352 matches found
Code injection
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e. This vulnerability can lead to a Denial of Service DoS...
CVE-2021-46503
CVE-2021-46503 affects Jsish v3.5.0 and is described as a heap-use-after-free vulnerability that can cause a Denial of Service (DoS). The issue is reported in the context of Jsish’s C implementation; no exploit details or attack vectors are provided in the linked documents. Connected sources cons...
openSUSE 15 Security Update : permissions (openSUSE-SU-2021:1520-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1520-1 advisory. - The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the easy permission profile and sniff...
babel security and bug fix update
2.5.1-7 - Include the /usr/bin/pybabel binary that runs on Python 3.6 in the python3-babel package Resolves: rhbz1967173 2.5.1-6 - Fix CVE-2021-20095 Resolves: rhbz1955615...
Security update for drbd-utils (low)
openSUSE Security Update: Security update for drbd-utils Announcement ID: openSUSE-SU-2021:3665-1 Rating: low References: 1029961 1185132 1189363 SLE-21057 Affected Products: openSUSE Leap 15.3 An update that contains security fixes and contains one feature can now be installed. Description: This...
Command Execution Vulnerability in USR-G781 with Character Networking
Ltd. is an industrial IoT hardware and software solution provider. There is a command execution vulnerability in USR-G781, which can be exploited by attackers to execute malicious code...
RLSA-2020:5503 Moderate: mariadb-connector-c security, bug fix, and enhancement update
The MariaDB Native Client library C driver is used to connect applications developed in C/C++ to MariaDB and MySQL databases. The following packages have been upgraded to a later upstream version: mariadb-connector-c 3.1.11. BZ1898993 Security Fixes: mysql: C API unspecified vulnerability CPU Apr...
CVE-2019-20384
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners...
CVE-2019-18842
A cross-site scripting XSS vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by...
CVE-2019-18842
A cross-site scripting XSS vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by...
Cross site scripting
A cross-site scripting XSS vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by...
CVE-2019-18842
CVE-2019-18842 concerns the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module (web interface version 1.2.2). Multiple connected sources confirm a Cross‑Site Scripting (XSS) vulnerability in the configuration web interface caused by insufficient input validation, enabling an attacker to exf...
CVE-2019-18842
A cross-site scripting XSS vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by...
CVE-2019-17120
A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/admusrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after...
Solaris xscreensaver 11.4 - Privilege Escalation
Solaris xscreensaver 11.4 - Privilege Escalation Exploit Title: Solaris xscreensaver 11.4 - Privilege Escalation Date: 2019-10-16 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/technetwork/server-storage/solaris11/ Version: Solaris 11.x Tested on: Solaris 11.4 and 11.3 X86...
Default credentials
A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain access to passwords and abuse them to compromise further systems...
Amazon Linux 2 : setup (ALAS-2019-1158)
Setup in Amazon Linux 2 added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to...
ASAN/SUID - Local Privilege Escalation
!/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload to get root on a vulnerable system. Supply your own targe...
Emacs - movemail Privilege Escalation Exploit
This Metasploit module exploits a SUID installation of the Emacs movemail utility to run a command as root by writing to 4.3BSD's /usr/lib/crontab.local. The vulnerability is documented in Cliff Stoll's book The Cuckoo's Egg. This module requires Metasploit: https://metasploit.com/download Curren...
Emacs movemail Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Emacs movemail Privilege Escalation', 'Description' = %q This module exploits a SUID installation of the Emacs movemail utility to run a command ...