Lucene search
K

787 matches found

Veracode
Veracode
added 2021/09/12 1:17 a.m.25 views

Privilege Escalation

systemd-cron:sid is vulnerable to privilege escalation. In the cron package, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

6.7CVSS5AI score0.00551EPSS
Exploits0References6Affected Software3
BDU FSTEC
BDU FSTEC
added 2021/08/25 12:0 a.m.5 views

The vulnerability in the implementation of the `chmod` command in the container runtime system, Containerd, allows a malicious actor to increase their privileges.

The vulnerability of the chmod command implementation in the container runtime system, Containerd, is related to deficiencies in the isolation of the controlled system area. Exploiting this vulnerability allows a remote attacker to increase their privileges...

6.8CVSS6.4AI score0.01608EPSS
Exploits2References11Affected Software3
OSV
OSV
added 2021/04/08 2:15 p.m.17 views

CVE-2021-30463

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a...

7.8CVSS7.2AI score
Exploits0References1
Prion
Prion
added 2021/04/08 2:15 p.m.20 views

Default credentials

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a...

7.2CVSS7.8AI score0.00497EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/04/08 1:54 p.m.52 views

CVE-2021-30463

VestaCP

7.8CVSS7.8AI score0.00497EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/04/08 1:54 p.m.24 views

CVE-2021-30463

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a...

8.1AI score0.00497EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/03/25 12:0 a.m.4 views

ClusterLabs Hawk 安全漏洞

ClusterLabs Hawk is a ClusterLabs open source application. It is used to manage and monitor Pacemaker HA clusters. ClusterLabs Hawk has a security vulnerability that allows an attacker to bypass access restrictions to read or modify data using chmod...

7.8CVSS7.3AI score0.00378EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2021/03/18 12:22 a.m.128 views

Exploit for SQL Injection in Icegram Email_Subscribers_\&_Newsletters

CVE-2019-20361-EXPLOIT There was a flaw in the WordPress plugi...

9.8CVSS8.6AI score0.8511EPSS
Exploits7
CNVD
CNVD
added 2020/07/06 12:0 a.m.2 views

Unspecified Vulnerability in SolarWinds Serv-U FTP Server

SolarWinds Serv-U FTP Server is a set of U.S. SolarWinds FTP and MFT file transfer software. A security vulnerability exists in SolarWinds Serv-U FTP Server versions prior to 15.2.1 that stems from the server not properly handling CHMOD commands, no details of the vulnerability are provided at th...

9.8CVSS6.8AI score0.01632EPSS
Exploits0References1
OSV
OSV
added 2020/07/05 10:15 p.m.5 views

CVE-2020-15542

SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command...

9.8CVSS7.3AI score0.01632EPSS
Exploits0References1
NVD
NVD
added 2020/07/05 10:15 p.m.14 views

CVE-2020-15542

SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command...

9.8CVSS0.01632EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/05 9:4 p.m.26 views

CVE-2020-15542

SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command...

9.5AI score0.01632EPSS
Exploits0References1
CVE
CVE
added 2020/07/05 9:4 p.m.70 views

CVE-2020-15542

Summary: CVE-2020-15542 affects SolarWinds Serv-U FTP Server prior to version 15.2.1, due to mishandling of the CHMOD command. The connected documents confirm the vendor release of 15.2.1 as a fix (per Serv-U 15-2-1 release notes). Impact (as stated): The CVSS metrics in the reference indicate hi...

9.8CVSS9.3AI score0.01632EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/06/12 4:15 p.m.20 views

CVE-2020-14004

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...

7.8CVSS0.00739EPSS
Exploits1References6
OSV
OSV
added 2020/06/12 4:15 p.m.21 views

CVE-2020-14004

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...

7.8CVSS6.8AI score0.00739EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2020/06/12 4:15 p.m.24 views

CVE-2020-14004

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...

7.8CVSS7AI score0.00739EPSS
Exploits1References9
CVE
CVE
added 2020/06/12 3:4 p.m.164 views

CVE-2020-14004

CVE-2020-14004 affects Icinga2 prior to 2.12.0-rc1. The prepare-dirs script used by icinga2/systemd runs chmod 2750 on /run/icinga2/cmd, which is under an unprivileged user by default. If /run/icinga2/cmd is a symlink, an unprivileged icinga2 user can follow it and change arbitrary files to mode ...

7.8CVSS7.4AI score0.00739EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2020/06/12 3:4 p.m.34 views

CVE-2020-14004

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...

7.7AI score0.00739EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2020/06/12 3:4 p.m.25 views

CVE-2020-14004

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...

7.8CVSS7.2AI score0.00739EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2020/04/08 5:15 p.m.55 views

CVE-2016-7097

It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAPFSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in ...

4.4CVSS3.1AI score0.00377EPSS
Exploits0References1
Rows per page
Query Builder