Lucene search
K

7 matches found

The Hacker News
The Hacker News
added 2019/12/06 11:2 a.m.104 views

New Linux Bug Lets Attackers Hijack Encrypted VPN Connections

A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. The...

7.4CVSS0.7AI score0.00838EPSS
Exploits0
Cvelist
Cvelist
added 2019/08/14 8:17 p.m.21 views

CVE-2019-13030

eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a...

8.1AI score0.01899EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2015/01/11 12:0 a.m.30 views

RedStar 2.0 Desktop - 'World-writeable rc.sysinit' Local Privilege Escalation

Red Star 2.0 desktop ships with a world-writeable "/etc/rc.d/rc.sysinit" which can be abused to execute commands on boot. An example exploitation of this vulnerability is shown here https://github.com/HackerFantastic/Public/blob/master/exploits/redstar2.0-localroot.png PoC: /bin/echo...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2007/01/15 12:0 a.m.26 views

FreeBSD Jail rc.d脚本多个本地符号链接漏洞

FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 jail2系统调用允许系统管理员将进程及其所有子代锁定在一个环境中,这样即使进程拥有超级用户权限,也只能对该环境外的系统造成很有限的影响。由于对可能的符号链接缺少处理,主机的jail rc.d8脚本受符号链接攻击的影响。通过用符号链接替换牢笼中的/var/log/console.log,牢笼中的超级用户(root)就可能使用任意内容覆盖牢笼外主机系统上的任意文件。这可能导致以不受禁锢的超级用户权限执行任意命令。...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/01/12 12:0 a.m.38 views

FreeBSD jail rc.d symbolic links problem

Multiple conditions allow to write files begind jailed environment, as an example symbolic link /var/log/console.log...

6.6CVSS2.2AI score0.00391EPSS
Exploits1References1Affected Software1
FreeBSD
FreeBSD
added 2007/01/11 12:0 a.m.17 views

FreeBSD -- Jail rc.d script privilege escalation

Problem Description: In multiple situations the host's jail rc.d8 script does not check if a path inside the jail file system structure is a symbolic link before using the path. In particular this is the case when writing the output from the jail start-up to /var/log/console.log and when mounting...

6.6CVSS7.1AI score0.00391EPSS
Exploits1
CVE
CVE
added 2006/02/09 2:0 a.m.58 views

CVE-2006-0623

CVE-2006-0623 is associated with QNX Neutrino RTOS 6.3.0. The vulnerability arises because /etc/rc.d/rc.local is shipped with world-writable permissions, allowing local users to modify the file and thereby execute arbitrary code at system startup. The connected records confirm the affected softwa...

7.2CVSS7.2AI score0.00913EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder