Lucene search
K

54 matches found

seebug.org
seebug.org
added 2016/03/16 12:0 a.m.1025 views

OpenSSH <=7.2p1 xauth injection

来源链接: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 VuNote Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 Version: 0.2 Date: Mar 3rd, 2016 Tag: openssh xauth command injection may lead to forced-command and /bin/false bypass Overview Name: openssh...

5.5CVSS8.1AI score0.37016EPSS
Exploits13
Packet Storm
Packet Storm
added 2016/03/15 12:0 a.m.1772 views

Dropbear SSHD xauth Command Injection / Bypass

Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116 Version: 0.2 Date: Mar 3rd, 2016 Tag: dropbearsshd xauth command injection may lead to forced-command bypass Overview -------- Name: dropbear Vendor: Matt Johnston References: https://matt.ucc.asn.au/dropbear/dropbear.ht...

5.5CVSS0.7AI score0.37016EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2016/03/15 12:0 a.m.116 views

FreeBSD : dropbear -- authorized_keys command= bypass (8eb78cdc-e9ec-11e5-85be-14dae9d210b8)

Matt Johnson reports : Validate X11 forwarding input. Could allow bypass of authorizedkeys command= restrictions %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques...

6.4CVSS6.3AI score0.19302EPSS
Exploits4References3
0day.today
0day.today
added 2016/03/03 12:0 a.m.399 views

DropBearSSHD 2015.71 - Command Injection

Exploit for linux platform in category remote exploits VuNote ============ Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116 Version: 0.2 Date: Mar 3rd, 2016 Tag: dropbearsshd xauth command injection may lead to forced-command bypass Overview -------- Name: dropbear...

5.5CVSS6.7AI score0.37016EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2015/03/26 12:0 a.m.40 views

Debian DLA-97-1 : eglibc security update

CVE-2012-6656 Fix validation check when converting from ibm930 to utf. When converting IBM930 code with iconv, if IBM930 code which includes invalid multibyte character '0xffff' is specified, then iconv segfaults. CVE-2014-6040 Crashes on invalid input in IBM gconv modules BZ 17325 These changes...

5CVSS8.3AI score0.06564EPSS
Exploits2References5
OSV
OSV
added 2014/11/26 5:29 p.m.11 views

MGASA-2014-0496 Updated glibc packages fix CVE-2014-7817

The function wordexp fails to properly handle the WRDENOCMD flag when processing arithmetic inputs in the form of "$... " where "..." can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDENOCMD forbade command substitution. This allows an attack...

4.6CVSS7.5AI score0.00578EPSS
Exploits0References3
OSV
OSV
added 2014/07/29 12:0 a.m.10 views

UBUNTU-CVE-2014-0475

Multiple directory traversal vulnerabilities in GNU C Library aka glibc or libc6 before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. dot dot in a 1 LC, 2 LANG, or other locale environment variable...

6.8CVSS7.3AI score0.02694EPSS
Exploits0References3
Gentoo Linux
Gentoo Linux
added 2013/11/28 12:0 a.m.20 views

rssh: Access restriction bypass

Background rssh is a restricted shell, allowing only a few commands like scp or sftp. It is often used as a complement to OpenSSH to provide limited access to users. Description Multiple command line parsing and validation vulnerabilities have been discovered in rssh. Please review the CVE...

4.4CVSS6.9AI score0.00388EPSS
Exploits1
CVE
CVE
added 2012/05/18 6:0 p.m.108 views

CVE-2012-2337

CVE-2012-2337 concerns sudo and affects multiple releases where netmask-based IPv4 configurations bypass restricted commands. Documented in various advisories: sudo versions 1.6.x and 1.7.x prior to 1.7.9p1, and 1.8.x prior to 1.8.4p5 are vulnerable when netmask syntax is used. Impact is local: a...

7.2CVSS7.3AI score0.00399EPSS
Exploits0References11Affected Software1
Tenable Nessus
Tenable Nessus
added 2009/10/06 12:0 a.m.36 views

Apache < 2.2.14 Multiple Vulnerabilities

Binary data 5196.prm...

7.5CVSS7.9AI score0.14173EPSS
Exploits4References4
Exploit DB
Exploit DB
added 2004/08/08 12:0 a.m.57 views

PHP 4.3.7 - &#039;php-exec-dir&#039; Patch Command Access Restriction Bypass

milw0rm.com 2004-08-08...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2003/01/30 7:28 p.m.40 views

Low: Red Hat Security Advisory: sendmail security update

The sendmail packages shipped with Red Hat Linux Advanced Server have a security bug if sendmail is configured to use smrsh. This security errata release fixes the problem. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1 SMRSH the SendMail Restricted SHell is a /bin/sh...

4.6CVSS6AI score0.01099EPSS
Exploits2References3
NVD
NVD
added 2002/12/31 5:0 a.m.12 views

CVE-2002-1978

IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command...

7.5CVSS6.9AI score0.02007EPSS
Exploits0References5
OSV
OSV
added 2002/10/11 4:0 a.m.4 views

DEBIAN-CVE-2002-1165

Sendmail Consortium's Restricted Shell SMRSH in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after 1 "||" sequences or 2 "/" characters, which are not properly...

4.6CVSS7.2AI score0.01099EPSS
Exploits2References1
Rows per page
Query Builder