4730 matches found
CVE-2022-37393
CVE-2022-37393: Zimbra’s sudo configuration allows the zimbra user to run the zmslapd binary as root with arbitrary parameters. zmslapd can load a user-defined configuration file that may include plugins (.so) executed as root, enabling local privilege escalation. The available connected document...
PT-2022-4416 · Zimbra · Zimbra Collaboration Suite
Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite affected versions not specified Description: The issue is related to the sudo configuration in Zimbra, which allows the zimbra user to execute the zmslapd binary as root with arbitrary parameters. The zmslapd binary...
Zimbra zmslapd Privilege Escalation Exploit
This Metasploit module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo configuration that permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which...
Zimbra 安全漏洞
Zimbra is an open source email collaboration platform from Zimbra, Inc. in the United States. Zimbra suffers from a security vulnerability that stems from its sudo configuration that allows a user to execute zmslapd binaries as the root user with arbitrary parameters. As part of its intended...
Zimbra zmslapd Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra zmslapd arbitrary module load', 'Description' = %q This module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo...
VMware Workspace ONE Access Privilege Escalation Exploit
VMware Workspace ONE Access contains a vulnerability whereby the horizon user can escalate their privileges to those of the root user by modifying a file and then restarting the vmware-certproxy service which invokes it. The service control is permitted via the sudo configuration without a...
VMware Workspace One Access 权限许可和访问控制问题漏洞
VMware Workspace One Access is a centralized management console from VMware, Inc. that allows you to manage users and groups, set and manage authentication and access policies, as well as add resources to a directory and manage permissions for those resources. A vulnerability exists in VMware...
Privilege Escalation admin user to root user
Description "admin" user has sudo rights and can gain root access. By default sudo installation "admin" group has root rights. "admin" user created by hestia installation and this user is also in "admin" group. if the attackers access "admin" user, can gain root access. Proof of Concept...
CVE-2021-44954
In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration...
CVE-2021-44954
In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration...
Design/Logic Flaw
In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration...
CVE-2021-44954
CVE-2021-44954 affects QVIS NVR DVR prior to 2021-12-13. A sudo misconfiguration allows local privilege escalation from the qvisdvr user to root. The base score is 7.8 (HIGH) with LOCAL attack vector and no user interaction required. The provided documents do not specify a patch/version for remed...
CVE-2021-44954
In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration...
QVIS NVR Camera Management System 安全漏洞
QVIS NVR Camera Management System is a surveillance system from QVIS Corporation. A security vulnerability exists in the QVIS NVR Camera Management System. An attacker can escalate privileges from the qvisdvr user to the root user by abusing the Sudo misconfiguration...
Pamspy - Credentials Dumper For Linux Using eBPF
pamspy leverage eBPF technologies to achieve an equivalent work of 3snake. It will track a particular userland function inside the PAM Pluggable Authentication Modules library, used by many critical applications to handle authentication like: sudo sshd passwd gnome x11 and many other ... How to...
Exploit for Off-by-one Error in Sudo_Project Sudo
CVE-2021-3156 Visualization, Fuzzing, Exploit and Patch...
Exploit for Off-by-one Error in Sudo_Project Sudo
CVE-2021-3156 Visualization, Fuzzing, Exploit and Patch...
CVE-2022-2104
The www-data Apache web server account is configured to run sudo with no password for many commands including /bin/sh and /bin/bash...
CVE-2022-2104 Secheron SEPCOS Control and Protection Relay
The www-data Apache web server account is configured to run sudo with no password for many commands including /bin/sh and /bin/bash...
CVE-2022-2104 Secheron SEPCOS Control and Protection Relay
The www-data Apache web server account is configured to run sudo with no password for many commands including /bin/sh and /bin/bash...