104 matches found
GHSA-M65Q-V92H-CM7Q users may append `root` to group listings
Affected versions append root to group listings, unless the correct listing has exactly 1024 groups. This affects both: - The supplementary groups of a user - The group access list of the current process If the caller uses this information for access control, this may lead to privilege escalation...
`root` appended to group listings
Affected versions append root to group listings, unless the correct listing has exactly 1024 groups. This affects both: - The supplementary groups of a user - The group access list of the current process If the caller uses this information for access control, this may lead to privilege escalation...
PT-2025-23647 · Crates.Io · Users
Affected versions append root to group listings, unless the correct listing has exactly 1024 groups. This affects both: - The supplementary groups of a user - The group access list of the current process If the caller uses this information for access control, this may lead to privilege...
Linksys WRT54GL Security Breach
The Linksys WRT54GL is a wireless router from Linksys, USA. A security vulnerability exists in Linksys WRT54GL version 4.30.18, which originates from an information disclosure vulnerability in the file /SysInfo.htm...
PT-2024-18014 · Linksys · Linksys Wrt54G
Name of the Vulnerable Software and Affected Versions: Linksys WRT54GL version 4.30.18 Description: A vulnerability was found in the Web Management Interface of the Linksys WRT54GL, affecting some unknown functionality of the file /SysInfo.htm. This issue leads to information disclosure. The...
Unaligned read of `*const *const c_char` pointer
Affected versions dereference a potentially unaligned pointer. The pointer is commonly unaligned in practice, resulting in undefined behavior. In some build modes, this is observable as a panic followed by abort. In other build modes the UB may manifest in some other way, including the possibilit...
RUSTSEC-2023-0040 `users` crate is unmaintained
The users crate hasn't seen any action since 2020-10-08. The developer seems MIA since. Recommended alternatives - uzers - sysinfo MIA: https://github.com/ogham/rust-users/issues/54 uzers: https://crates.io/crates/uzers sysinfo: https://crates.io/crates/sysinfo...
`users` crate is unmaintained
The users crate hasn't seen any action since 2020-10-08. The developer seems MIA since. Recommended alternatives - uzers - sysinfo MIA: https://github.com/ogham/rust-users/issues/54 uzers: https://crates.io/crates/uzers sysinfo: https://crates.io/crates/sysinfo...
CVE-2022-35572
On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, and potentially other vendors/devices due to code reuse, the /SysInfo.htm URI does not require a session ID. This web page calls a showsysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS...
CVE-2022-35572
On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, and potentially other vendors/devices due to code reuse, the /SysInfo.htm URI does not require a session ID. This web page calls a showsysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS...
PT-2022-22907 · Linksys · Linksys E5350 Wifi Router
Name of the Vulnerable Software and Affected Versions: Linksys E5350 WiFi Router version 1.0.00.037 and lower Description: The issue concerns the /SysInfo.htm URI, which does not require a session ID. This web page calls the show sysinfo function, retrieving sensitive information such as WPA...
Redpill - Assist Reverse Tcp Shells In Post-Exploration Tasks
Project Description The redpill project aims to assist reverse tcp shells in post-exploration tasks. Often in redteam engagements we need to use unconventional ways to access target system, such as reverse tcp shells not metasploit in order to bypass the defenses implemented by the system...
PT-2021-16927 · Joomla · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.0.0 through 3.9.26 Description: A missing token check causes a CSRF issue in data download endpoints in com banners and com sysinfo. This allows for potential exploitation. Recommendations: For Joomla! versions 3.0.0 throug...
Joomla! 跨站请求伪造漏洞
Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site request forgery vulnerability exists in combanners and comsysinfo in...
CVE-2020-27586
Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text...
K7 Computing Total Security Security Vulnerabilities
K7 Computing Total Security is a suite of antivirus software for the Windows platform from K7 Computing, USA. A security vulnerability exists in versions prior to Quick Heal Total Security 19.0 that stems from the security of the sysinfo file through the explicit text ex...
RUSTSEC-2020-0100 Double free when calling `sys_info::disk_info` from multiple threads
Affected versions of sys-info use a static, global, list to store temporary disk information while running. The function that cleans up this list, DFCleanup, assumes a single threaded environment and will try to free the same memory twice in a multithreaded environment. This results in consistent...
Double free when calling `sys_info::disk_info` from multiple threads
Affected versions of sys-info use a static, global, list to store temporary disk information while running. The function that cleans up this list, DFCleanup, assumes a single threaded environment and will try to free the same memory twice in a multithreaded environment. This results in consistent...
CVE-2019-16340
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfojson.cgi URI...
MagniComp SysInfo Detection (Mac OS X SSH Login)
Detects the installed version of MagniComp SysInfo Version on Mac OS X. The script logs in via ssh, searches for configuration file SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...