16 matches found
EUVD-2021-28247
Malicious code in bioql PyPI...
EUVD-2023-3065
Malicious code in bioql PyPI...
EUVD-2023-3008
Malicious code in bioql PyPI...
EUVD-2021-28246
Malicious code in bioql PyPI...
EUVD-2022-6071
Malicious code in bioql PyPI...
CVE-2022-29186
CVE-2022-29186 affects Rundeck Docker images (community and enterprise) versions 4.0 and earlier, where a pre-generated id_rsa.pub SSH keypair was included in the image. If this public key was copied to authorized_keys on a remote host, anyone with the corresponding private key could access those...
CVE-2021-41112
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could...
CVE-2021-41111
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user...
CVE-2021-41112
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could...
CVE-2021-41111
Vulnerability: In Rundeck, prior to versions 3.4.5 and 3.3.15, an authenticated user with permission to read webhooks in one project can craft a request to reveal webhook definitions and tokens in another project, enabling potential triggering of webhooks. Affected: Rundeck web UI/API from the ci...
Rundeck code issue vulnerability
Rundeck is an open source automation service with a Web console, command line tools, and WebAPI from Rundeck USA, which is primarily used to run automation tasks.A code issue vulnerability exists in Rundeck Enterprise Edition, which stems from the fact that an authenticated user can issue a POST...
Cross site request forgery (csrf)
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with admin access to the system resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all...
OSAS Traverse Extension 11 - (travextensionhostsvc) Unquoted Service Path Vulnerability
Exploit Title: OSAS Traverse Extension 11 - 'travextensionhostsvc' Unquoted Service Path Exploit Auth: Tech Johnny Vendor Homepage: https://www.osas.com Version: 11 x86 Tested on: Windows 2012R2 Details: C:\Windows\system32wmic service get name, pathname, displayname, startmode | findstr /i "Auto...
CVE-2017-6711
A vulnerability in the Ultra Automation Service UAS of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulnerability is due to an insecure default configuration of the Apache ZooKeeper service used by the...
Rockwell Automation Service Detection (deprecated)
Binary data 6469.prm...
Rockwell Automation Service Detection
Binary data 6470.prm...