4728 matches found
Virtuozzo 6 : sudo / sudo-devel (VZLSA-2019-3755)
An update for sudo is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
SolarWinds N-Central Access Control Error Vulnerability
SolarWinds N-Central is an IT device management platform from SolarWinds Singapore. The platform provides proactive monitoring of everything on a customer's network, not just servers and workstations, and rapid troubleshooting using features such as MFA, antivirus, integrated endpoint detection a...
CVE-2020-25618
An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root i.e., the use of root privileges is not limited to specific programs listed in the sudoers fi...
CVE-2020-25618
An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root i.e., the use of root privileges is not limited to specific programs listed in the sudoers fi...
Design/Logic Flaw
An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root i.e., the use of root privileges is not limited to specific programs listed in the sudoers fi...
CVE-2020-25618
An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root i.e., the use of root privileges is not limited to specific programs listed in the sudoers fi...
SolarWinds N-Central 操作系统命令注入漏洞
SolarWinds N-Central is an IT device management platform from SolarWinds Singapore. The platform provides proactive monitoring of everything on a customer's network, not just servers and workstations, and rapid troubleshooting using features such as MFA, antivirus, integrated endpoint detection a...
NewStart CGSL CORE 5.05 / MAIN 5.05 : sudo Vulnerability (NS-SA-2020-0096)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has sudo packages installed that are affected by a vulnerability: - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is ...
CVE-2019-19875
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected using Python scripts via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364...
CVE-2019-19875
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected using Python scripts via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364...
B&r Automation APROL Command Injection Vulnerability
B&r Automation APROL is a Linux-based process control system for industrial control applications from B&r Automation Australia. A command injection vulnerability exists in B&R Industrial Automation APROL versions prior to R4.2 V7.08, which can be exploited to execute with root privileges by...
PT-2020-6889 · Systemd +8 · Systemd +8
Name of the Vulnerable Software and Affected Versions: systemd versions prior to 247 Description: The issue is related to inadequate blocking of local privilege escalation for some Sudo configurations, specifically when the "systemctl status" command may be executed. This is due to systemd not...
ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...
ZeroShell 3.9.0 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...
ZeroShell 3.9.0 - (cgi-bin/kerbynet) Remote Root Command Injection Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...
CVE-2020-27985
Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home//SecurityOnion/setup/so-setup...
CVE-2020-27985
Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home//SecurityOnion/setup/so-setup...
Design/Logic Flaw
Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home//SecurityOnion/setup/so-setup...
CVE-2020-27985
Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home//SecurityOnion/setup/so-setup...
CVE-2020-27985
Security Onion v2 prior to 2.3.10 contains a misconfigured sudo setup that allows the administrative user to obtain root access without a password by editing and executing /home//SecurityOnion/setup/so-setup. The issue is a local privilege escalation affecting deployments based on the affected 2....