100 matches found
Command injection
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...
CVE-2022-32974
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...
[R1] Nessus Agent Version 10.1.4 Fixes Multiple Vulnerabilities
R1 Nessus Agent Version 10.1.4 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 06/15/2022 - 12:36 Custom audit files bring tremendous power and flexibility when assessing the configuration of your assets. Two separate vulnerabilities that utilize this custom Audit functionality were identified,...
CVE-2022-29810
A flaw was found in go-getter, where the go-getter library can write SSH credentials into its log file. This flaw allows a local user with access to read log files to read sensitive credentials, which may lead to privilege escalation or account takeover...
Information Disclosure
github.com/hashicorp/go-getter is vulnerable to information disclosure. The vulnerability exists in the RedactURL function of url.go, allowing an attacker to read or write SSH credentials through the log file...
GHSA-27RQ-4943-QCWP Insertion of Sensitive Information into Log File in Hashicorp go-getter
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile...
Insertion of Sensitive Information into Log File in Hashicorp go-getter
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile...
Exposure of SSH credentials in Rancher/Fleet
Impact This vulnerability only affects customers using Fleet for continuous delivery with authenticated Git and/or Helm repositories. A security vulnerability CVE-2022-29810 was discovered in go-getter library in versions prior to v1.5.11 that exposes SSH private keys in base64 format due to a...
PT-2022-19843 · Hashicorp · Go-Getter
Name of the Vulnerable Software and Affected Versions: Hashicorp go-getter library versions prior to 1.5.11 Description: The issue concerns the Hashicorp go-getter library, where SSH credentials could be written into its logfile. This exposes sensitive credentials to local users who have the...
CVE-2022-0738
An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions...
CVE-2022-0738
An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions...
UBUNTU-CVE-2022-0738
An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions...
CVE-2022-0738
An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions...
Gitlab -- multiple vulnerabilities
Gitlab reports: Runner registration token disclosure through Quick Actions Unprivileged users can add other users to groups through an API endpoint Inaccurate display of Snippet contents can be potentially misleading to users Environment variables can be leaked via the sendmail delivery method...
Airangel Hsmx Gateway Credential Disclosure Vulnerability
Airangel Hsmx Gateway is a platform from Airangel UK. Used to manage authentication and billing in the network, a credential disclosure vulnerability exists in versions prior to Airangel Hsmx Gateway 5.2.04, which stems from the presence of weak SSH credentials in Airangel HSMX Gateway devices. A...
CVE-2021-40520
Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials...
CVE-2021-40520
Airangel HSMX Gateway devices up to version 5.2.04 are affected by a credential disclosure vulnerability due to weak SSH credentials. Exploitation could allow an attacker to obtain SSH credentials and take control of the device. Publicly provided details confirm affected product/version and impac...
Cisco 7937G - DoS/Privilege Escalation Exploit
Exploit Title: Cisco 7937G 1-4-5-7 - DoS/Privilege Escalation Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: =SIP-1-4-5-7 Tested On: SIP-1-4-5-5, SIP-1-4-5-7 !/usr/bin/python import sys import getopt import requests import paramiko import socket import os def mainargv:...
Cisco 7937G All-In-One Exploiter Exploit
This exploit is an all-in-one tool that leverages vulnerabilities described in CVE-2020-16139, CVE-2020-16138, and CVE-2020-16137 against Cisco 7937G devices versions SIP-1-4-5-7 and below. Exploit Title: Cisco 7937G All-In-One Exploiter Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepag...
GoDaddy Hack Breaches Hosting Account Credentials
UPDATE GoDaddy, the world’s largest domain name registrar, is warning customers that attackers may have obtained their web hosting account credentials. An “unauthorized individual” was able to access users’ login details in an intrusion that the company said took place back in October — the compa...