EulerOS 2.0 SP2 : sudo (EulerOS-SA-2020-1662)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - DISPUTED In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2020-1662)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-12850

The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF such as version 2.0.3 have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the...

CVE-2020-12850

Affected product: Pydio Cells Enterprise OVF 2.0.4 (and related 2.0.x releases). The Red Hat/ENISA and CoreLabs advisories describe a set of vulnerabilities in the Pydio Cells 2.0.4 appliance that enable remote code execution, privilege escalation, and arbitrary file operations through multiple v...

CVE-2020-12850

The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF such as version 2.0.3 have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the...

Updated sudo packages fix security vulnerability

Updated sudo packages fix security vulnerabilities: It was found that sudo always allowed commands to be run with unknown user or group ids if the sudo configuration allowed it for example via the "ALL" alias. This could allow sudo to impersonate non-existent account and depending on how...

MGASA-2020-0246 Updated sudo packages fix security vulnerability

Updated sudo packages fix security vulnerabilities: It was found that sudo always allowed commands to be run with unknown user or group ids if the sudo configuration allowed it for example via the "ALL" alias. This could allow sudo to impersonate non-existent account and depending on how...

Impost3r - A Linux Password Thief

Impost3r is a tool that aim to steal many kinds of linux passwordsincluding ssh,su,sudo written by C. Attackers can use Impost3r to make a trap to steal the legal user's passwords XD This tool is limited to security research and teaching, and the user bears all legal and related responsibilities...

QuickBox Pro 2.1.8 CVE-2020-13448 - Remote Code Execution

CVE-2020-13448 QuickBox Pro versions 2.1.8 and below suffer from an authenticated remote code execution vulnerability. Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Date: 2020-05-26 Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details:...

QuickBox Pro 2.1.8 Remote Code Execution

Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Date: 2020-05-26 Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: An authenticated low-privileged user...

CVE-2020-13695

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/.db or /etc/shadow file...

CVE-2020-13695

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/.db or /etc/shadow file...

Default credentials

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/.db or /etc/shadow file...

CVE-2020-13695

CVE-2020-13695 affects QuickBox Community Edition up to 2.5.5 and QuickBox Pro up to 2.1.8. The local www-data user has passwordless sudo privileges to run grep as root, enabling an attacker to read sensitive files such as /root/*.db and /etc/shadow. This results in potential exposure of confiden...

CVE-2020-13695

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/.db or /etc/shadow file...

CVE-2020-13694

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option...

Design/Logic Flaw

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option...

CVE-2020-13694

Technical details for CVE-2020-13694 are not provided in the connected documents; the available sources lack affected product/version/impact specifics beyond the initial description. Monitor for updates.

CVE-2020-13694

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option...

QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: ...