NSE Development. This research idea was originated while writing custom Nmap Scripts for Enterprise Penetration Testing Scenarios. The existing challenge in developing Nmap Scripts NSE was the lack of a development environment that give...
[SECURITY] Fedora 25 Update: redis-3.2.7-1.fc25
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
GLSA-201701-53 : Lua: Buffer overflow
The remote host is affected by the vulnerability described in GLSA-201701-53 Lua: Buffer overflow A buffer overflow was discovered in the vararg functions in ldo.c in Lua. Impact : Context-dependent could cause a Denial of Service condition or execute arbitrary code. Workaround : There is no know...
Lua: Buffer overflow
Background Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description. Description A buffer overflow was discovered in the vararg functions in ldo....
Rumble Mail Server 0.51.3135 Cross Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit title: Rumble Mail Server v/0.51.3135 = Stored Cross Site Scripting Download Software: https://sourceforge.net/projects/rumble/?source=directory Author: Nassim Asrir Author Company: Henceforth Contact: email protected Tested On:...
Tarantool Denial of Service Vulnerability
Tarantool is an embedded NoSQL database management system written in Lua that integrates web programming with Node.js and data persistence with Redis. A denial of service vulnerability exists in Tarantool version 1.7.2-0. An attacker can exploit this vulnerability to cause a denial of service...
[SECURITY] Fedora 24 Update: tarantool-1.6.9.52-1.fc24
Tarantool is a high performance in-memory NoSQL database and Lua application server. Tarantool supports replication, online backup and stored procedures in Lua. This package provides the server daemon and admin tools...
[SECURITY] Fedora 25 Update: tarantool-1.6.9.52-1.fc25
Tarantool is a high performance in-memory NoSQL database and Lua application server. Tarantool supports replication, online backup and stored procedures in Lua. This package provides the server daemon and admin tools...
cics-enum NSE Script
CICS transaction ID enumerator for IBM mainframes. This script is based on mainframebrute by Dominic White . However, this script doesn't rely on any third party libraries or tools and instead uses the NSE TN3270 library which emulates a TN3270 screen in lua. CICS only allows for 4 byte transacti...
libguestfs, lua, ocaml, perl, python, ruby, virt security update
CentOS Errata and Security Advisory CESA-2016:2576 An update for libguestfs and virt-p2v is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...
Hijacking NodeMCU Development Board-vulnerability warning-the black bar safety net
Long before the want to play the Board, The do nothing poor and can't afford it. Just the school issued a NodeMCU, although it is a cheap Board, play play is also good. This Board also let me play for several days, a start is to build a good car, in teacher to a Scratch on the play for a moment,...
Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"
Overview FlashAir by Toshiba Corporation is a SDHC memory card which provides "Internet pass-thru Mode", allowing devices to access the internet while connecting to FlashAir. When configured in "Internet pass-thru Mode", FlashAir acts both as a station and as an access point. When "Internet...