Secudos: Security Vulnerabilities
SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-10-20
conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface).
CVSS Score
7.5
EPSS Score
0.317
Published
2020-10-02
An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board.
CVSS Score
6.1
EPSS Score
0.006
Published
2020-10-02
The Log module in SECUDOS DOMOS before 5.6 allows XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-11-02
The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion.
CVSS Score
7.5
EPSS Score
0.572
Published
2019-11-02