Lucene search
K

14 matches found

CVE
CVE
added 2025/12/30 7:15 p.m.19 views

CVE-2025-69257

CVE-2025-69257 (theshit) is a local privilege escalation vulnerability in the command-line tool that loads Python rules/configs from user-writable locations (e.g., ~/.config/theshit/) without validating ownership/permissions when executed with elevated privileges. If invoked with sudo or EUID=0, ...

6.7CVSS7.2AI score0.0012EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-12629

Malware in sbrugna...

7.8CVSS8.7AI score0.00378EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/01 1:20 p.m.10 views

CVE-2025-34217

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '/.ssh/authorizedkeys' and a sudoers rule granting the printerlogicssh group 'NOPASSWD: ALL'. Possession of the matching...

10CVSS6.8AI score0.00697EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.8 views

PT-2025-39985

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments affected versions not specified Description The Vasion Print Virtual Appliance Host and Application contains an undocumented user, printerlogic, with...

10CVSS6.4AI score0.00697EPSS
Exploits1References9
NVD
NVD
added 2024/11/08 10:15 p.m.18 views

CVE-2024-48073

sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execution mode of sudo NOPASSWD. This program is vulnerable to a command injection vulnerability, which...

9.8CVSS0.01191EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/08 12:0 a.m.27 views

CVE-2024-48073

sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execution mode of sudo NOPASSWD. This program is vulnerable to a command injection vulnerability, which...

0.01191EPSS
Exploits0References2
CVE
CVE
added 2024/11/08 12:0 a.m.45 views

CVE-2024-48073

Summary: CVE-2024-48073 affects sunniwell HT3300 prior to 1.0.0.B022.2. The /usr/local/bin/update updater runs with sudo NOPASSWD and is vulnerable to a command injection, enabling an attacker to pass commands via command line arguments to gain elevated root privileges. Impact: total compromise o...

9.8CVSS7.6AI score0.01191EPSS
Exploits0References2
OSV
OSV
added 2023/03/29 10:55 a.m.4 views

SUSE-SU-2023:1665-1 Security update for sudo

This update for sudo fixes the following issue: Security issues: - CVE-2023-28486: Fixed sudo does not escape control characters in log messages. bsc1209362 - CVE-2023-28487: Fixed sudo does not escape control characters in sudoreplay output. bsc1209361 - CVE-2023-27320: Fixed a potential securit...

7.2CVSS6.1AI score0.01664EPSS
Exploits1References10
Packet Storm
Packet Storm
added 2021/01/11 12:0 a.m.229 views

EyesOfNetwork 5.3 Remote Code Execution / Privilege Escalation

Exploit Title: EyesOfNetwork 5.3 - RCE & PrivEsc Date: 10/01/2021 Exploit Author: Audencia Business SCHOOL Red Team Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 Authentified Romote Code Execution fl...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/24 12:0 a.m.1221 views

ZeroShell 3.9.0 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...

10CVSS0.3AI score0.89849EPSS
Exploits11
Cvelist
Cvelist
added 2019/04/25 3:40 p.m.24 views

CVE-2018-20052

An issue was discovered on Cerner Connectivity Engine CCE 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command...

7.8AI score0.00378EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2018/04/24 12:0 a.m.192 views

Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access + Null-Free Shellcode (79 bytes)

Linux/x86 - Edit /etc/sudoers ALL ALL=ALL NOPASSWD: ALL For Full Access + Null-Free Shellcode 79 bytes. Shellcode exploit for Linuxx86 platform / Title: Edit /etc/sudoers with NOPASSWD for ALL Date: 2018-04-19 Author: absolomb Website: https://www.sploitspren.com SLAE-ID: 1208 Purpose: edit...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2015/10/03 12:0 a.m.48 views

issetugid() + rsh + libmalloc OS X Local Root

CVE-2015-5889: issetugid + rsh + libmalloc osx local root tested on osx 10.9.5 / 10.10.5 jul/2015 by rebel import os,time,sys env = s = os.stat"/etc/sudoers".stsize env'MallocLogFile' = '/etc/crontab' env'MallocStackLogging' = 'yes' env'MallocStackLoggingDirectory' = 'a\n root echo "ALL ALL=ALL...

7.2CVSS0.6AI score0.05088EPSS
Exploits14
Exploit DB
Exploit DB
added 2008/11/19 12:0 a.m.27 views

linux/x86 - edit /etc/sudoers for full access 86 bytes

linux/x86 edit /etc/sudoers for full access 86 bytes. Shellcode exploit for linx86 platform / Author: Rick Email: [email protected] OS: Linux/x86 Description: Anyone can run sudo without password section .text global start start: ;open"/etc/sudoers", OWRONLY | OAPPEND; xor eax, eax push eax pu...

0.1AI score
Exploits0
Rows per page
Query Builder