CVE-2019-12776

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocaterevB scripts copies the hardcoded key to...

CVE-2025-60892

An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager's 'public-key authentication' setting unintentionally re-adds a user's idrsa.pub key from their local Windows machine to the authorizedkeys file on the Raspberry Pi, even after the user...

EUVD-2017-18018

Malware in sbrugna...

MAL-2025-630 Malicious code in telegramclient-utils (npm)

This package adds the attacker's public SSH key to the user's authorizedkeys file, creating a backdoor. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2807323f53c2562dc15aa9f4a559ede7c0e9dee713d30a637a4cf8f2c13f2640 Any computer that has this package installed or...

CVE-2023-49224

Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorizedkeys file. A remote attacker could use this key to gain root privileges...

Precor Touchscreen Console Security Vulnerability

Precor touchscreen console P62 and Precor touchscreen console P82 are both a touchscreen console from Precor USA. A security vulnerability exists in the Precor Touchscreen Console that stems from the inclusion of a default SSH public key in the authorizedkeys file, which can be used by a remote...

CVE-2023-43619

An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

SUSE CVE-2011-3870

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorizedkeys file...

Denial Of Service (DoS)

tnef is vulnerable to denial of service DoS. The vulnerability exists through a heap-based buffer over-read in strdup, allowing an attacker may be able to write to the victim's .ssh/authorizedkeys file through an e-mail message with a crafted winmail.dat application/ms-tnef attachment...

Input validation

In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorizedkeys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certa...

Directory traversal

The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as on a default Ubuntu installation...

CVE-2019-18849

In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup...

Pulse Secure 8.1R15.18.28.39.0 SSL VPN - Remote Code Execution

Pulse Secure 8.1R15.18.28.39.0 SSL VPN - Remote Code Execution !/usr/bin/python Exploit Title: Pulse Secure Post-Auth Remote Code Execution Google Dork: inurl:/dana-na/ filetype:cgi Date: 09/05/2019 Exploit Author: Justin Wagner 0xDezzy, Alyssa Herrera @AlyssaHerrera Vendor Homepage:...

CVE-2015-0936

Ceragon FibeAir IP-10 have a default SSH public key in the authorizedkeys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key...

CVE-2017-9079

Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorizedkeys file format with a command= option. This occurs because /.ssh/authorizedkeys is read with root privileges and symlinks are followed...

CVE-2016-5333

VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorizedkeys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key...

F5 Big-IP - rsync Access

When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance. The BigIP platform configures an rsync daemon listening on the ConfigSync...