10 matches found
CVE-2025-34149
CVE-2025-34149 describes a command injection in the Shenzhen Aitemi M300 Wi‑Fi Repeater (hardware model MT02) during WPA2 configuration. The vulnerable component is the handling of the WPA2 key parameter, which is interpreted by the system shell, allowing an attacker to execute arbitrary commands...
CVE-2020-29580
The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password...
CVE-2025-32469
The CVE-2025-32469 issue affects Siemens RUGGEDCOM ROX devices (MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000) with all versions before V2.16.5. The root cause is inadequate server-side input sanitation in the web interface’s ping tool, allowing an authe...
Harden-Runner allows evasion of 'disable-sudo' policy
Summary Harden-Runner includes a policy option disable-sudo to prevent the GitHub Actions runner user from using sudo. This is implemented by removing the runner user from the sudoers file. However, this control can be bypassed as the runner user, being part of the docker group, can interact with...
CVE-2018-1212 Authenticated remote code execution in iDRAC 6
The web-based diagnostics console in Dell EMC iDRAC6 Monolithic versions prior to 2.91 and Modular all versions contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute...
OpenSSH 3.5p1 Remote Root Exploit for FreeBSD
OpenSSH 3.5p1 Remote Root Exploit for FreeBSD OpenSSH 3.5p1 Remote Root Exploit for FreeBSD has been shared by kcope on twitter. The Released note is as given below : OpenSSH 3.5p1 Remote Root Exploit for FreeBSD Discovered and Exploited By Kingcope Year 2011 -- The last two days I have been...
CVE-2004-0881
getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir...
HP-UX B11.11 /usr/bin/ct Local Format String Root Exploit
Exploit for hp-ux platform in category local exploits ========================================================= HP-UX B11.11 /usr/bin/ct Local Format String Root Exploit ========================================================= / File : xhp-ux11inlsct.c Usage : cc xhp-ux11inlsct.c -o xct ; ./xct...
Directory Traversal in Sun iPlanet Administration Server 5.1
Text of original posting to Sun: Originator: EDS Information Assurance Group - Jim Hardisty, Mark Brewis Date of Contact: 22nd April 2003 Issue:During a recent Penetration Test, a member of the team, Jim Hardisty, identified an issue with an installation of iPlanet Administration Express. It is...
Solaris/SPARC 2.7 lpset exploit (well not likely !)
Hi, lpset seems to use strcat to pass the argument for -r flag /usr/lib/print/lib/../../../../tmp/foo and appends .so to the end. in this case /tmp/foo.so is going to be dlopen but there is a special case /usr/lib/print/lib directory has to exist. xploit shell script is attached. $ uname -a SunOS...