CVE-2022-22945

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...

CVE-2022-22945

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...

Trend Micro Antivirus for Mac Link Following Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

[SECURITY] [DSA 5071-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5071-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2022 https://www.debian.org/security/faq -...

CVE-2021-4045

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera...

FreeBSD : xrdp -- privilege escalation (fc2a9541-8893-11ec-9d01-80ee73419af3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fc2a9541-8893-11ec-9d01-80ee73419af3 advisory. - xrdp is an open source remote desktop protocol RDP server. In affected versions an integer underflow...

Exploit for CVE-2015-1328

CVE-2015-1328-GoldenEye about exploit: The overlayfs imple...

Critical Samba vulnerability allows remote code execution as root

...

Ubuntu: Security Advisory (USN-5260-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5260-1: Samba vulnerabilities

Orange Tsai discovered that the Samba vfsfruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as root. CVE-2021-44142 Michael Hanselmann discovered that Samb...

New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root

Samba has issued software updates to address multiple security vulnerabilities that, if successfully exploited, could allow remote attackers to execute arbitrary code with the highest privileges on affected installations. Chief among them is CVE-2021-44142, which impacts all versions of Samba...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-4034 Exploit Root exploit for the PwnKit vulnerabili...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

Pwnkit-go This is a working exploit for the pwnkit vulnerab...

Synel Eharmonynew 路径遍历漏洞

Synel Eharmonynew is an attendance system from Synel Israel. Synel Eharmonynew suffers from a path traversal vulnerability that could allow an attacker to return to the root directory and open host files...

CVE-2022-21944

CVE-2022-21944 is a local privilege-escalation flaw in the watchman systemd unit on openSUSE Backports SLE-15-SP3 and openSUSE Factory. The Unix Symbolic Link (Symlink) Following issue concerns the [email protected] unit, enabling local attackers to escalate to root due to a symlink-related vulne...

Authentication flaw

USBView 2.1 before 2.2 allows some local users e.g., ones logged in via SSH to execute arbitrary code as root because certain Polkit settings e.g., allowany=yes for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu,...

USN-5249-1: USBView vulnerability

It was discovered that USBView allowed unprivileged users to run usbview as root. A local attacker could use this vulnerability to gain administrative privileges or cause a denial of service...

openSUSE 15 Security Update : watchman (openSUSE-SU-2022:0016-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0016-1 advisory. - A UNIX Symbolic Link Symlink Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows loc...

SonicWall SMA 100 Series Authenticated Command Injection

This module exploits an authenticated command injection vulnerability in the SonicWall SMA 100 series web interface. Exploitation results in command execution as root. The affected versions are: - 10.2.1.2-24sv and below - 10.2.0.8-37sv and below - 9.0.0.11-31sv and below Module Options msf use...

(Pwn2Own) Western Digital MyCloud PR4100 ConnectivityService Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConnectivityService service. The issue results from the lac...