787 matches found
Privilege Escalation
systemd-cron:sid is vulnerable to privilege escalation. In the cron package, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...
The vulnerability in the implementation of the `chmod` command in the container runtime system, Containerd, allows a malicious actor to increase their privileges.
The vulnerability of the chmod command implementation in the container runtime system, Containerd, is related to deficiencies in the isolation of the controlled system area. Exploiting this vulnerability allows a remote attacker to increase their privileges...
CVE-2021-30463
VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a...
Default credentials
VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a...
CVE-2021-30463
VestaCP
CVE-2021-30463
VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a...
ClusterLabs Hawk 安全漏洞
ClusterLabs Hawk is a ClusterLabs open source application. It is used to manage and monitor Pacemaker HA clusters. ClusterLabs Hawk has a security vulnerability that allows an attacker to bypass access restrictions to read or modify data using chmod...
Exploit for SQL Injection in Icegram Email_Subscribers_\&_Newsletters
CVE-2019-20361-EXPLOIT There was a flaw in the WordPress plugi...
Unspecified Vulnerability in SolarWinds Serv-U FTP Server
SolarWinds Serv-U FTP Server is a set of U.S. SolarWinds FTP and MFT file transfer software. A security vulnerability exists in SolarWinds Serv-U FTP Server versions prior to 15.2.1 that stems from the server not properly handling CHMOD commands, no details of the vulnerability are provided at th...
CVE-2020-15542
SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command...
CVE-2020-15542
SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command...
CVE-2020-15542
SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command...
CVE-2020-15542
Summary: CVE-2020-15542 affects SolarWinds Serv-U FTP Server prior to version 15.2.1, due to mishandling of the CHMOD command. The connected documents confirm the vendor release of 15.2.1 as a fix (per Serv-U 15-2-1 release notes). Impact (as stated): The CVSS metrics in the reference indicate hi...
CVE-2020-14004
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...
CVE-2020-14004
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...
CVE-2020-14004
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...
CVE-2020-14004
CVE-2020-14004 affects Icinga2 prior to 2.12.0-rc1. The prepare-dirs script used by icinga2/systemd runs chmod 2750 on /run/icinga2/cmd, which is under an unprivileged user by default. If /run/icinga2/cmd is a symlink, an unprivileged icinga2 user can follow it and change arbitrary files to mode ...
CVE-2020-14004
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...
CVE-2020-14004
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...
CVE-2016-7097
It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAPFSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in ...