21 matches found
homelab-security
Cybersecurity Home Lab A personal home lab built for hands-on...
Terraform / OpenTofu Provider for Proxmox VE 安全漏洞
Terraform/OpenTofu Provider for Proxmox VE is a software developed by Pavel Boldyrev. Versions of Terraform/OpenTofu Provider for Proxmox VE prior to 0.93.1 contained security vulnerabilities. These vulnerabilities stemmed from insecure sudoer lines in the SSH configuration files, which could lea...
EUVD-2014-4087
Malware in sbrugna...
EUVD-2025-27408
Malicious code in bioql PyPI...
Fixing Restore Failures Due to QEMU Machine Version
Challenge When attempting to restore a VM with a QEMU version lower than 10 and disks in QCOW2 format to a Proxmox VE v9 node, the following error occurs: 16.09.2025 10:25:28 Error Linux-8.0 : Failed to reach the hypervisor. Error output: storage for 'local-LVM:vm-42-disk-1.qcow2' is configured...
CVE-2025-57539
A stored cross-site scripting XSS vulnerability in the U2F Origin field of the Datacenter configuration in Proxmox Virtual Environment PVE 8.4 allows authenticated users to store malicious input. The payload is rendered unsafely in the Web UI and executed when viewed by other users, potentially...
CVE-2025-57540
A stored cross-site scripting XSS vulnerability exists in the WebAuthn Relying Party field within the Datacenter configuration of Proxmox Virtual Environment PVE 8.4. Authenticated users can inject JavaScript code that is later executed in the browsers of users who view the configuration page,...
CVE-2025-57539
A stored cross-site scripting XSS vulnerability in the U2F Origin field of the Datacenter configuration in Proxmox Virtual Environment PVE 8.4 allows authenticated users to store malicious input. The payload is rendered unsafely in the Web UI and executed when viewed by other users, potentially...
PT-2025-36794
Name of the Vulnerable Software and Affected Versions: Proxmox Virtual Environment version 8.4 Description: A stored cross-site scripting XSS issue exists in the WebAuthn Relying Party field within the Datacenter configuration. Authenticated users can inject JavaScript code that is later executed...
CVE-2014-4156
Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability...
Build Numbers and Versions of Veeam Plug-in for Proxmox VE
This KB article lists all versions of the Veeam Plug-in for Proxmox VE and their respective worker build numbers. Version | Plug-in Build | Worker Build | Release Date ---|---|---|--- Veeam Plug-in for Proxmox VE 3 Releases Veeam Plug-in for Proxmox VE 3.2 included with Veeam Backup & Replication...
"Failed to convert [Not Settable] to UUID."
Challenge Veeam Backup & Replication task interacting with Proxmox VE host fails with: Failed to convert Not Settable to UUID Cause This occurs when the Proxmox VE host has an empty bios UUID, or the reported bios UUID value is unparsable. Solution 1. Remove workers if any from the Veeam Backup &...
Proxmox VE 7.4-1 TOTP Brute Force
Exploit Title: Proxmox VE TOTP Brute Force Date: 09/23/2023 Exploit Author: Cory Cline, Gabe Rust Vendor Homepage: https://www.proxmox.com/en/ Software Link: http://download.proxmox.com/iso/ Version: 5.4 - 7.4-1 Tested on: Debian CVE : CVE-2023-43320 import time import requests import urllib.pars...
Proxmox VE - TOTP Brute Force Exploit
Exploit Title: Proxmox VE TOTP Brute Force Exploit Author: Cory Cline, Gabe Rust Vendor Homepage: https://www.proxmox.com/en/ Software Link: http://download.proxmox.com/iso/ Version: 5.4 - 7.4-1 Tested on: Debian CVE : CVE-2023-43320 import time import requests import urllib.parse import json...
Proxmox VE - TOTP Brute Force
Exploit Title: Proxmox VE TOTP Brute Force Date: 09/23/2023 Exploit Author: Cory Cline, Gabe Rust Vendor Homepage: https://www.proxmox.com/en/ Software Link: http://download.proxmox.com/iso/ Version: 5.4 - 7.4-1 Tested on: Debian CVE : CVE-2023-43320 import time import requests import urllib.pars...
CVE-2014-4156
Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability...
Design/Logic Flaw
Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability...
CVE-2014-4156
Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability...
CVE-2014-4156
Proxmox VE prior to 3.2 has a User Enumeration vulnerability in AccessControl.pm . The issue is described across sources (NVD, RH, CVE registries) as a vulnerability affecting Proxmox VE before version 3.2, named “AccessControl.pm User Enumeration Vulnerability.” Public references note a moderate...
Proxmox VE 3 / 4 XSS / Privilege Escalation / Code Execution
===================================================================== Proxmox VE 3/4 Insecure Hostname Checking Remote Root Exploit, XSS, Privileges escalation ===================================================================== Description =========== Proxmox is a popular virtualization solutio...