Design/Logic Flaw

An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system...

CVE-2020-26548

An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system...

CVE-2020-26548

Aviatrix Controller (pre-R5.4.1290) contains an insecure sudo rule that allows a user to execute any command as any user on the system. This vulnerability affects Controller versions before R5.4.1290 and is supported by multiple sources (e.g., CNVD-2021-17716; NVD CVE-2020-26548) with high impact...

Protecting Install Tool with Sudo Mode

When the system maintainer concept was introduced with TYPO3 v9.0.0 the necessity of having to enter a password when accessing the Install Tool via backend user interface was removed...

Aviatrix Systems Controller 安全漏洞

Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. A sudo rule insecurity vulnerability exists in Aviatrix Controller versions prior to R5.4.1290. An attacker could execute all commands as any user on the system through th...

[SECURITY] [DLA 2434-1] gdm3 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2434-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb November 05, 2020 https://wiki.debian.org/LTS -...

Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Trend Micro InterScan Messaging Security Virtual Appliance IMSVA vulnerable version: 9.1.0 Critical Patch Build 2025 fixed version: 9.1....

Exploit for Use After Free in Microsoft

System-Vulnerability 实时更新较好用最新漏洞EXP，仅供已授权渗透测试使用 --- Windows --2019.9.20 CVE-2019-0708 Blue Keep Rce --2019.11.20 CVE-2019-1388 UAC 提权 --2020.3 CVE-2020-0796 - SMBv3 poc --2020.4 CVE-2020-0796 - SMBv3 提权 --2020.5 全版本窃取令牌提权 --2020.6 CVE-2020-0796 - SMBv3 getshell Linux --2019.11 CVE-2019-14287 sudo...

FruityWifi Elevation of Privilege Vulnerability

FruityWifi is a wireless network auditing tool. A security vulnerability exists in FruityWifi version 2.4 and prior versions, which stems from the presence of a fail-safe Sudo configuration ALL: ALL NOPASSWD: ALL. The vulnerability can be exploited by an attacker to perform a system-level root...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2020-2238)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : sudo (EulerOS-SA-2020-2238)

According to the version of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process...

CVE-2020-24848

FruityWifi through 2.4 has an unsafe Sudo configuration ALL : ALL NOPASSWD: ALL. This allows an attacker to perform a system-level root local privilege escalation, allowing an attacker to gain complete persistent access to the local system...

CVE-2020-24848

FruityWifi through 2.4 has an unsafe Sudo configuration ALL : ALL NOPASSWD: ALL. This allows an attacker to perform a system-level root local privilege escalation, allowing an attacker to gain complete persistent access to the local system...

Design/Logic Flaw

FruityWifi through 2.4 has an unsafe Sudo configuration ALL : ALL NOPASSWD: ALL. This allows an attacker to perform a system-level root local privilege escalation, allowing an attacker to gain complete persistent access to the local system...

CVE-2020-24848

CVE-2020-24848 affects FruityWifi up to version 2.4, where an unsafe sudo configuration (ALL: ALL) NOPASSWD: ALL enables local root privilege escalation. This misconfiguration allows an attacker with local access to obtain full persistent control over the system. Publicly documented sources (incl...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2020-2237)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : sudo (EulerOS-SA-2020-2196)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged...

EulerOS 2.0 SP9 : sudo (EulerOS-SA-2020-2237)

According to the version of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2020-2196)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : cifs-utils (EulerOS-SA-2020-2174)

According to the version of the cifs-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary...