EUVD-2018-13379

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-20839

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or usi...

HP Intelligent Management SOM FileDownloadServlet Arbitrary Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Intelligent Management SOM FileDownloadServlet Arbitrary Download', 'Description' = %q This module exploits a lack of authentication and acces...

Dell Peripheral Manager < 1.7.6 Multiple Vulnerabilities (DSA-2024-242)

The version of the Dell Peripheral Manager running on the remote host is prior to 1.7.6. It is, therefore, affected by multiple vulnerabilities according to advisory DSA-2024-242. - Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2023-242-01)

The version of mozilla-firefox installed on the remote host is prior to 115.2.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-242-01 advisory. - A website could have obscured the full screen notification by using the file open dialog. This could have led...

Amazon Linux 2022 : maven-shared-utils (ALAS2022-2022-242)

The version of maven-shared-utils installed on the remote host is prior to 3.3.4-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-242 advisory. - In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings...

AzeoTech DAQFactory

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: AzeoTech Equipment: DAQFactory Vulnerabilities: Use of Inherently Dangerous Function, Deserialization of Untrusted Data, Cleartext Transmission of Sensitive Information, Modification of Assumed-Immutable Data MAID 2. RISK...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2020-1037)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.5.0 : xorg-x11-server (EulerOS-SA-2020-1062)

According to the versions of the xorg-x11-server packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An incorrect permission check for -modulepath and -logfile options when starting Xorg X server allows...

EulerOS 2.0 SP8 : xorg-x11-server (EulerOS-SA-2020-1037)

According to the version of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as...

Code injection

cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls SEC-242...

CVE-2018-20839

systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE aka current keyboard mode check is mishandled...

CVE-2018-20839

systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE aka current keyboard mode check is mishandled...

CVE-2018-20839

systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE aka current keyboard mode check is mishandled...

CVE-2018-20839

The CVE-2018-20839 entry concerns systemd 242, where a mishandled KDGKBMODE (current keyboard mode) check causes VT1 mode changes on logout. This can allow an attacker with physical access (watching shutdown or switching TTYs via Ctrl-Alt-F1/F2) to read cleartext passwords in certain scenarios. T...

Systemd Trust Management Issues Vulnerabilities

systemd is a Linux-based system and service manager from the German software developers Lennart Poettering. The product is compatible with SysV and LSB startup scripts and provides a framework for representing dependencies between system services. A trust management issue vulnerability exists in...

PT-2019-10270 · Systemd +1 · Systemd +1

Name of the Vulnerable Software and Affected Versions: systemd version 242 Description: The issue allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE aka current keyboard mode...

Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure

Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure Vendor: Electronics for Imaging, Inc. Product web page: http://www.efi.com Affected version: EFI Fiery Controller SW2.0 Xerox DocuColor 260, 250, 242 Summary: Drive production profitability with Fiery servers and workflow...

Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure

Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure Vendor: Electronics for Imaging, Inc. Product web page: http://www.efi.com Affected version: EFI Fiery Controller SW2.0 Xerox DocuColor 260, 250, 242 Summary: Drive production profitability with Fiery servers and workflow...

Fortinet FortiOS <= 5.4 / 5.6.x < 5.6.8 / 6.0.x < 6.0.5 SSL VPN Web Portal login redir XSS (FG-IR-17-242)

The version of Fortinet FortiOS running on the remote host is prior or equal to 5.4, 5.6.x prior to 5.6.8, or 6.0.x prior to 6.0.5. It is, therefore, affected by a cross-site scripting XSS vulnerability in the SSL VPN web portal due to a failure to sanitize the login redir parameter. An...