exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2017-16544

Status Candidate

Overview

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

Related Files

Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
Posted Jun 20, 2022
Authored by T. Weber | Site sec-consult.com

Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components.

tags | exploit
advisories | CVE-2015-0235, CVE-2015-7547, CVE-2015-9261, CVE-2017-16544, CVE-2022-32985
SHA-256 | 811819aa67b6ad1bef552d7cc55544b3fd1c366dc092a396d3d23c2d49bd1e36
VMware Security Advisory 2019-0013
Posted Sep 20, 2019
Authored by VMware | Site vmware.com

VMware Security Advisory 2019-0013 - VMware ESXi and vCenter Server updates address command injection and information disclosure vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2017-16544, CVE-2019-5531, CVE-2019-5532, CVE-2019-5534
SHA-256 | 7ae81418b88c50964c3ec2eca5fb6e16aa19df476d8be7e332903866535a9182
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
Posted Sep 4, 2019
Authored by T. Weber | Site sec-consult.com

Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.

tags | exploit, vulnerability
systems | cisco
advisories | CVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-1472, CVE-2015-5277, CVE-2015-7547, CVE-2015-8778, CVE-2015-8779, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2016-6301, CVE-2017-1000366, CVE-2017-16544, CVE-2018-20679, CVE-2019-5747
SHA-256 | 3726cd3c69f647990c48b627f7552d3a2fdba185bb79ef1247f427b865bde817
WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
Posted Jun 13, 2019
Authored by T. Weber | Site sec-consult.com

The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector.

tags | exploit, vulnerability
advisories | CVE-2010-0296, CVE-2010-3856, CVE-2011-2716, CVE-2011-5325, CVE-2012-4412, CVE-2013-1813, CVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-0235, CVE-2015-1472, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2016-6301, CVE-2019-12550
SHA-256 | 5c8f473ce950d3d7fc4a502cd31cbb68d69766f0ee3d50da6ac20921262a4c65
Ubuntu Security Notice USN-3935-1
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3935-1 - Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Mathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-5325, CVE-2014-9645, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2017-15873, CVE-2017-16544, CVE-2018-1000517, CVE-2018-20679
SHA-256 | d04293581994ba012e305b667f533a43f91c013c6da677eff4fa9c29ace725ff
Gentoo Linux Security Advisory 201803-12
Posted Mar 26, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201803-12 - Multiple vulnerabilities have been found in BusyBox, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 1.28.0 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-15873, CVE-2017-15874, CVE-2017-16544
SHA-256 | 588359ff5f2c3bbf4fd2ef4dd07154b16880b4831f2d6100b5c05d71eee8101b
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close