CVE-2020-25618

An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root i.e., the use of root privileges is not limited to specific programs listed in the sudoers fi...

SolarWinds N-Central 操作系统命令注入漏洞

SolarWinds N-Central is an IT device management platform from SolarWinds Singapore. The platform provides proactive monitoring of everything on a customer's network, not just servers and workstations, and rapid troubleshooting using features such as MFA, antivirus, integrated endpoint detection a...

NewStart CGSL CORE 5.05 / MAIN 5.05 : sudo Vulnerability (NS-SA-2020-0096)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has sudo packages installed that are affected by a vulnerability: - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is ...

CVE-2019-19875

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected using Python scripts via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364...

CVE-2019-19875

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected using Python scripts via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364...

PT-2020-6889 · Systemd +8 · Systemd +8

Name of the Vulnerable Software and Affected Versions: systemd versions prior to 247 Description: The issue is related to inadequate blocking of local privilege escalation for some Sudo configurations, specifically when the "systemctl status" command may be executed. This is due to systemd not...

B&r Automation APROL Command Injection Vulnerability

B&r Automation APROL is a Linux-based process control system for industrial control applications from B&r Automation Australia. A command injection vulnerability exists in B&R Industrial Automation APROL versions prior to R4.2 V7.08, which can be exploited to execute with root privileges by...

ZeroShell 3.9.0 - (cgi-bin/kerbynet) Remote Root Command Injection Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...

ZeroShell 3.9.0 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...

ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...

CVE-2020-27985

Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home//SecurityOnion/setup/so-setup...

CVE-2020-27985

Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home//SecurityOnion/setup/so-setup...

Design/Logic Flaw

Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home//SecurityOnion/setup/so-setup...

CVE-2020-27985

Security Onion v2 prior to 2.3.10 contains a misconfigured sudo setup that allows the administrative user to obtain root access without a password by editing and executing /home//SecurityOnion/setup/so-setup. The issue is a local privilege escalation affecting deployments based on the affected 2....

CVE-2020-27985

Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home//SecurityOnion/setup/so-setup...

Security Onion Solutions Security Onion Security Breaches

Security Onion Solutions Security Onion is an American Security Onion Solutions software for threat search, enterprise security monitoring and log management. The software supports Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squit, NetworkMiner and many other security too...

Unspecified vulnerability in Aviatrix Controller (CNVD-2021-17716)

Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. A sudo rule insecurity vulnerability exists in Aviatrix Controller versions prior to R5.4.1290. An attacker could execute all commands as any user on the system through th...

RHEL 8 : sudo (RHSA-2020:1804)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1804 advisory. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute...

CVE-2020-26548

An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system...

CVE-2020-26548

An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system...