Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 has an insecure sudo configuration which permits a low-privilege user to run arbitrary commands as root via the tcpdump command without a password.
f0f074bfbbdfcf50b89b456bedfa1d6e2dad916eb9c805528576e82777cae103Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 has an insecure sudo configuration which permits a low-privilege user to read root-only files via the dig command without a password.
9a639b868d2a607d6808f5cc9c66c20f4c697461ce4034c2ce7534df93c6ec6eThe AudioCodes VoIP phones store sensitive information, e.g. credentials and passwords, in encrypted form in their configuration files. These encrypted values can also be automatically configured, e.g. via the "One Voice Operation Center" or other central device management solutions. Due to the use of a hardcoded cryptographic key, an attacker with access to these configuration files is able to decrypt the encrypted values and retrieve sensitive information, e.g. the device root password. Firmware versions greater than or equal to 3.4.8.M4 are affected.
29414b5c1036f3966c46308f74f15451f22b582e783e487f7aa45422c6dfd70fUbuntu Security Notice 6292-1 - It was discovered that Ceph incorrectly handled crash dumps. A local attacker could possibly use this issue to escalate privileges to root.
75967740ce1a9069be3b5ffdad890e66bf3af3e56b32fbff26a28baf8de418c4eLitius version 1.0 appears to leave backups in a world accessible directory under the document root.
37a6ad9ab40e37e23d7cbfe01ee9334c417b3339776c4691b7ae872e89ddb896systemd version 246 suffers from a local root privilege escalation vulnerability.
5c18cab732f4f9e274da14d6344836a1cdf72bc01779fa89312ba4b4814d364be2 Distr CMS version 2.8.5.3 appears to leave backups in a world accessible directory under the document root.
5433c74f920760e59a3889a4eb94f7621298cabe8eddf15f30585be24f026e98A vulnerability exists within Citrix ADC that allows an unauthenticated attacker to trigger a stack buffer overflow of the nsppe process by making a specially crafted HTTP GET request. Successful exploitation results in remote code execution as root.
94d1415f6fe455813346e8f6de25a1fa7b5b88484ea770a8bc9b669e25457a13This Metasploit module exploits authentication bypass (CVE-2018-17153) and command injection (CVE-2016-10108) vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the target is WD MyCloud. If so, it attempts to trigger an authentication bypass (CVE-2018-17153) via a crafted GET request to /cgi-bin/network_mgr.cgi. If the server responds as expected, the module assesses the vulnerability status by attempting to exploit a commend injection vulnerability (CVE-2016-10108) in order to print a random string via the echo command. This is done via a crafted POST request to /web/google_analytics.php. If the server is vulnerable, the same command injection vector is leveraged to execute the payload. This module has been successfully tested against Western Digital MyCloud version 2.30.183.
0ce2f1497429d5e02113422d33a5d38d119e0b68b4af0aa04d5b4189b6ef07f8VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of root on the appliance. VMWare 6.x version are vulnerable. This Metasploit module exploits the vulnerability to upload and execute payloads gaining root privileges. Successfully tested against version 6.8.0.
9a55a0c02bec8e756eeac40f3ab58ccc0499c9bbbde741db5c148ebfa61b29eeWordPress Duplicator plugin version 3.8.7 appears to leave backups in a world accessible directory under the document root.
8f7867098777bfb7d7988fcc7cf6d15c45a7a00aa260411393d341e6ecc3e473This Metasploit module exploits an authenticated command injection vulnerability in the "restore_rrddata()" function of pfSense prior to version 2.7.0 which allows an authenticated attacker with the "WebCfg - Diagnostics: Backup and Restore" privilege to execute arbitrary operating system commands as the "root" user. This module has been tested successfully on version 2.6.0-RELEASE.
aebb2b8cda994128d286f0b5a8a2c8b51efa5ec61f35fe1de15ab837e050e5a1WordPress Duplicator plugin version 3.8.8 appears to leave backups in a world accessible directory under the document root.
dfcfcb24ad253ea2d39768da7b6e22274d168bdda3f278dad5f23b74f4c9b5ddWordPress Duplicator plugin version 4.0.5 appears to leave backups in a world accessible directory under the document root.
ad0fa51ec975187287b8a06f41bafe979783319f010750beeb70fcc957fc356aWordPress BackUpWordPress version 3.8 appears to leave backups in a world accessible directory under the document root.
0aa2086e4896317bbe3e7bdbf4459a1d7ed4b988564f1de3d17a4038856e606eWordPress Google Maps plugin version 9.0.17 appears to leave backups in a world accessible directory under the document root.
156dd68545b65c54c2373a2cda8dd9dda4f59fcde02261a810d41ad5c595eea7WordPress File Manager Pro plugin version 8.3.1 appears to leave backups in a world accessible directory under the document root.
4b88684db05c1e6e30e6201dd62cc4950900d94c6892036e226fe347c047f0f2WordPress Envato plugin version 2.0.7 appears to leave backups in a world accessible directory under the document root.
f2094a0011047a7e71da6c767d74d1960b654e75fb3aa4d77b9cf52e5f7ccd7dWordPress Unyson plugin version 2.7.28 appears to leave backups in a world accessible directory under the document root.
ded4568e592a56e54d8658c4b65d33823bedb435257d32a3cc86b431e0051255This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.29 and below by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution". Exploiting vulnerable endpoint api.php?mobile/webNasIPS leaking sensitive information such as admin password hash and mac address, the attacker can achieve unauthenticated access and use another vulnerable endpoint api.php?mobile/createRaid with POST parameters raidtype and diskstring to execute remote code as root on TerraMaster NAS devices.
7e730a3eca39b8e6d103226c6deb4b1c15b54a16ab70d8fb24d2e419a087f25dThis Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.06 and below via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute commands on the system under the same privileges as the web application, which typically runs under root at the TerraMaster Operating System.
8935d1e9f61d6f9eb3550ec44e1a8a5d97992b91e55a7456ae2af009097db539Anevia Flamingo XL version 3.2.9 suffers from an SSH sandbox escape via the use of traceroute. A remote attacker can breakout of the restricted environment and have full root access to the device.
d01a03802c6672cc17ac7216582cc0ad2e643d89808e99df7c959276e761db6dAnevia Flamingo XL version 3.6.20 suffers from an authenticated remote code execution vulnerability. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges.
43b14f668d4cb3067cebaa36c98d98889067ae017e721f40aa4910c9fb7f8585Anevia Flamingo XS version 3.6.5 suffers from an authenticated remote code execution vulnerability. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges.
53e095bd8aa1c01d2554ab8f1b300973ebf09ad1794d93fb1b09c6ffe2266f09Proof of concept code that exploits three bugs that can be used to gain arbitrary kernel code execution, read and write from the untrusted app domain. Kernel code is executed in the context of the root user and the exploit also disable SELinux. The exploit is tested on Samsung Galaxy A71 with firmware version A715FXXU3BUB5, Baseband A715FXXU3BUB4 and Kernel version 4.14.190-20973144.
d7fb13a8e212690bea66fdff3ce4d52d05a239e824796af7a580b4f67ac5a57d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed