D-Link 安全漏洞

The D-Link DSR-250 is an 8-port Gigabit VPN router with dynamic Web content filtering. A command injection vulnerability exists in the D-Link DSR-250 3.17. The vulnerability stems from insufficient validation of configuration file checksums. An attacker can use this vulnerability to inject...

Linux: Get crontab and /etc/cron.* scripts

Crontab is the program used to install, remove or list the tables used to drive the cron8 daemon. Each user can have their own crontab, and though these are files in /var/spool/, they are not intended to be edited directly. For SELinux in mls mode can be even more crontabs - for each range. Many ...

aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)

Exploit Title: aaPanel 6.6.6 - Authenticated Privilege Escalation Google Dork: Date: 04.05.2020 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.aapanel.com/ Software Link: https://github.com/aaPanel/aaPanel Version: 6.6.6 REQUIRED Tested on: Linux ubuntu 4.4.0-131-gener...

About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

Design/Logic Flaw

Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router...

CVE-2020-5756

Summary: CVE-2020-5756 affects Grandstream GWN7000, with firmware version 1.0.9.4 and older. An authenticated remote user can modify the system crontab via an undocumented API, enabling execution of arbitrary OS commands on the router. This vulnerability is described across multiple sources (NVD,...

QRadar Community Edition 7.3.1.6 Insecure File Permissions

------------------------------------------------------------------------ Local privilege escalation in QRadar due to run-result-reader.sh insecure file permissions ------------------------------------------------------------------------ Yorick Koster, September 2019...

About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra

About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra This document describes the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. About Apple security updates F...

Linux: Permissions on /etc/cron.allow

The cron.allow file controls administrative access to the crontab command for scheduling and modifying cron jobs. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU...

LinuxCheck - Linux Information Collection Script

A small linux information collection script is mainly used for emergency response. It can be used under Debian or Centos. Features CPU TOP10, memory TOP10 CPU usage boot time Hard disk space information User information, passwd information Environmental variable detection Service list System...

GNU Mailutils 3.7 - Privilege Escalation

Exploit Title: GNU Mailutils 3.7 - Local Privilege Escalation Date: 2019-11-06 Exploit Author: Mike Gualtieri Vendor Homepage: https://mailutils.org/ Software Link: https://ftp.gnu.org/gnu/mailutils/mailutils-3.7.tar.gz Version: 2.0 = 3.7 Tested on: Gentoo CVE : CVE-2019-18862 Title : GNU Mailuti...

CVE-2017-18451

cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade SEC-257...

CVE-2017-18451

cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade SEC-257...

CVE-2017-18451

CVE-2017-18451 affects cPanel prior to version 64.0.21 . The vulnerability allows an attacker to read a user’s crontab file for a short window during a cPAddon upgrade (SEC-257). This information disclosure is confirmed by multiple connected documents from cPanel/Red Hat/CNVD/CVE records. Impact ...

CVE-2018-20940

cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups SEC-342...

CVE-2018-20940

cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups SEC-342...

CVE-2018-20942

CVE-2018-20942 affects cPanel before 68.0.27. It enables a local attacker to read root's crontab during a short interval while configuring crontab (SEC-351). The CNVD entry describes the root cause as improper handling of concurrent access to shared resources during crontab operation, indicating ...

CVE-2018-20940

CVE-2018-20940 affects cPanel prior to 68.0.27. The (local) vulnerability allows an attacker to read the root user’s crontab file for a brief window when backups are enabled. Exploitation details are not provided in the connected documents, and there is no explicit remediation or patch informatio...

CVE-2018-20902

cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation SEC-408...

CVE-2018-20902

cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation SEC-408...