Search criteria
5 vulnerabilities by secudos
CVE-2023-40361 (GCVE-0-2023-40361)
Vulnerability from cvelistv5 – Published: 2023-10-20 00:00 – Updated: 2024-09-12 17:52
VLAI
Summary
SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vianic/CVE-2023-40361/blob/main/advisory/advisory.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40361",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:52:29.342890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:52:56.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T05:50:20.171Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/vianic/CVE-2023-40361/blob/main/advisory/advisory.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40361",
"datePublished": "2023-10-20T00:00:00.000Z",
"dateReserved": "2023-08-14T00:00:00.000Z",
"dateUpdated": "2024-09-12T17:52:56.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14294 (GCVE-0-2020-14294)
Vulnerability from cvelistv5 – Published: 2020-10-02 08:15 – Updated: 2024-08-04 12:39
VLAI
Summary
An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.syss.de/fileadmin/dokumente/Publikati… | x_refsource_MISC |
| https://www.qiata.com | x_refsource_MISC |
| https://www.syss.de/pentest-blog/syss-2020-024-un… | x_refsource_MISC |
| https://github.com/patrickhener/CVE-2020-14294 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2020/Sep/50 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-024.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qiata.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/patrickhener/CVE-2020-14294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/50"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T08:15:34.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-024.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qiata.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/patrickhener/CVE-2020-14294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/50"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-024.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-024.txt"
},
{
"name": "https://www.qiata.com",
"refsource": "MISC",
"url": "https://www.qiata.com"
},
{
"name": "https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata",
"refsource": "MISC",
"url": "https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata"
},
{
"name": "https://github.com/patrickhener/CVE-2020-14294",
"refsource": "MISC",
"url": "https://github.com/patrickhener/CVE-2020-14294"
},
{
"name": "http://seclists.org/fulldisclosure/2020/Sep/50",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Sep/50"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14294",
"datePublished": "2020-10-02T08:15:34.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:39:36.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14293 (GCVE-0-2020-14293)
Vulnerability from cvelistv5 – Published: 2020-10-02 08:14 – Updated: 2024-08-04 12:39
VLAI
Summary
conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.syss.de/fileadmin/dokumente/Publikati… | x_refsource_MISC |
| https://www.secudos.de/en/news-en/domos-release-5-9 | x_refsource_MISC |
| https://www.syss.de/pentest-blog/syss-2020-024-un… | x_refsource_MISC |
| https://github.com/patrickhener/CVE-2020-14293 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2020/Sep/51 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-025.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.secudos.de/en/news-en/domos-release-5-9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/patrickhener/CVE-2020-14293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T08:14:49.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-025.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.secudos.de/en/news-en/domos-release-5-9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/patrickhener/CVE-2020-14293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/51"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-025.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-025.txt"
},
{
"name": "https://www.secudos.de/en/news-en/domos-release-5-9",
"refsource": "MISC",
"url": "https://www.secudos.de/en/news-en/domos-release-5-9"
},
{
"name": "https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata",
"refsource": "MISC",
"url": "https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata"
},
{
"name": "https://github.com/patrickhener/CVE-2020-14293",
"refsource": "MISC",
"url": "https://github.com/patrickhener/CVE-2020-14293"
},
{
"name": "http://seclists.org/fulldisclosure/2020/Sep/51",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Sep/51"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14293",
"datePublished": "2020-10-02T08:14:49.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:39:36.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18664 (GCVE-0-2019-18664)
Vulnerability from cvelistv5 – Published: 2019-11-02 14:28 – Updated: 2024-08-05 01:54
VLAI
Summary
The Log module in SECUDOS DOMOS before 5.6 allows XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.secudos.de/news-und-events/aktuelle-n… | x_refsource_MISC |
| https://atomic111.github.io/article/secudos-domos… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://atomic111.github.io/article/secudos-domos-reflected-xss"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Log module in SECUDOS DOMOS before 5.6 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T15:01:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://atomic111.github.io/article/secudos-domos-reflected-xss"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Log module in SECUDOS DOMOS before 5.6 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6",
"refsource": "MISC",
"url": "https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6"
},
{
"name": "https://atomic111.github.io/article/secudos-domos-reflected-xss",
"refsource": "MISC",
"url": "https://atomic111.github.io/article/secudos-domos-reflected-xss"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18664",
"datePublished": "2019-11-02T14:28:21.000Z",
"dateReserved": "2019-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:54:14.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18665 (GCVE-0-2019-18665)
Vulnerability from cvelistv5 – Published: 2019-11-02 14:28 – Updated: 2024-08-05 01:54
VLAI
Summary
The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.secudos.de/news-und-events/aktuelle-n… | x_refsource_MISC |
| https://atomic111.github.io/article/secudos-domos… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://atomic111.github.io/article/secudos-domos-directory_traversal"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T15:04:33.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://atomic111.github.io/article/secudos-domos-directory_traversal"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6",
"refsource": "MISC",
"url": "https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6"
},
{
"name": "https://atomic111.github.io/article/secudos-domos-directory_traversal",
"refsource": "MISC",
"url": "https://atomic111.github.io/article/secudos-domos-directory_traversal"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18665",
"datePublished": "2019-11-02T14:28:11.000Z",
"dateReserved": "2019-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:54:14.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}