754 matches found
SUSE CVE-2014-4014
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with grou...
SUSE CVE-2017-9525
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...
SUSE CVE-2021-44038
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users with control of the non-root-owned directory /etc/quagga to escalate their privileges to root upon package installation or update...
PT-2023-15326 · WordPress · Wp Customer Area
Name of the Vulnerable Software and Affected Versions: WP Customer Area versions prior to 8.1.4 Description: The issue concerns a lack of CSRF checks for certain actions, such as chmod, mkdir, and copy. This could allow attackers to make a logged-in admin perform these actions, resulting in the...
WordPress plugin WP Customer Area 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
EulerOS Virtualization 3.0.2.2 : python-paramiko (EulerOS-SA-2023-1287)
According to the versions of the python-paramiko package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow...
LXD vulnerable to Race Condition
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer has an unsafe Chmod call that races against the stat in the Filepath.Walk function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice. Specific Go Packages Affected...
GHSA-8MPQ-FMR3-6JXV LXD vulnerable to Race Condition
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer has an unsafe Chmod call that races against the stat in the Filepath.Walk function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice. Specific Go Packages Affected...
Exploit for Improper Access Control in Webmin
CVE-2022-0824 !Dockerhttps://github.com/cryst4lliz3/CVE-2...
Solaris/SPARC - chmod(./me) Shellcode
/ sparcsolarischmod2.c - Solaris/SPARC chmod shellcode Copyright c 2022 Marco Ivaldi Very small Solaris/SPARC chmod shellcode. See also: http://phrack.org/issues/70/13.htmlarticle Tested on: SunOS 5.10 GenericVirtual sun4u sparc SUNW,SPARC-Enterprise / char sc = / Solaris/SPARC chmod shellcode ma...
Solaris/SPARC - setuid(0) + chmod (/bin/ksh) + exit(0) Shellcode
/ sparcsolarischmod.c - Solaris/SPARC chmod shellcode Copyright c 2022 Marco Ivaldi Solaris/SPARC setuid/chmod/exit shellcode. Tested on: SunOS 5.10 GenericVirtual sun4u sparc SUNW,SPARC-Enterprise / char sc = / Solaris/SPARC chmod shellcode 12 + 32 + 20 = 64 bytes / / setuid0 / "\x90\x08\x3f\xff...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation Vulne...
Fix of CVE: CVE-2021-44038
CVE-2021-44038: low privilege escalation during package installation/update due to insecure chmod in spec file...
CLSA-2022-1643112395 Fix of CVE: CVE-2021-44038
CVE-2021-44038: low privilege escalation during package installation/update due to insecure chmod in spec file...
Quagga <= 1.2.4 Privilege Escalation Vulnerability
Quagga is prone to a privilege escalation vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...
AZL-7336 CVE-2021-44038 affecting package quagga 1.2.4-15
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users with control of the non-root-owned directory /etc/quagga to escalate their privileges to root upon package installation or update...
Design/Logic Flaw
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users with control of the non-root-owned directory /etc/quagga to escalate their privileges to root upon package installation or update...
CVE-2021-44038
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users with control of the non-root-owned directory /etc/quagga to escalate their privileges to root upon package installation or update...
CVE-2021-44038
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users with control of the non-root-owned directory /etc/quagga to escalate their privileges to root upon package installation or update...
CVE-2021-44038
Removed by vendor...