887 matches found
Fedora: Security Advisory for et (FEDORA-2024-bd9e67c117)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-31486
A vulnerability has been identified in OPUPI0 AMQP/MQTT All versions V5.30. The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss...
PT-2024-3750 · Unknown · Opupi0 Amqp/Mqtt
Name of the Vulnerable Software and Affected Versions: OPUPI0 AMQP/MQTT versions prior to V5.30 Description: A vulnerability has been identified that allows an attacker with remote shell access or physical access to retrieve credentials due to insufficient protection of stored MQTT client...
ROS-20240503-18
A vulnerability in the Apache Maven framework is related to the generation of double-quoted strings without proper escaping. Exploitation of the vulnerability could allow an attacker acting remotely to conduct a shell-based attack. shell attacks A vulnerability in the Apache Maven framework is...
[SECURITY] Fedora 40 Update: et-6.2.8-1.fc40
Eternal Terminal ET is a remote shell that automatically reconnects without interrupting the session...
[SECURITY] Fedora 38 Update: et-6.2.8-1.fc38
Eternal Terminal ET is a remote shell that automatically reconnects without interrupting the session...
[SECURITY] Fedora 39 Update: et-6.2.8-1.fc39
Eternal Terminal ET is a remote shell that automatically reconnects without interrupting the session...
Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack
Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 CVSS score: 10.0, could be weaponized to obtain unauthenticated remote shell command execution o...
Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack
Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the vulnerability, tracked as CVE-2024-3400 CVSS score: 10.0, as "intricate" and a combination of two bugs in...
BMC Software Compuware iStrobe Web 安全漏洞
BMC Software Compuware iStrobe Web is a product from BMC Software designed for use on workstations in conjunction with the Strobe MVS Application Performance Measurement System. A security vulnerability exists in BMC Software Compuware iStrobe Web version 20.13 that stems from a remote shell uplo...
Easywall 0.3.1 - Authenticated Remote Command Execution
Exploit Title: Easywall 0.3.1 - Authenticated Remote Command Execution Date: 30-11-2023 Exploit Author: Melvin Mejia Vendor Homepage: https://jpylypiw.github.io/easywall/ Software Link: https://github.com/jpylypiw/easywall Version: 0.3.1 Tested on: Ubuntu 22.04 import requests, json, urllib3...
PT-2024-1666 · Tp Link · Tp-Link Er7206 Omada Gigabit Vpn Router
Name of the Vulnerable Software and Affected Versions: Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591 Description: A post-authentication command injection vulnerability exists in the PPTP client functionality. A specially crafted HTTP request can lead to arbitrary...
BlueNoroff Unleashes New macOS Malware ObjCShellz
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new macOS malware variant linked to the financially motivated BlueNoroff APT group, named "ObjCShellz,“ featuring remote shell capabilities and suspicious domain communication. The malware, written in...
InterPhoto 2.3.0 Shell Upload
==================================================================================================================================== | Title : InterPhoto 2.3.0 Persians Remote Shell Upload vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Cisco Expressway Series / Cisco TelePresence VCS < 14.3.1 Command Injection (cisco-sa-expressway-injection-X475EbTQ)
The Cisco Expressway Series or Cisco TelePresence Video Communication Server VCS running on the remote host is prior to 14.3.1. It is, therefore, affected by a command injection vulnerability as described in the cisco-sa-expressway-injection-X475EbTQ advisory. This vulnerability is due to...
GNU Inetutils Elevation of Privilege Vulnerability
GNU Inetutils is a collection of network tools from the GNU Project that contains common network management programs such as traceroute, hostname, ifconfig, and others. The toolset is mainly used for functions such as network diagnostics, configuration and system information query. An elevation o...
CVE-2023-40303
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...
UBUNTU-CVE-2023-40303
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...
Moxa AWK-3131A Series Industrial AP/Bridge/Client Improper Access Control (CVE-2019-5162)
An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...
Exploit for Code Injection in Apache Airflow
Apache Airflow official report description says: A vulnerab...