CVE-2023-44187

An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system. Th...

Exploit for CVE-2023-38646

CVE-2023-38646-exploit "This vulnerability, designated as CVE-...

Duplicate Advisory: EVE's Debug Functions Unlockable Without Triggering Measured Boot

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4c4v-42hc-72p6. This link is maintained to preserve external references. Original Description On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the...

CVE-2023-43631

On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could...

CVE-2023-40717

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...

CVE-2023-40717

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...

Hardcoded credentials

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...

FortiTester Trust Management Issues Vulnerabilities

FortiTester is a Fortinet professional-based network traffic testing tool from FortiTester, Inc. A security vulnerability exists in FortiTester versions 2.3.0 through 7.2.3, which stems from the presence of a hard-coded credentials vulnerability that could allow an attacker who successfully obtai...

CVE-2023-37249

Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access...

CVE-2023-37249

Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access...

CVE-2023-37249

Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access...

Design/Logic Flaw

Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access...

PT-2023-25854 · Infoblox · Infoblox Nios

Name of the Vulnerable Software and Affected Versions: Infoblox NIOS versions through 8.5.1 Description: The issue is related to a faulty component that accepts malicious input without proper sanitization, resulting in shell access. Recommendations: For Infoblox NIOS versions through 8.5.1,...

CVE-2023-37249

CVE-2023-37249 affects Infoblox NIOS up to version 8.5.1. A faulty component accepts malicious input without sanitization, resulting in shell access. The NVD entry records a CVSS v3.1 base score of 8.8 (Network, Low effort, Privileges Required: Low, User Interaction: None; Impact: Confidentiality...

CVE-2023-37249

Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access...

Infoblox NIOS 安全漏洞

Infoblox NIOS is an operating system that powers Infoblox core network services. It ensures uninterrupted operation of the network infrastructure. A security vulnerability exists in Infoblox NIOS version 8.5.1 and prior versions, which originates from accepting malicious input without cleaning,...

CVE-2023-37249

Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access...

Minimal `basti` IAM Policy Allows Shell Access

Summary The provided Minimal IAM Policy for bastic connect does not include ssm:SessionDocumentAccessCheck. This results in the ability to get a shell session on the bastion, not just the intended access for Port Forwarding. Details basti connect is designed to "securely connect to your...

GHSA-Q4PP-J36H-3GQG Minimal `basti` IAM Policy Allows Shell Access

Summary The provided Minimal IAM Policy for bastic connect does not include ssm:SessionDocumentAccessCheck. This results in the ability to get a shell session on the bastion, not just the intended access for Port Forwarding. Details basti connect is designed to "securely connect to your...

PT-2023-33051 · Unknown · Basti Connect

Name of the Vulnerable Software and Affected Versions: Basti connect affected versions not specified Description: The Minimal IAM Policy for basti connect lacks the ssm:SessionDocumentAccessCheck condition, allowing users to obtain a shell session on the bastion, beyond the intended access for po...