The vulnerability of the awsfile chmod function in D-Link G416 router microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the awsfile chmod function in D-Link G416 router microprogramming devices is related to the failure to eliminate special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by connecting to port 80...

The vulnerability of the nodered chmod function in D-Link G416 router software allows a hacker to execute arbitrary code.

The vulnerability of the nodered chmod function in D-Link G416 router microprogramming systems is related to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by...

BIT-2020-7221

mysqlinstalldb in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of authpamtooldir/authpamtool. NOTE: this does not affect the Oracle MySQL product,...

GHSA-CGF8-H3FP-H956 Pleaser privilege escalation vulnerability

please aka pleaser through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited. Here is how to see it in action: $ cd "$mktemp -d" $ git clone --depth 1 https://gitlab.com/edneville/please.git $ cd...

PT-2023-7952 · D Link · D-Link G416

Name of the Vulnerable Software and Affected Versions: D-Link G416 affected versions not specified Description: The issue is related to the awsfile chmod function in the D-Link G416 router's firmware, which does not properly neutralize special elements used in an operating system command. This...

Planet's secret file is created with excessive permissions

Impact The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but its permissions allowed the user's group and non-group to read the file as well. Validation Check the permissions on the secret file with ls -l /.planet.json and ensure th...

pesign security update

115-6.0.1 - Update Oracle Linux test certificates Orabug: 31928433 115-6 - Fix chmod invocation - Resolves: CVE-2022-3560 115-5 - Deprecate pesign-authorize and drop ACL use - Resolves: CVE-2022-3560...

K15677: Linux kernel vulnerability CVE-2014-4014

Security Advisory Description The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the...

SUSE CVE-2014-4014

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with grou...

SUSE CVE-2017-9525

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

SUSE CVE-2021-44038

An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users with control of the non-root-owned directory /etc/quagga to escalate their privileges to root upon package installation or update...

WordPress plugin WP Customer Area 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-15326 · WordPress · Wp Customer Area

Name of the Vulnerable Software and Affected Versions: WP Customer Area versions prior to 8.1.4 Description: The issue concerns a lack of CSRF checks for certain actions, such as chmod, mkdir, and copy. This could allow attackers to make a logged-in admin perform these actions, resulting in the...

EulerOS Virtualization 3.0.2.2 : python-paramiko (EulerOS-SA-2023-1287)

According to the versions of the python-paramiko package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow...

LXD vulnerable to Race Condition

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer has an unsafe Chmod call that races against the stat in the Filepath.Walk function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice. Specific Go Packages Affected...

GHSA-8MPQ-FMR3-6JXV LXD vulnerable to Race Condition

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer has an unsafe Chmod call that races against the stat in the Filepath.Walk function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice. Specific Go Packages Affected...

The vulnerability of the File Manager web interface for system administration on UNIX-like operating systems, such as Webmin, allows a perpetrator to escalate their privileges or execute arbitrary code.

The vulnerability of the File Manager web interface for system administration in UNIX-like operating systems, such as Webmin, is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows an attacker to increase their privileges or execute arbitrary code by...

Exploit for Improper Access Control in Webmin

CVE-2022-0824 !Dockerhttps://github.com/cryst4lliz3/CVE-2...

Solaris/SPARC - chmod(./me) Shellcode

/ sparcsolarischmod2.c - Solaris/SPARC chmod shellcode Copyright c 2022 Marco Ivaldi Very small Solaris/SPARC chmod shellcode. See also: http://phrack.org/issues/70/13.htmlarticle Tested on: SunOS 5.10 GenericVirtual sun4u sparc SUNW,SPARC-Enterprise / char sc = / Solaris/SPARC chmod shellcode ma...

Solaris/SPARC - setuid(0) + chmod (/bin/ksh) + exit(0) Shellcode

/ sparcsolarischmod.c - Solaris/SPARC chmod shellcode Copyright c 2022 Marco Ivaldi Solaris/SPARC setuid/chmod/exit shellcode. Tested on: SunOS 5.10 GenericVirtual sun4u sparc SUNW,SPARC-Enterprise / char sc = / Solaris/SPARC chmod shellcode 12 + 32 + 20 = 64 bytes / / setuid0 / "\x90\x08\x3f\xff...