sudo-rs Session File Relative Path Traversal vulnerability

Background Sudo-rs allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting...

CVE-2023-20217

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation by the operating system CLI. An attacker cou...

K13605: FirePass sudo vulnerability - CVE-2012-2053

Security Advisory Description Description F5 has identified a possible sudo vulnerability for FirePass. FirePass does not require a password to execute sudo commands with elevated permissions. FirePass is designed to function as a closed-box appliance with no user-level access to the underlying...

Flaw in snapd Allows Root Access to Linux Servers

A local privilege-escalation vulnerability in Canonical’s snapd package has been uncovered, which would allow any user to obtain administrator privileges and immediate root access to affected Linux system servers. Snapd is used by Linux users to download and install apps in the .snap file format...

Punk.Py - Unix SSH Post-Exploitation Tool

unixSSH post-exploitation 1337 tool how it works punk.py is a post-exploitation tool meant to help network pivoting from a compromised unix box. It collect usernames, ssh keys and known hosts from a unix system, then it tries to connect via ssh to all the combinations found. punk.py is wrote in...

EMC Avamar Data Store and Avamar Virtual Edition Elevation of Privilege Vulnerability

EMC Avamar is a backup and recovery solution from EMC Corporation. The solution provides data backup, disaster recovery, deduplication, etc. Avamar Data Store ADS is one of the components used for data backup; Avamar Virtual Edition AVE is one of the components used to realize the replication...

EMC Avamar Data Store and Avamar Virtual Edition Command Injection Vulnerability

EMC Avamar is a backup and recovery solution from EMC Corporation. The solution provides data backup, disaster recovery, deduplication, etc. Avamar Data Store ADS is one of the components used for data backup; Avamar Virtual Edition AVE is one of the components used to realize the replication...

ALCASAR 2.8 - Remote Code Execution

!/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db ad88888ba db 88888888ba d88b 88 d8"' "8b d88b d8" "8b d88b 88 "8b d8'8b 88 d8' d8'8b Y8, d8'8b 88 ,8P d8' 8b 88 88 d8' 8b Y8aaaaa, d8' 8b 88aaaaaa8P'...

MobileIron Virtual Smartphone Platform Privilege Escalation Exploit

No description provided by source. MobileIron Virtual Smartphone Platform Privilege Escalation Exploit 0day ======================================================================== The MobileIron Virtual Smartphone Platform is the first solution to combine data-driven smartphone and tablet...

sudo -- Authentication bypass when clock is reset

Todd Miller reports: The flaw may allow someone with physical access to a machine that is not password-protected to run sudo commands without knowing the logged in user's password. On systems where sudo is the principal way of running commands as root, such as on Ubuntu and Mac OS X, there is a...

[SECURITY] Fedora 10 Update: sudo-1.6.9p17-5.fc10

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...