Making Expect scripts for SSH Authentication and Privilege Elevation

Expect can help you to automate interactive console applications. For example, expect script can go to some Linux host via SSH with password authentication, make additional authentication procedures su, sudo to elevate privileges and execute some commands. Like Vulnerability and Compliance...

Design/Logic Flaw

All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password...

CVE-2017-10935

The CVE-2017-10935 vulnerability affects ZTE ZXR10 1800-2S with ZSRV2 firmware versions prior to V3.00.40. A remote authenticated attacker can bypass the original password authentication and change another user’s password, enabling account compromise. The risk is mitigated by upgrading to ZSRV2 V...

DEBIAN-CVE-2015-5314

The eappwdprocess function in eapserver/eapserverpwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with 1 an internal EAP server or 2 a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote...

Ubuntu 14.04 LTS / 16.04 LTS : libvirt vulnerabilities (USN-3576-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3576-1 advisory. Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set ...

Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)

global start start: ; sock = socketAFINET, SOCKSTREAM, 0 ; AFINET = 2 ; SOCKSTREAM = 1 ; syscall number 41 push 41 pop rax push 2 pop rdi push 1 pop rsi cdq syscall ; copy socket descriptor to rdi for future use xchg rdi,rax ; server.sinfamily = AFINET ; server.sinport = htonsPORT ;...

CVE-2016-10517

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol but commonly occur when an attack triggers an HTTP request to the Redis TCP port. Mitigation This issue can be mitigated by configuri...

Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)

Linux/x64 - Bind TCP 4444/TCP Shell /bin/sh + Password 1234567 Shellcode 136 bytes. Shellcode exploit for Linuxx86-64 platform global start start: ; sock = socketAFINET, SOCKSTREAM, 0 ; AFINET = 2 ; SOCKSTREAM = 1 ; syscall number 41 push 41 pop rax push 2 pop rdi push 1 pop rsi cdq syscall ; cop...

go-ldap ldap trust management vulnerability

go-ldap ldap is a GO language based LDAP server. A trust management vulnerability exists in go-ldap ldap version 2.5.0 and earlier. A remote attacker can exploit this vulnerability by logging into the server with the help of a null password...

SUSE-SU-2017:2356-1 Security update for postgresql96

This update for postgresql96 fixes the following issues: CVE-2017-7547: Further restrict visibility of pgusermappings.umoptions, to protect passwords stored as user mapping options. bsc1051685 CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. bsc1051684...

Security update for postgresql93 (important)

Postgresql93 was updated to 9.3.18 to fix the following issues: CVE-2017-7547: Further restrict visibility of pgusermappings.umoptions, to protect passwords stored as user mapping options. bsc1051685 CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. bsc1051684...

SUSE-SU-2017:2236-1 Security update for postgresql93

Postgresql93 was updated to 9.3.18 to fix the following issues: CVE-2017-7547: Further restrict visibility of pgusermappings.umoptions, to protect passwords stored as user mapping options. bsc1051685 CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. bsc1051684...

openssh: Denial of service via very long passwords

It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords...

ssh-run NSE Script

Runs remote command on ssh server and returns command output. Script Arguments ssh-run.username Username to authenticate as ssh-run.cmd Command to run on remote server ssh-run.password Password to use if using password authentication ssh-run.privatekey Privatekeyfile to use if using publickey...

Redis Server Unprotected by Password Authentication

The Redis server running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Weblate: Insecure Account Removal #2

Hi Team, This report is the pretty much same of my closed report here: 223355 , the difference is BUG2 when a user created an account BUT did not supply the password, therefor there is nothing to reauthenticate when deleting the account, it will successfully delete the account without supplying...

[SECURITY] Fedora 25 Update: curl-7.51.0-6.fc25

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

CVE-2016-9361

CVE-2016-9361 affects multiple Moxa NPort devices (e.g., NPort 5110, 5130/5150, 5200, 5400, 5600 series, and various NPort 5x50/NPort IA5450A lines) where administration passwords can be retried without authentication. The issue is triggered via the Moxa UDP protocol on port 4800; responses discl...

Cisco Identity Services Engine Active Directory Integration Component Denial of Service Vulnerability

The Cisco Identity Services Engine Active Directory Integration Component is an Active Directory integration component for the Cisco Identity Services Engine. The Cisco Identity Services Engine Active Directory Integration Component fails to properly process PAP authentication requests, allowing...

[SECURITY] Fedora 25 Update: curl-7.51.0-1.fc25

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...