77 matches found
Lexmark Printers Improper Restriction of Excessive Authentication Attempts (CVE-2023-22960)
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503878;...
TencentOS Server 3: nodejs (TSSA-2022:0014)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0014 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CVE-2023-22960
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency...
CVE-2022-22960
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'...
Alibaba Cloud Linux 3 : 0014: nodejs:14 (ALINUX3-SA-2022:0014)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0014 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-28469: This affects the package...
CVE-2025-22960
A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files /logs/debug/xteLog, potentially revealing sensitive session-related information such as session IDs sessid and...
Amazon Linux 2022 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2022-2022-013)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-013 advisory. An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations a...
CVE-2024-7237
AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in ord...
CVE-2024-7237 AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in ord...
CVE-2024-7237 AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in ord...
CentOS 9 : nodejs-16.16.0-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the nodejs-16.16.0-1.el9 build changelog. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs...
Rocky Linux 8 : nodejs:14 (RLSA-2022:0350)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0350 advisory. - This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...
Rocky Linux 8 : nodejs:16 (RLSA-2021:5171)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5171 advisory. - This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...
BELL-CVE-2021-22960 CVE-2021-22960 does not affect BellSoft software
Bulletin has no description...
Metasploit Weekly Wrap-Up
VMware Workspace ONE Access exploit chain A new module contributed by jheysel-r7 exploits two vulnerabilities in VMware Workspace ONE Access to attain Remote Code Execution as the horizon user. First being CVE-2022-22956, which is an authentication bypass and the second being a JDBC injection in...
VMware Workspace ONE Access CVE-2022-22960
This module exploits CVE-2022-22960 which allows the user to overwrite the permissions of the certproxyService.sh script so that it can be modified by the horizon user. This allows a local attacker with the uid 1001 to escalate their privileges to root access. Module Options msf use...
VMware Workspace ONE Access Privilege Escalation Exploit
This Metasploit module exploits CVE-2022-22960 which allows the user to overwrite the permissions of the certproxyService.sh script so that it can be modified by the horizon user. This allows a local attacker with the uid 1001 to escalate their privileges to root access. This module requires...
VMware Workspace ONE Access Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access CVE-2022-22960', 'Description' = %q This module exploits CVE-2022-22960 which allows the user to overwrite the...
CVE-2023-22960
creationtimestamp| type| source ---|---|--- 2023-01-24 00:25:16+00:00| seen| https://t.me/cibsecurity/56877 2023-01-24 15:02:07+00:00| published-proof-of-concept| https://t.me/proxybar/1326 2023-01-25 07:46:03+00:00| published-proof-of-concept| https://t.me/crackcodes/2421 2023-01-25...
CVE-2023-22960
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency...