CVE-2023-41255

CVE-2023-41255 affects the TPC-110W device (Bosch context appears in sources). The issue allows an unprivileged user with subnet access to obtain a root shell by abusing the lack of authentication of the su binary exposed via ADB (Android Debug Bridge). The connected documents provide this core t...

CVE-2023-41255

The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB Android Debug Bridge protocol exposed on...

PT-2023-27872 · Google · Android Debug Bridge

Name of the Vulnerable Software and Affected Versions: TPC-110W device affected versions not specified Description: The issue allows an unprivileged user with access to the subnet of the device to gain a root shell on the device itself by exploiting the lack of authentication of the su binary fil...

Exploit for Use of a Broken or Risky Cryptographic Algorithm in Vmware Aria_Operations_For_Networks

CVE-2023-34039 POC for CVE-2023-34039 VMWare Aria Operations f...

PT-2023-4589 · Cisco · Cisco Telepresence Video Communication Server +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS version 14.0 Description: A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS...

Moxa EDR-810 Web Server ping Command Injection (CVE-2017-12120)

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the...

Moxa EDR-810 Web Server Certificate Signing Request Command Injection (CVE-2017-12125)

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the /goform/netWebCSRGen uri t...

Exploit for Race Condition in Qualcomm Apq8053_Firmware

Fork My adaptation for the SM-F926U from the original exploit...

Exploit for Race Condition in Canonical Snapd

CVE-2021-44731-snap-confine-SUID Local Privilege Escalation Ex...

CloudPanel 2.2.2 Privilege Escalation / Path Traversal Exploit

CloudPanel versions 2.0.0 through 2.2.2 suffer from a privilege escalation vulnerability when a traversal is leveraged against clpctlWrapper for which all normal users have sudo access. Title : Privilege Escalation through path traversal CVE ID : CVE-2023-33747 Exploit Author : EagleEye Github :...

Exploit for Missing Authentication for Critical Function in Cisco Spa112_Firmware

RancidCrisco Minimum Viable PoC for CVE-2023-20126 This is th...

CVE-2023-30054

TOTOLINK A7100RU V7.4cu.2313B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload...

CVE-2023-30054

TOTOLINK A7100RU V7.4cu.2313B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload...

Command injection

TOTOLINK A7100RU V7.4cu.2313B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload...

CVE-2023-30054

TOTOLINK A7100RU V7.4cu.2313B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload...

TOTOLINK A7100RU 操作系统命令注入漏洞

TOTOLINK A7100RU is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK A7100RU version V7.4cu.2313B20191024, which stems from a command injection vulnerability in that an attacker can obtain a stable root shell via a specially crafted payload...

PT-2023-22519 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A7100RU version 7.4cu.2313 B20191024 Description: The issue is a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. Recommendations: For TOTOLINK A7100RU version...

CVE-2023-30054

TOTOLINK A7100RU V7.4cu.2313B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload...

CVE-2023-30054

CVE-2023-30054 affects TOTOLINK A7100RU firmware 7.4cu.2313_B20191024. The vulnerability is a Command Injection flaw in the device that can allow an attacker to obtain a stable root shell through a specially crafted payload. The CVSS metrics indicate a critical impact with network access, no user...

sudo 1.9.12p1 Privilege Escalation

!/usr/bin/env bash Exploit Title: sudo 1.8.0 to 1.9.12p1 - Privilege Escalation Exploit Author: n3m1.sys CVE: CVE-2023-22809 Date: 2023/01/21 Vendor Homepage: https://www.sudo.ws/ Software Link: https://www.sudo.ws/dist/sudo-1.9.12p1.tar.gz Version: 1.8.0 to 1.9.12p1 Tested on: Ubuntu Server 22.0...