Unspecified Vulnerability in QuickBox

QuickBox is a media server application and service management system from the QuickBox team. The system supports the installation and management of applications using dashboards that enable users to interact with media servers. A security vulnerability exists in QuickBox Community Edition 2.5.5 a...

QuickBox Pro 2.1.8 Remote Code Execution

Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Date: 2020-05-26 Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: An authenticated low-privileged user...

QuickBox Remote Code Execution Vulnerability

QuickBox is a media server application and service management system from the QuickBox team. The system supports the installation and management of applications using dashboards that enable users to interact with media servers. A remote code execution vulnerability exists in QuickBox Community...

QuickBox OS Command Injection Vulnerability

QuickBox is a media server application and service management system from the QuickBox team. The system supports the installation and management of applications using dashboards that enable users to interact with media servers. An operating system command injection vulnerability exists in QuickBo...

CVE-2020-13695

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/.db or /etc/shadow file...

CVE-2020-13695

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/.db or /etc/shadow file...

Default credentials

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/.db or /etc/shadow file...

CVE-2020-13695

CVE-2020-13695 affects QuickBox Community Edition up to 2.5.5 and QuickBox Pro up to 2.1.8. The local www-data user has passwordless sudo privileges to run grep as root, enabling an attacker to read sensitive files such as /root/*.db and /etc/shadow. This results in potential exposure of confiden...

CVE-2020-13448

QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter...

CVE-2020-13694

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option...

CVE-2020-13448

QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter...

CVE-2020-13694

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option...

Command injection

QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter...

Design/Logic Flaw

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option...

CVE-2020-13694

Technical details for CVE-2020-13694 are not provided in the connected documents; the available sources lack affected product/version/impact specifics beyond the initial description. Monitor for updates.

CVE-2020-13694

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option...

CVE-2020-13448

QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter...

CVE-2020-13448

CVE-2020-13448 affects QuickBox Community Edition up to 2.5.5 and Pro Edition up to 2.1.8. An authenticated attacker can exploit a command-injection vulnerability in the servicestart parameter to achieve remote code execution (as www-data). Public CVSS: high (3.1/8.8) with network access and low ...

QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: ...

QuickBox Pro 2.1.8 - Authenticated Remote Code Execution

Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Date: 2020-05-26 Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: An authenticated low-privileged user...