EUVD-2020-5917

Malware in sbrugna...

EUVD-2020-5918

Malware in sbrugna...

EUVD-2021-32061

Malicious code in bioql PyPI...

EUVD-2021-31779

Malicious code in bioql PyPI...

CVE-2021-45281

QuickBox Pro v2.4.8 contains a cross-site scripting XSS vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized...

CVE-2021-45281

QuickBox Pro v2.4.8 contains a cross-site scripting XSS vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized...

Cross site scripting

QuickBox Pro v2.4.8 contains a cross-site scripting XSS vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized...

CVE-2021-45281

QuickBox Pro v2.4.8 contains a cross-site scripting XSS vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized...

CVE-2021-45281

CVE-2021-45281 affects QuickBox Pro v2.4.8 . The vulnerability is a cross-site scripting (XSS) flaw in the administrative input path, specifically when passing data to the parameter adminuseredit.php?usertoedit=... where user-supplied input is not properly sanitized. The available documents descr...

QuickBox 跨站脚本漏洞

QuickBox is a media server application and service management system from the QuickBox Quickbox team. The system supports the installation and management of applications using dashboards that enable users to interact with the media server. A cross-site scripting vulnerability exists in QuickBox P...

CVE-2021-44981

In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shellexec''; function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by...

CVE-2021-44981

In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shellexec''; function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by...

Remote code execution

In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shellexec''; function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by...

CVE-2021-44981

In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shellexec''; function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by...

CVE-2021-44981

CVE-2021-44981 affects QuickBox Pro v2.5.8 and earlier. The config.php variable accepts a GET parameter and is parsed into shell_exec(''); without proper sanitization, enabling remote code execution. The media server runs as root by default, allowing an attacker to use sudo within that shell_exec...

QuickBox 操作系统命令注入漏洞

QuickBox is a media server application and service management system from the QuickBox team. A code injection vulnerability exists in QuickBox Pro v2.5.8 and below due to a variable in the config.php file that accepts a GET parameter value and parses it as shellexec and fails to properly clean up...

QuickBox Pro 2.1.8 CVE-2020-13448 - Remote Code Execution

CVE-2020-13448 QuickBox Pro versions 2.1.8 and below suffer from an authenticated remote code execution vulnerability. Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Date: 2020-05-26 Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details:...

QuickBox Pro 2.1.8 Remote Code Execution

Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Date: 2020-05-26 Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: An authenticated low-privileged user...

CVE-2020-13695

CVE-2020-13695 affects QuickBox Community Edition up to 2.5.5 and QuickBox Pro up to 2.1.8. The local www-data user has passwordless sudo privileges to run grep as root, enabling an attacker to read sensitive files such as /root/*.db and /etc/shadow. This results in potential exposure of confiden...

Command injection

QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter...