CVE-2025-35058

Newforma Info Exchange NIX '/UserWeb/Common/MarkupServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the customer-configured NIX service account...

NewStart CGSL MAIN 6.02 : openssh Vulnerability (NS-SA-2024-0061)

The remote NewStart CGSL host, running version MAIN 6.02, has openssh packages installed that are affected by a vulnerability: - A vulnerability was found in OpenSSH. The PKCS11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if ...

openssh: Remote code execution in ssh-agent PKCS#11 support

A vulnerability was found in OpenSSH. The PKCS11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system the code in /usr/lib is not necessarily safe for loading into ssh-agent...

openssh: Remote code execution in ssh-agent PKCS#11 support

A vulnerability was found in OpenSSH. The PKCS11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system the code in /usr/lib is not necessarily safe for loading into ssh-agent...

Remote code execution

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...

OpenSSH -- remote code execution via a forwarded agent socket

OpenSSH project reports: Fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: Exploitation requires the presence of specific libraries on t...

MAL-2022-2556 Malicious code in doffy-publish-to-npm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63ff9399fd399c33450fa80a7c978494e9dec87a1492ebf753a1d8dcf2e731c3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-21348

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

CVE-2019-5648

Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware = v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be us...

Code injection

Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware = v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be us...

CVE-2019-5648 LDAP Credential Exposure in Barracuda Load Balancer ADC

Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware = v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be us...

D-Link DIR615h OS Command Injection Vulnerability

Some D-Link Routers are vulnerable to an authenticated OS command injection on their web interface, where default credentials are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload...

Linksys E1500/E2500 Remote Command Execution

Some Linksys Routers are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command. A ping command against a controlled syste...