CVE-2024-44667

Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2v1.0.1557.15.35P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access...

Linux Kernel 5.6.13 Use-After-Free Exploit

Proof of concept exploit that uses a use-after-free vulnerability due to a race condition in MIDI devices in Linux Kernel version 5.6.13. // gcc -o exploit exploit.c -masm=intel -static -s -lpthread define GNUSOURCE include include include include include include include include include include...

CVE-2024-36445

Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication...

CVE-2024-36445

CVE-2024-36445 affects Swissphone DiCal-RED 4009 devices, where an unauthenticated TELNET access path permits a remote attacker to obtain a root shell. The advisory and linked sources describe a missing-authentication vulnerability (CWE-306) in the DiCal-RED 4009 module, with the CVSSv3.1 vector ...

PT-2024-27005 · Swissphone · Swissphone Dical-Red 4009

Name of the Vulnerable Software and Affected Versions: Swissphone DiCal-RED 4009 devices affected versions not specified Description: The issue allows a remote attacker to gain a root shell via TELNET without authentication. Recommendations: At the moment, there is no information about a newer...

CVE-2024-36445

Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication...

CVE-2024-36445

Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication...

CVE-2022-27486

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1...

CVE-2024-41692 Incorrect Access Control Vulnerability

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful exploitation of this...

CVE-2024-41692 Incorrect Access Control Vulnerability

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful exploitation of this...

PT-2024-29513 · Syrotech · Sy-Gpon-1110-Wdont Router

Name of the Vulnerable Software and Affected Versions: SyroTech SY-GPON-1110-WDONT Router affected versions not specified Description: The issue exists due to the presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit...

Exploit for Code Injection in Vmware Cloud_Foundation

CVE-2024-22274 Exploit This repository contains an exploit fo...

Exploit for Code Injection in Vmware Cloud_Foundation

CVE-2024-22274 - Run and input host ip, port, username and p...

Openmediavault Remote Code Execution / Local Privilege Escalation Exploit

Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive revers...

Ray OS v2.6.3 - Command Injection RCE(Unauthorized)

Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...

CVE-2024-28354

There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb%d.username in the apply.cgi interface, thereby gaining root shell privileges...

CVE-2024-28354

There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb%d.username in the apply.cgi interface, thereby gaining root shell privileges...

CVE-2024-28353

There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smbadminname in the apply.cgi interface, thereby gaining root shell privileges...

TRENDnet TEW-827DRU Security Vulnerability

The TRENDnet TEW-827DRU is a wireless router from TRENDnet. A security vulnerability exists in firmware version 2.10B01 of the TRENDnet TEW-827DRU, which stems from the presence of a command injection vulnerability that could allow an attacker to gain root shell privileges via command injection...

CVE-2024-28354

There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb%d.username in the apply.cgi interface, thereby gaining root shell privileges...