971 matches found
CVE-2017-14433
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the...
CVE-2017-12125
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the "/goform/netWebCSRGen" uri...
CVE-2017-12121
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\name= parm in the...
CVE-2017-14432
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0tmp= parameter in the...
PT-2018-5635 · Moxa · Moxa Edr-810
Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 version 4.1 build 17030317 Description: A command injection issue exists in the web server functionality, allowing for privilege escalation to root shell. This can be triggered by injecting OS commands into the remoteNetmask0...
PT-2018-5634 · Moxa · Edr-810
Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 version 4.1 build 17030317 Description: A command injection issue exists in the web server functionality, allowing a specially crafted HTTP POST to cause a privilege escalation resulting in a root shell. An attacker can inject OS...
PT-2018-5362 · Moxa · Moxa Edr-810
Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 version 4.1 build 17030317 Description: A command injection issue exists in the web server functionality, allowing a specially crafted HTTP POST to cause a privilege escalation resulting in a root shell. An attacker can inject OS...
Pwning CCTV cameras
CCTV is ubiquitous in the UK. A recent study estimates there are about 1.85m cameras across the UK – most in private premises. Most of those cameras will be connected to some kind of recording device, which these days means a Digital Video Recorder or DVR. DVRs take video feeds from multiple...
Design/Logic Flaw
An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root the default. This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system...
CVE-2018-9310
An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root the default. This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system...
CVE-2018-9310
An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root the default. This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system...
CVE-2018-9310
An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root the default. This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system...
CVE-2018-9310
MagniComp SysInfo (before version 10-H82) on Linux/UNIX, when installed setuid root by default, is vulnerable. A local user can execute SysInfo to obtain a root shell, enabling local compromise of the host. The connected documents do not disclose patch/version-specific fixes or mitigation steps. ...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux Linux_Kernel
Vulnerability Description Ubuntu is an open-source GNU/Linux o...
Moxa EDR-810 Web Server Certificate Signing Request Command Injection Vulnerability(CVE-2017-12125)
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the...
Moxa EDR-810 Web RSA Key Generation Command Injection Vulnerability(CVE-2017-12121)
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakeyname= parm in the...
Moxa EDR-810 Web Server OpenVPN Config Multiple Command Injection Vulnerabilities(CVE-2017-14432 - CVE-2017-14434)
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into various paramaters in the...
Moxa EDR-810 Command Injection Vulnerability
The Moxa EDR-810 is an industrial security router with firewall/NAT/VPN and managed Layer 2 switch functionality. It is designed for Ethernet-based security applications in remote control or monitoring networks. A command injection vulnerability exists in the web server functionality of the Moxa...
Moxa EDR-810 Web Server OpenVPN Config Multiple Command Injection Vulnerabilities
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into various paramaters in the...
Moxa EDR-810 Web Server Certificate Signing Request Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the...