63 matches found
EUVD-2012-6568
Malware in sbrugna...
EUVD-2014-9816
Malware in sbrugna...
CVE-2012-10022
Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attacker...
CVE-2014-125123
An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel developed by LXCenter prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the...
CVE-2012-10022
Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attacker...
CVE-2012-10022 Kloxo <= 6.1.12 Local Privilege Escalation
Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attacker...
CVE-2012-10022
Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attacker...
CVE-2012-10022 Kloxo <= 6.1.12 Local Privilege Escalation
Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attacker...
CVE-2012-10022
CVE-2012-10022 affects Kloxo 6.1.12 and earlier. It involves two setuid root binaries, lxsuexec and lxrestart; lxsuexec performs a uid check and allows execution of commands as root when the invoking user has uid 48, enabling local privilege escalation from a user with Apache-level access without...
Kloxo 安全漏洞
Kloxo is an open source hosting platform from LxCenter. A security vulnerability exists in Kloxo versions 6.1.12 and earlier, which stems from a local elevation of privilege issue in the lxsuexec and lxrestart binaries that could lead to the execution of arbitrary commands...
PT-2025-31681 · Kloxo · Kloxo
Name of the Vulnerable Software and Affected Versions: Kloxo versions 6.1.12 and earlier Description: Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits...
CVE-2014-125123
An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel developed by LXCenter prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the...
CVE-2014-125123
CVE-2014-125123 affects the Kloxo web hosting control panel (LXCenter) prior to version 6.1.12. An unauthenticated SQL injection in the login-name parameter (lbin/webcommand.php) can leak the administrator password from the backend, enabling an attacker to authenticate and use the Command Center ...
CVE-2014-125123 Kloxo < 6.1.12 Unauthenticated SQL Injection RCE
An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel developed by LXCenter prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the...
CVE-2014-125123 Kloxo < 6.1.12 Unauthenticated SQL Injection RCE
An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel developed by LXCenter prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the...
Kloxo 安全漏洞
Kloxo is an open source hosting platform from LxCenter. A security vulnerability exists in Kloxo versions prior to 6.1.12 that stems from an unvalidated login-name parameter, which could lead to SQL injection and remote command execution...
VulnCheck KEV: CVE-2014-125123
An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel developed by LXCenter prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the...
PT-2025-31543 · Undefined · Undefined
An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel developed by LXCenter prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the...
Kloxo-6.1.6---Local-Privilege
Date: August 2012 or so Exploit Author: HTP Vendor Homepage: http://lxcenter.org/ Software Link: download link if available Version: 6.1.6 Latest LXLABS=cat /etc/passwd | grep lxlabs | cut -d: -f3 export MUID=$LXLABS export GID=$LXLABS export TARGET=/bin/sh export CHECKGID=0 export NONRESIDENT=1...
Kloxo 6.1.6 Local 权限提升漏洞
No description provided by source...