40 matches found
EUVD-2020-5917
Malware in sbrugna...
EUVD-2020-5918
Malware in sbrugna...
EUVD-2021-32061
Malicious code in bioql PyPI...
EUVD-2021-31779
Malicious code in bioql PyPI...
CVE-2021-45281
QuickBox Pro v2.4.8 contains a cross-site scripting XSS vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized...
CVE-2020-13695
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/.db or /etc/shadow file...
CVE-2021-45281
QuickBox Pro v2.4.8 contains a cross-site scripting XSS vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized...
Cross site scripting
QuickBox Pro v2.4.8 contains a cross-site scripting XSS vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized...
CVE-2021-45281
QuickBox Pro v2.4.8 contains a cross-site scripting XSS vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized...
CVE-2021-45281
CVE-2021-45281 affects QuickBox Pro v2.4.8 . The vulnerability is a cross-site scripting (XSS) flaw in the administrative input path, specifically when passing data to the parameter adminuseredit.php?usertoedit=... where user-supplied input is not properly sanitized. The available documents descr...
QuickBox 跨站脚本漏洞
QuickBox is a media server application and service management system from the QuickBox Quickbox team. The system supports the installation and management of applications using dashboards that enable users to interact with the media server. A cross-site scripting vulnerability exists in QuickBox P...
QuickBox code injection vulnerability
QuickBox is a media server application and service management system from the QuickBox team. A code injection vulnerability exists in QuickBox Pro v2.5.8 and below due to a variable in the config.php file that accepts a GET parameter value and parses it as shellexec and fails to properly clean up...
CVE-2021-44981
In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shellexec''; function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by...
CVE-2021-44981
In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shellexec''; function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by...
Remote code execution
In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shellexec''; function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by...
CVE-2021-44981
In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shellexec''; function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by...
CVE-2021-44981
CVE-2021-44981 affects QuickBox Pro v2.5.8 and earlier. The config.php variable accepts a GET parameter and is parsed into shell_exec(''); without proper sanitization, enabling remote code execution. The media server runs as root by default, allowing an attacker to use sudo within that shell_exec...
QuickBox 操作系统命令注入漏洞
QuickBox is a media server application and service management system from the QuickBox team. A code injection vulnerability exists in QuickBox Pro v2.5.8 and below due to a variable in the config.php file that accepts a GET parameter value and parses it as shellexec and fails to properly clean up...
QuickBox Remote Code Execution (CVE-2020-13448)
A remote code execution vulnerability exists in QuickBox media server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
QuickBox Pro 2.1.8 CVE-2020-13448 - Remote Code Execution
CVE-2020-13448 QuickBox Pro versions 2.1.8 and below suffer from an authenticated remote code execution vulnerability. Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Date: 2020-05-26 Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details:...