209 matches found
CVE-2018-19518
University of Washington IMAP Toolkit 2007f on UNIX, as used in imapopen in PHP and other products, launches an rsh command by means of the imaprimap function in c-client/imap4r1.c and the tcpaopen function in osdep/unix/tcpunix.c without preventing argument injection, which might allow remote...
php imap_open Remote Code Execution
The imapopen function within php, if called without the /norsh flag, will attempt to preauthenticate an IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's ProxyCommand option can be passed from imapopen to execute arbitrary commands. While many custom...
Git < 2.7.5 - Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Git HTTP Server For CVE-2017-1000117', 'Description' = %q This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and...
CVE-2017-12836
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...
PT-2021-5495 · Saltstack +3 · Saltstack Salt +3
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: The issue is related to errors in processing input data in the ssh client of the salt-api in SaltStack Salt. This can allow a remote attacker to execute arbitrary commands with elevated...
Security update for dropbear (critical)
This update for dropbear fixes four security issues bnc990363: - A format string injection vulnerability allowed remotes attacker to run arbitrary code as root if specific usernames including "%" symbols could be created on the target system. If a dbclient user can control usernames or host...
openSUSE Security Update : dropbear (openSUSE-2016-912)
This update for dropbear fixes four security issues bnc990363 : - A format string injection vulnerability allowed remotes attacker to run arbitrary code as root if specific usernames including '%' symbols could be created on the target system. If a dbclient user can control usernames or host...
Mageia: Security Advisory (MGASA-2016-0022)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2016-0022 Updated openssh packages fix security vulnerabilities
An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory possibly including private SSH keys of a successfully authenticated OpenSSH client CVE-2016-0777. A buffer overflow flaw...