Lucene search
K

4730 matches found

CVE
CVE
added 2022/08/16 8:0 p.m.258 views

CVE-2022-37393

CVE-2022-37393: Zimbra’s sudo configuration allows the zimbra user to run the zmslapd binary as root with arbitrary parameters. zmslapd can load a user-defined configuration file that may include plugins (.so) executed as root, enabling local privilege escalation. The available connected document...

7.8CVSS8.7AI score0.01683EPSS
In wildExploits4References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/16 12:0 a.m.3 views

PT-2022-4416 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite affected versions not specified Description: The issue is related to the sudo configuration in Zimbra, which allows the zimbra user to execute the zmslapd binary as root with arbitrary parameters. The zmslapd binary...

7.8CVSS8.7AI score0.01683EPSS
Exploits4References12
0day.today
0day.today
added 2022/08/10 12:0 a.m.629 views

Zimbra zmslapd Privilege Escalation Exploit

This Metasploit module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo configuration that permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which...

7.8CVSS0.4AI score0.01683EPSS
Exploits4
CNNVD
CNNVD
added 2022/08/10 12:0 a.m.5 views

Zimbra 安全漏洞

Zimbra is an open source email collaboration platform from Zimbra, Inc. in the United States. Zimbra suffers from a security vulnerability that stems from its sudo configuration that allows a user to execute zmslapd binaries as the root user with arbitrary parameters. As part of its intended...

7.8CVSS8.4AI score0.01683EPSS
Exploits4References5
Packet Storm
Packet Storm
added 2022/08/10 12:0 a.m.371 views

Zimbra zmslapd Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra zmslapd arbitrary module load', 'Description' = %q This module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo...

0.7AI score0.01683EPSS
Exploits4
0day.today
0day.today
added 2022/08/05 12:0 a.m.385 views

VMware Workspace ONE Access Privilege Escalation Exploit

VMware Workspace ONE Access contains a vulnerability whereby the horizon user can escalate their privileges to those of the root user by modifying a file and then restarting the vmware-certproxy service which invokes it. The service control is permitted via the sudo configuration without a...

7.8CVSS1.3AI score0.01062EPSS
Exploits3
CNNVD
CNNVD
added 2022/08/04 12:0 a.m.4 views

VMware Workspace One Access 权限许可和访问控制问题漏洞

VMware Workspace One Access is a centralized management console from VMware, Inc. that allows you to manage users and groups, set and manage authentication and access policies, as well as add resources to a directory and manage permissions for those resources. A vulnerability exists in VMware...

7.8CVSS8.4AI score0.01062EPSS
Exploits3References3
Huntr
Huntr
added 2022/07/22 6:42 p.m.467 views

Privilege Escalation admin user to root user

Description "admin" user has sudo rights and can gain root access. By default sudo installation "admin" group has root rights. "admin" user created by hestia installation and this user is also in "admin" group. if the attackers access "admin" user, can gain root access. Proof of Concept...

5.8CVSS0.8AI score0.01035EPSS
Exploits1References1
NVD
NVD
added 2022/07/18 12:15 a.m.10 views

CVE-2021-44954

In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration...

7.8CVSS0.00309EPSS
Exploits1References2
OSV
OSV
added 2022/07/18 12:15 a.m.5 views

CVE-2021-44954

In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration...

7.8CVSS5.8AI score0.00309EPSS
Exploits1References2
Prion
Prion
added 2022/07/18 12:15 a.m.18 views

Design/Logic Flaw

In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration...

4.3CVSS7.7AI score0.00309EPSS
Exploits1References2Affected Software2
CVE
CVE
added 2022/07/17 11:27 p.m.73 views

CVE-2021-44954

CVE-2021-44954 affects QVIS NVR DVR prior to 2021-12-13. A sudo misconfiguration allows local privilege escalation from the qvisdvr user to root. The base score is 7.8 (HIGH) with LOCAL attack vector and no user interaction required. The provided documents do not specify a patch/version for remed...

7.8CVSS7.7AI score0.00309EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/07/17 11:27 p.m.13 views

CVE-2021-44954

In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration...

7.9AI score0.00309EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/17 12:0 a.m.2 views

QVIS NVR Camera Management System 安全漏洞

QVIS NVR Camera Management System is a surveillance system from QVIS Corporation. A security vulnerability exists in the QVIS NVR Camera Management System. An attacker can escalate privileges from the qvisdvr user to the root user by abusing the Sudo misconfiguration...

7.8CVSS7.4AI score0.00309EPSS
Exploits1References4
Kitploit
Kitploit
added 2022/07/09 12:30 p.m.35 views

Pamspy - Credentials Dumper For Linux Using eBPF

pamspy leverage eBPF technologies to achieve an equivalent work of 3snake. It will track a particular userland function inside the PAM Pluggable Authentication Modules library, used by many critical applications to handle authentication like: sudo sshd passwd gnome x11 and many other ... How to...

7.8AI score
Exploits0References3
GithubExploit
GithubExploit
added 2022/07/04 1:55 p.m.7 views

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 Visualization, Fuzzing, Exploit and Patch...

7.8CVSS8.2AI score0.99295EPSS
Exploits81
GithubExploit
GithubExploit
added 2022/07/04 1:55 p.m.472 views

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 Visualization, Fuzzing, Exploit and Patch...

7.8CVSS8.3AI score0.99295EPSS
Exploits81
NVD
NVD
added 2022/06/24 3:15 p.m.27 views

CVE-2022-2104

The www-data Apache web server account is configured to run sudo with no password for many commands including /bin/sh and /bin/bash...

9.9CVSS0.01012EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/06/24 3:0 p.m.23 views

CVE-2022-2104 Secheron SEPCOS Control and Protection Relay

The www-data Apache web server account is configured to run sudo with no password for many commands including /bin/sh and /bin/bash...

9.9CVSS9.9AI score0.01012EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/06/24 3:0 p.m.6 views

CVE-2022-2104 Secheron SEPCOS Control and Protection Relay

The www-data Apache web server account is configured to run sudo with no password for many commands including /bin/sh and /bin/bash...

9.9CVSS9.8AI score0.01012EPSS
Exploits0References1
Rows per page
Query Builder