192 matches found
Chaosblade 安全漏洞
Chaosblade is an open source experimental injection tool from ChaosBlade Open Source. A security vulnerability exists in Chaosblade versions 0.3 through 1.7.3, which stems from allowing the execution of operating system commands via the cmd parameter without authentication when using server mode...
CVE-2023-47105
Chaosblade (github.com/chaosblade-io/chaosblade) versions 0.3–1.7.3 are vulnerable when running in server mode: unauthenticated command execution is possible via the cmd parameter in exec.CommandContext. The flaw allows remote command execution against the Chaosblade HTTP service with server mode...
CVE-2023-47105
exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...
PT-2024-13406 · Unknown · Chaosblade
Name of the Vulnerable Software and Affected Versions: Chaosblade versions 0.3 through 1.7.3 Description: The issue allows OS command execution via the cmd parameter without authentication when server mode is used. This is related to the exec.CommandContext in Chaosblade. Recommendations: For...
CVE-2023-47105
exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...
OESA-2024-1840 openvpn security update
OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...
F5 Networks BIG-IP : NTP vulnerability (K44305703)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.3. It is, therefore, affected by a vulnerability as referenced in the K44305703 advisory. The ntpd daemon in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated...
Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products
Wibu-Systems disclosed a security vulnerability in the CodeMeter Runtime. There is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to Wibu-Systems. To exploit the heap overflow, additional protection mechanisms need to be...
CVE-2023-40313 Disable BeanShell Interpreter Remote Server Mode
A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...
CVE-2023-40313 Disable BeanShell Interpreter Remote Server Mode
A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...
CVE-2023-40313 Disable BeanShell Interpreter Remote Server Mode
A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...
PT-2023-27376 · Opennms · Opennms Meridian +1
Name of the Vulnerable Software and Affected Versions: OpenNMS Horizon versions prior to 32.0.2 OpenNMS Meridian versions prior to 2023.1.6 OpenNMS Meridian versions prior to 2022.1.19 OpenNMS Meridian versions prior to 2021.1.30 OpenNMS Meridian versions prior to 2020.1.38 Description: A BeanShe...
Velociraptor 0.6.9 Release: Digging Even Deeper with SMB Support, Azure Storage and Lockdown Server Mode
Carlos Canto contributed to this article. Rapid7 is very excited to announce version 0.6.9 of Velociraptor is now LIVE and available for download. Much of what went into this release was about expanding capabilities and improving workflows. We’ll now explore some of the interesting new features i...
The vulnerability of the Server mode setting in the pgAdmin 4 database management tool allows a hacker to alter the settings of another user or the database itself.
The vulnerability of the Server mode of the pgAdmin 4 database management tool is related to shortcomings in the name restriction of the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to alter the settings of another user or the database...
SUSE CVE-2003-0962
Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail...
SUSE CVE-2006-6899
hidd in BlueZ bluez-utils before 2.25 allows remote attackers to obtain control of the 1 Mouse and 2 Keyboard Human Interface Device HID via a certain configuration of two HID PSM endpoints, operating as a server, aka HidAttack...
SUSE CVE-2020-11868
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp...
[SECURITY] Fedora 36 Update: glances-3.3.0.1-2.fc36
Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface It can also work in client/server mode. Remote monitoring could be don...
Design/Logic Flaw
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...
CVE-2022-31183 mTLS client verification is skipped in fs2 on Node.js
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...