3 matches found
ManageEngine SupportCenter Plus < 14.9 Build 14940 Privilege Escalation
The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 14.9 Build 14940. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-8309 advisory. - A privilege escalation vulnerability caused by the overly permissive regular expression regex rule...
Possible URL spoofing on wildcard path
Description H3 provides the getRequestURL utility using the new URLa, b constructor. When variable a is attacker-controlled the origin of the resulting URL can be modified. Proof of Concept js // index.js import listen from "listhen"; import createApp, createRouter, eventHandler, toNodeListener,...
Sudo 1.8.14 (RHEL 567 Ubuntu) - Sudoedit Unauthorized Privilege Escalation
Sudo 1.8.14 RHEL 567 Ubuntu - Sudoedit Unauthorized Privilege Escalation Exploit Title: sudo -e - a.k.a. sudoedit - unauthorized privilege escalation Date: 07-23-2015 Exploit Author: Daniel Svartman Version: Sudo ALL=root NOPASSWD: sudoedit /home///test.txt Then, logged as that user, create a...