EUVD-2018-2686

Malware in sbrugna...

Advisory ROSA-SA-2024-2396

Software: sudo 1.8.29 OS: ROSA Virtualization 2.1 packageevrstring: sudo-1.8.29-8.rv3.1 CVE-ID: CVE-2023-22809 BDU-ID: 2023-00210 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the sudoedit function of the Sudo system administration program is related to errors in the handling of additional...

Exploit for Code Injection in Mybb

mybb-CVE-2022-24734 MyBB 1.8.29 - Remote Code Execution...

MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: MyBB 1.8.29 - Remote Code Execution RCE Authenticated Date: 2022-05-08 Exploit Author: Altelus Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1829 Version: MyBB 1.8.29 Tested on: Linux CVE : CVE-2022-24734 An RCE can be obtained on...

PT-2021-23801 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.29 Description: The issue allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion and...

MyBB 代码注入漏洞

MyBB MyBulletinBoard is a free and web-based forum software developed by MyBB MYBB team using PHP and MySQL. The software is easy to use , support for multiple languages , scalable and so on. A code injection vulnerability exists in MyBB versions prior to 1.8.29, which allows an attacker to...

EulerOS Virtualization 3.0.6.0 : sudo (EulerOS-SA-2020-1785)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - DISPUTED In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of ...

sudo security, bug fix, and enhancement update

1.8.29-5 - RHEL 8.2 ERRATUM - CVE-2019-18634 Resolves: rhbz1798093 1.8.29-4 - RHEL 8.2 ERRATUM - CVE-2019-19232 Resolves: rhbz1786987 Resolves: rhbz1796518 1.8.29-2 - RHEL 8.2 ERRATUM - rebase to 1.8.29 Resolves: rhbz1733961 Resolves: rhbz1651662 1.8.28p1-1 - RHEL 8.2 ERRATUM - rebase to 1.8.28p1...

Design/Logic Flaw

DISPUTED In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via...

UBUNTU-CVE-2019-19234

In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The software maintainer believes...

CVE-2019-18684

Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=ALL NOPASSWD:ALL" to...

Race condition

DISPUTED Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=ALL NOPASSWD:ALL" t...

CVE-2018-10614

An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files...

CVE-2018-10610

An out-of-bounds vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project files...

CVE-2018-10614

An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files...

Heap overflow

WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files...

CVE-2018-10606

WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files...

CVE-2018-7527

A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file...