Drobo 5N2 4.1.1 - Remote Command Injection

Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py - A proof-of-concept utility for malicious...

Exploit for OS Command Injection in Microvirt Memu

CVEID: CVE-2019-14514 Name of the affected products and...

Linux: User accounts with non-specific shells

The password file stores information about users such like username, UID, GID, etc. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as...

Huawei EulerOS: Security Advisory for setup (EulerOS-SA-2018-1394)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows CVE-2020-0644 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

Oracle Hospitality Suites Management CVE-2020-2697 Local Security Vulnerability

Description Oracle Hospitality Suites Management is prone to a local security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Request Tracker' package is affected. This vulnerability affects the following supported versions: 3.7, 3.8 Technologies Affected Oracle...

Microsoft Windows Update Notification Manager CVE-2020-0638 Local Privilege Escalation Vulnerability

Description Microsoft Windows Update Notification Manager is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for...

Oracle Database Server CVE-2020-2568 Local Security Vulnerability

Description Oracle Database Server is prone to a local security vulnerability that exists in Oracle Applications DBA. The vulnerability can be exploited over the 'Local Logon' protocol. For an exploit to succeed, the attacker must have 'Local Logon' privilege. This vulnerability affects the...

Oracle Database Server CVE-2020-2731 Local Security Vulnerability

Description Oracle Database Server is prone to a local security vulnerability. The vulnerability can be exploited over the 'Local Logon' protocol. The 'Core RDBMS' component is affected. This vulnerability affects the following supported versions: 12.1.0.2, 12.2.0.1, 18c and 19c Technologies...

Oracle Solaris CVE-2020-2696 Local Security Vulnerability

Description Oracle Solaris is prone to a local security vulnerability. This issue affects the 'Common Desktop Environment' component. This vulnerability affects the following supported version: 10 Technologies Affected Oracle Solaris 10 Recommendations Permit local access for trusted individuals...

DEBIAN-CVE-2019-19234

In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The software maintainer believes...

Shadow CVE-2019-19882 Multiple Local Privilege Escalation Vulnerabilities

Description Shadow is prone to multiple local privilege-escalation vulnerabilities. A local attacker can exploit these issues to gain elevated privileges. Shadow 4.8 is vulnerable; other versions may also be affected. Technologies Affected Shadow-Maint Shadow 4.8 Recommendations Permit local acce...

Linux Kernel CVE-2019-19769 Local Denial of Service Vulnerability

Description Linux Kernel is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Linux Kernel versions 5.3.10 is vulnerable; other versions may also be affected. Technologies Affected Linux kerne...

Microsoft Windows Kernel CVE-2019-1472 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. A local attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

Microsoft Windows Win32k CVE-2019-1469 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

Microsoft Windows CVE-2019-1483 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft...

Iran Targets Mideast Oil with ZeroCleare Wiper Malware

A freshly-discovered wiper malware dubbed “ZeroCleare” has been deployed to target the energy and industrial sectors in the Middle East. According to IBM’s X-Force Incident Response and Intelligence Services IRIS, ZeroCleare so-named because of the program database pathname of its binary file was...

Microsoft Windows Kernel 'BasicRender.sys' Driver Local Denial of Service Vulnerability

Description Microsoft Windows is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the system, denying service to the legitimate users. Technologies Affected Microsoft Windows 10 Recommendations Permit local access for trusted individuals only. Where possible...

Linux kernel CVE-2019-19318 Use After Free Local Denial of Service Vulnerability

Description Linux kernel is prone to a local denial-of-service vulnerability. An attacker can exploit this issue to crash the system, denying service to legitimate users. Linux kernel version 5.3.11 is vulnerable. Technologies Affected Linux kernel 5.3.11 Recommendations Permit local access for...

Lenovo LenovoPaper CVE-2019-6191 Unspecified Local Privilege Escalation Vulnerability

Description Lenovo LenovoPaper software is prone to an unspecified local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges. Technologies Affected Lenovo LenovoPaper Recommendations Permit local access for trusted individuals only. Where possibl...