Security
Headlines
HeadlinesLatestCVEs

Tag

#backdoor

CVE-2020-12888: [PATCH v2 3/3] vfio-pci: Invalidate mmaps and block MMIO access on disabled memory

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.

CVE
Open in Source
#linux#git#backdoor
CVE-2019-15654: Trustwave Security Advisories

Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cleartext.

CVE-2019-15656: Security Advisories | Trustwave

D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables.

CVE-2019-5136: TALOS-2019-0925 || Cisco Talos Intelligence Group

An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

CVE-2012-6614: Offensive Security’s Exploit Database Archive

D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.

CVE-2020-5510: OffSec’s Exploit Database Archive

PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.

CVE-2019-15107: Offensive Security’s Exploit Database Archive

An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.

CVE-2019-13385: ChangeLog for CentOS 7 | Control Web Panel

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log.

CVE-2019-14206: Adaptive images for Wordpress 0.6.66: LFI, arbitrary file deletion and RCE.

An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to delete arbitrary files via the $REQUEST['adaptive-images-settings'] parameter in adaptive-images-script.php.

CVE-2018-7082

A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0