CVE-2020-5756

Summary: CVE-2020-5756 affects Grandstream GWN7000, with firmware version 1.0.9.4 and older. An authenticated remote user can modify the system crontab via an undocumented API, enabling execution of arbitrary OS commands on the router. This vulnerability is described across multiple sources (NVD,...

CVE-2020-5756

Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router...

QRadar Community Edition 7.3.1.6 Insecure File Permissions

------------------------------------------------------------------------ Local privilege escalation in QRadar due to run-result-reader.sh insecure file permissions ------------------------------------------------------------------------ Yorick Koster, September 2019...

Denial Of Service (DoS)

The vixie-cron package is vulnerable to Denial Of Service DoS. A local user with the ability to create a hardlink to /etc/crontab can prevent vixie-cron from executing certain system cron jobs...

CVE-2019-19699

There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. T...

CVE-2019-19699

There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. T...

About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra

About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra This document describes the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. About Apple security updates F...

Linux: Permissions on /etc/cron.allow

The cron.allow file controls administrative access to the crontab command for scheduling and modifying cron jobs. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU...

Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware

Indicator of Compromise Scanner for CVE-2019-19781 This repos...

LinuxCheck - Linux Information Collection Script

A small linux information collection script is mainly used for emergency response. It can be used under Debian or Centos. Features CPU TOP10, memory TOP10 CPU usage boot time Hard disk space information User information, passwd information Environmental variable detection Service list System...

GNU Mailutils 3.7 - Privilege Escalation

Exploit Title: GNU Mailutils 3.7 - Local Privilege Escalation Date: 2019-11-06 Exploit Author: Mike Gualtieri Vendor Homepage: https://mailutils.org/ Software Link: https://ftp.gnu.org/gnu/mailutils/mailutils-3.7.tar.gz Version: 2.0 = 3.7 Tested on: Gentoo CVE : CVE-2019-18862 Title : GNU Mailuti...

Xorg X11 Server Local Privilege Escalation Exploit

This Metasploit module has been tested with AIX 7.1 and 7.2, and should also work with 6.1. Due to permission restrictions of the crontab in AIX, this module does not use cron, and instead overwrites /etc/passwd in order to create a new user with root privileges. All currently logged in users nee...

cPanel Information Disclosure Vulnerability (CNVD-2019-26346)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An information disclosure vulnerability exists in versions prior to cPanel 64.0.21. An attacker can exploit the vulnerability to...

CVE-2017-18451

cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade SEC-257...

CVE-2017-18451

cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade SEC-257...

Design/Logic Flaw

cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade SEC-257...

CVE-2017-18451

CVE-2017-18451 affects cPanel prior to version 64.0.21 . The vulnerability allows an attacker to read a user’s crontab file for a short window during a cPAddon upgrade (SEC-257). This information disclosure is confirmed by multiple connected documents from cPanel/Red Hat/CNVD/CVE records. Impact ...

CVE-2017-18451

cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade SEC-257...

CVE-2017-18399

cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer SEC-332...

CVE-2017-18399

cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer SEC-332...