Lucene search
K

13 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 5:10 a.m.15 views

Malicious code in node-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d71bcdec983467ab6a47b538e524abc1cdafc98b411761bffb375be17d72009 On npm install, package.json's postinstall hook executes node test.js which invokes code in index.js that performs two distinct attacks on the...

5.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/27 9:35 p.m.15 views

AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username

Summary AsyncSSH 2.22.0 expands the OpenSSH-compatible AuthorizedKeysFile %u token with the raw SSH username during pre-authentication server config reload. A server configured with a documented per-user key pattern such as AuthorizedKeysFile authorizedkeys/%u can be made to read an authorized-ke...

5.8AI score0.00221EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.8 views

PT-2025-39985

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments affected versions not specified Description The Vasion Print Virtual Appliance Host and Application contains an undocumented user, printerlogic, with...

10CVSS6.4AI score0.00697EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/06/07 12:0 a.m.6 views

PT-2024-13699 · Precor · Precor Touchscreen Console

Name of the Vulnerable Software and Affected Versions: Precor touchscreen console versions P62, P80, and P82 Description: The issue concerns a default SSH public key in the authorized keys file, which could be exploited by a remote attacker to gain root privileges. Recommendations: For Precor...

8CVSS7.5AI score0.0028EPSS
Exploits0References7
OSV
OSV
added 2023/10/10 11:15 a.m.4 views

CVE-2023-36380

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support, CP-8050 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support. The affected devices contain a hard-coded ID in the SSH authorizedkeys configuration file...

7.8CVSS5.7AI score0.00363EPSS
Exploits0References1
OSV
OSV
added 2023/09/21 2:15 p.m.10 views

CVE-2023-43631

On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could...

8.8CVSS5.8AI score0.0016EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/01/22 12:0 a.m.5 views

PT-2022-3945 · Unknown · Control Web Panel

Name of the Vulnerable Software and Affected Versions: Control Web Panel versions prior to 0.9.8.1107 Description: The issue is related to incorrect code generation management in the application. It allows a remote attacker to execute arbitrary code using a specially crafted request. Specifically...

10CVSS9.6AI score0.70947EPSS
Exploits2References11
Cvelist
Cvelist
added 2020/01/23 2:27 p.m.26 views

CVE-2020-7931

In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorizedkeys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certa...

8.9AI score0.0549EPSS
Exploits2References2
OSV
OSV
added 2019/11/11 4:15 a.m.1 views

DEBIAN-CVE-2019-18849

In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup...

5.5CVSS6.3AI score0.01203EPSS
Exploits1References1
Microsoft KB
Microsoft KB
added 2019/03/12 7:0 a.m.33 views

Extraneous SSH Public Keys added to Authorized Keys file on Linux VM

None None...

5.1CVSS6AI score0.01403EPSS
Exploits0
Snyk
Snyk
added 2018/04/04 1:2 p.m.3 views

Arbitrary File Write

Amendment This was deemed not a vulnerability. Overview org.apache.hive:hive-common is a reading, writing, and managing large datasets residing in distributed storage using SQL. Affected versions of this package are vulnerable to Arbitrary File Write via the File Transfer Protocol FTP client...

4.3CVSS6.8AI score0.0178EPSS
Exploits0References2
Metasploit
Metasploit
added 2016/06/20 2:40 a.m.61 views

SSH Key Persistence

This module will add an SSH key to a specified user or all, to allow remote login via SSH at any time. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sshkey' class MetasploitModule 'SSH Key Persistence',...

0.4AI score
Exploits0
OpenVAS
OpenVAS
added 2012/10/19 12:0 a.m.10 views

Fedora Update for gitolite3 FEDORA-2012-15731

Check for the Version of gitolite3 OpenVAS Vulnerability Test Fedora Update for gitolite3 FEDORA-2012-15731 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

7.4AI score
Exploits0References2
Rows per page
Query Builder