CVE-2020-7221

mysqlinstalldb in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of authpamtooldir/authpamtool. NOTE: this does not affect the Oracle MySQL product,...

CVE-2020-7221

Removed by vendor...

Linux: /etc/issue.net chmod

/etc/issue.net is a text file which contains a message or system identification to be printed before the login prompt for users who connect from the network. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...

CVE-2012-2087

ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface...

Input validation

ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface...

CVE-2012-2087

ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface...

Linux: SSH /etc/ssh/sshd_config chown

The /etc/ssh/sshdconfig file contains configuration specifications for sshd. This should be protected from unauthorized changes by non-privileged users. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...

cPanel Authorization Issues Vulnerability (CNVD-2019-36140)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An authorization issue vulnerability exists in versions of cPanel prior to 11.54.0.4. The vulnerability stems from a lack of...

cPanel Security Feature Issue Vulnerability (CNVD-2019-36151)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security signature issue vulnerability exists in cPanel versions prior to 70.0.23. An attacker can exploit this vulnerability t...

CVE-2016-10771

CVE-2016-10771 affects cPanel before 60.0.25, allowing file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165). The issue resides in the ModSecurity audit logfile processing path, enabling unauthorized changes to filesystem state. Multiple connected sources cor...

CVE-2017-18450

cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convertroundcubemysql2sqlite SEC-255...

Code injection

cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convertroundcubemysql2sqlite SEC-255...

CVE-2017-18450

cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convertroundcubemysql2sqlite SEC-255...

CVE-2017-18450

CVE-2017-18450 affects cPanel prior to 64.0.21 and is associated with file-chmod operations via the script /scripts/convert_roundcube_mysql2sqlite (SEC-255). The vulnerability is documented across multiple sources (NVD, Red Hat, CVE lists) as allowing certain file permission changes and has CVSS ...

CVE-2016-10846

cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions SEC-79...

CVE-2016-10849

cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit SEC-82...

Code injection

cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit SEC-82...

CVE-2016-10846

CVE-2016-10846 affects cPanel prior to 11.54.0.4, enabling arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79). The issue is rooted in the Roundcube database conversion process and allows limited privileges to perform file ownership and permission changes...

CVE-2016-10849

cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit SEC-82...

CVE-2016-10849

CVE-2016-10849 affects cPanel before 11.54.0.4, where file-chmod operations in scripts/secureit (SEC-82) can be abused. Connected documents confirm the affected product/version and the specific component (scripts/secureit) with an integrity impact (I:H in CVSS3) and a network vector with low atta...