Lucene search
K

97 matches found

Rapid7 Blog
Rapid7 Blog
added 2023/05/19 6:44 p.m.50 views

Metasploit Weekly Wrap-Up

Fetch Based Payloads: Making the Path from Command Injection to Metasploit Session Shorter This week we’re releasing Metasploit fetch payloads. Fetch payloads are command-based payloads that leverage network-enabled applications on remote hosts and different protocol servers to serve, download, a...

5.8CVSS8.6AI score0.84697EPSS
Exploits6
OpenVAS
OpenVAS
added 2022/11/11 12:0 a.m.27 views

Tenable Nessus < 10.3.2 Multiple Vulnerabilities (TNS-2022-23)

Tenable Nessus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"; ifdescripti...

7.5CVSS8.2AI score0.92488EPSS
Exploits3References1
Kitploit
Kitploit
added 2022/06/10 12:30 p.m.52 views

PacketStreamer - Distributed Tcpdump For Cloud Native Environments

Deepfence PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence's ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis. Primary design goals: Stay light, capture and stream, n...

7.4AI score
Exploits0References10
Microsoft CVE
Microsoft CVE
added 2022/01/19 8:0 a.m.4 views

Rootless containers run with Podman receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.

...

5.9CVSS7.5AI score0.01105EPSS
Exploits1
CNNVD
CNNVD
added 2021/11/24 12:0 a.m.8 views

Bitdefender Endpoint Security Tool 代码问题漏洞

Bitdefender Endpoint Security Tool is an endpoint security management tool from the Romanian company Bitdefender. A security vulnerability exists in Bitdefender Endpoint Security Tools, which stems from the lack of a valid check for server-side request forgery in the EPPUpdateService component of...

7.5CVSS7.4AI score0.0128EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/09/06 12:0 a.m.19 views

Debian DLA-2755-1 : btrbk - LTS security update

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2755 advisory. An issue has been found in btrbk, a backup tool for btrfs subvolumes. Due to mishandling of remote hosts filtering SSH commands using sshfilterbtrbk.sh in authorizedkeys an...

9.8CVSS8.9AI score0.03155EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2021/08/07 7:15 p.m.28 views

CVE-2021-38173

Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using sshfilterbtrbk.sh in authorizedkeys...

9.8CVSS7.4AI score0.03155EPSS
Exploits0References3
Prion
Prion
added 2021/08/07 7:15 p.m.22 views

Command injection

Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using sshfilterbtrbk.sh in authorizedkeys...

7.5CVSS9.6AI score0.03155EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/18 9:7 p.m.96 views

Podman Origin Validation Error

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 including from remote hosts. This impacts containerized applications that trust localhost 127.0.01 connections by default and do not require authentication. This issue affects Podman versions from 1.8.0...

5.9CVSS6.1AI score0.01105EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2021/02/02 7:15 p.m.3 views

DEBIAN-CVE-2021-20199

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 including from remote hosts. This impacts containerized applications that trust localhost 127.0.01 connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards...

5.9CVSS7.1AI score0.01105EPSS
Exploits1References1
Prion
Prion
added 2021/02/02 7:15 p.m.26 views

Authentication flaw

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 including from remote hosts. This impacts containerized applications that trust localhost 127.0.01 connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards...

4.3CVSS5.8AI score0.01105EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/10/02 12:0 a.m.30 views

RHEL 7 : Red Hat Virtualization (RHSA-2020:4114)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4114 advisory. ovirt-ansible-repositories is an Ansible role used to set up the repositories required for oVirt engine or host installation. The openvswitc...

6.7CVSS7.4AI score0.00378EPSS
Exploits0References11
OpenVAS
OpenVAS
added 2020/05/07 12:0 a.m.8 views

Linux: SSH GatewayPorts

GatewayPorts: Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd binds remote port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be used to specify that sshd should...

7.4AI score
Exploits0References1
CNVD
CNVD
added 2020/03/17 12:0 a.m.4 views

Nagios NRPE Insufficient Filtering Vulnerability

Nagios NRPE is an extension of Nagios to execute plug-in programs on remote Linux/Unix hosts. An insufficient filtering vulnerability exists in Nagios NRPE 3.2.1. The vulnerability stems from nastymetachars interpreting n as a character and the character n instead of the n newline sequence. An...

7.3CVSS7.8AI score0.01612EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2019/12/22 12:0 a.m.107 views

FreeSWITCH 1.10.1 Command Execution

Exploit Title: FreeSWITCH 1.10.1 - Command Execution Date: 2019-12-19 Exploit Author: 1F98D Vendor Homepage: https://freeswitch.com/ Software Link: https://files.freeswitch.org/windows/installer/x64/FreeSWITCH-1.10.1-Release-x64.msi Version: 1.10.1 Tested on: Windows 10 x64 FreeSWITCH listens on...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/12/20 12:0 a.m.42 views

FreeSWITCH 1.10.1 - Command Execution

FreeSWITCH 1.10.1 - Command Execution Exploit Title: FreeSWITCH 1.10.1 - Command Execution Date: 2019-12-19 Exploit Author: 1F98D Vendor Homepage: https://freeswitch.com/ Software Link: https://files.freeswitch.org/windows/installer/x64/FreeSWITCH-1.10.1-Release-x64.msi Version: 1.10.1 Tested on:...

7.6AI score
Exploits0
Kitploit
Kitploit
added 2019/10/27 12:30 p.m.156 views

AutoSploit v4.0 - Automated Mass Exploiter

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been select...

7.9AI score
Exploits0References13
Kitploit
Kitploit
added 2018/08/06 4:48 p.m.25 views

AutoSploit v2.2 - Automated Mass Exploiter

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been select...

7.9AI score
Exploits0References16
RedHat Linux
RedHat Linux
added 2017/03/14 3:41 p.m.6 views

Ansible: Compromised remote hosts can lead to running commands on the Ansible controller

An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server...

9.3CVSS7.7AI score0.1765EPSS
Exploits5References4
NVD
NVD
added 2017/02/13 6:59 p.m.24 views

CVE-2016-2787

The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors...

5.3CVSS5.3AI score0.00596EPSS
Exploits0References1
Rows per page
Query Builder