28 matches found
CVE-2020-5148
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewal...
SUSE CVE-2020-25592
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...
SUSE-SU-2022:2144-1 Security update for SUSE Manager Server 4.2
This update fixes the following issues: inter-server-sync: - version 0.2.2 Parameter --channel-with-children didn't export data bsc1199089 Clean rhnchannelcloned table to rebuild hierarchy bsc1197400 - Version 0.2.1 Correct sequence in use for table rhnpackagekeybsc1197400 Make Docker image expor...
GHSA-QR38-H96J-2J3W SaltStack Salt Command Injection in netapi ssh client
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...
SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
In SaltStack the salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...
Authentication Bypass
salt is vulnerable to authentication bypass. The salt-netapi improperly validates eauth credentials and tokens, allowing an attacker to bypass authentication and invoke Salt SSH...
CVE-2020-5148
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewal...
CVE-2020-5148
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewal...
Default configuration
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewal...
CVE-2020-5148
SonicWall SSO-agent vulnerability CVE-2020-5148 occurs when NetAPI is used as the client probing method. NetAPI probing can allow an attacker to capture the privileged user’s password hash via NetWkstaUserEnum and may force the SSO-Agent to authenticate, potentially bypassing firewall access cont...
CVE-2020-5148
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewal...
SonicWall SSO-Agent NetAPI Vulnerability allows an attacker to force SSO Agent authentication, potentially leading to firewall access control bypass
SonicWall SSO-agent default configuration uses Microsoft NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypa...
FreeBSD : salt -- multiple vulnerabilities (50259d8b-243e-11eb-8bae-b42e99975750)
SaltStack reports multiple security vulnerabilities in Salt 3002 : - CVE-2020-16846: Prevent shell injections in netapi ssh client. - CVE-2020-17490: Prevent creating world readable private keys with the tls execution module. - CVE-2020-25592: Properly validate eauth credentials and tokens along...
CVE-2020-25592
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...
CVE-2020-8028 salt-api is accessible to every user on SUSE Manager Server
A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system...
FreeBSD : salt -- salt-api vulnerability (8c98e643-6008-11ea-af63-38d547003487)
SaltStack reports : With the Salt NetAPI enabled in addition to having a SSH roster defined, unauthenticated access is possible when specifying the client as SSH. Additionally, when the rawshell option is specified any arbitrary command may be run on the Salt master when specifying SSH options. C...
[ASA-202001-7] salt: arbitrary command execution
Arch Linux Security Advisory ASA-202001-7 ========================================= Severity: Medium Date : 2020-01-29 CVE-ID : CVE-2019-17361 Package : salt Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-1087 Summary ======= The package salt before...
Remote Code Execution
salt is vulnerable to remote code execution. A remote attacker is able to obtain unauthenticated access to the application when the NetAPI is enabled with an SSH roster defined. Subsequently, the rawshell parameter used when calling the Salt SSH client via API allows a remote attacker to execute...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Tintin Tintin\+\+
PoC exploit for CVE-2008-0671. The target product/service is Windows SMB Server Message Block service. The vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the NetAPI function in the Windows SMB service. Notable dependencies/tooling include Impacket and PyCrypt...
metasploit-framework
This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is used to exploit a vulnerability in the Windows SMB service, specifically the MS08-067 NetAPI vulnerability. The module is designed to run on the Metasploit Framework and can be used to test the...