Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path through the hostIDReaderBSD.read function in sdk/resource/hostid.go. An attacker can execute a malicious kenv binary by placing it earlier in $PATH and triggering host ID detection on BSD or Solaris systems when...

opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking

Summary The fix for GHSA-9h8m-3fm2-qjrq CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. Root Cause sdk/resource/hostid.go line 42: if result, err :=...

GHSA-HFVC-G4FC-PQHX opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking

Summary The fix for GHSA-9h8m-3fm2-qjrq CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. Root Cause sdk/resource/hostid.go line 42: if result, err :=...

CVE-2026-24051

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

Host ID shows the same on the all the MPX 9100

Host ID shows the same on the all the MPX 9100...

Exploit for CVE-2024-22120

Usage bash python exploit.py --ip --sid --hostid --phps...

PT-2024-18649 · Zoom · Zoom

Name of the Vulnerable Software and Affected Versions: Video Conferencing with Zoom plugin for WordPress versions up to and including 4.4.5 Description: The issue allows authenticated attackers with subscriber access or higher to expose sensitive information, including usernames, emails, and IDs ...

WordPress Plugin Video Conferencing with Zoom 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

ADM Service not showing Host ID

When customer goes into ADM Service portal and navigates to Pooled Licensing section, the Host ID is not populated and shows a blank value...

SUSE CVE-2013-5588

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the step parameter to install/index.php or 2 the id parameter to cacti/host.php...

Vulnerability fixed in Cacti

Vulnerabilities have been fixed in Cacti. The vulnerabilities allow a malicious party to access system data and to execute arbitrary code under the user's privileges. An unauthenticated malicious party can gain access to the remoteagent.php file. By bypassing the authentication of this file...

CVE-2022-36956

In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1...

CVE-2022-36956

In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1...

Veritas NetBackup 安全漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports ransomware detection and backup protection of environment data such as metadata and virtual environments. A security vulnerability...

PT-2022-23703 · Veritas · Netbackup

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions 9.0.0.1 through 9.1.0.1 Description: The issue allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. Recommendations: For...

Types of NetScaler and NetScaler Gateway Licenses

This article describes the types of licenses available for NetScaler and NetScaler Gateway appliances. NetScaler licenses are assigned to physical MPX and virtual VPX appliances. Logical SDX appliances require licenses for each physical appliance and each virtual instance. Refer to NetScaler...

How to find Hostnames and Host ID to allocate / Modify licenses

To find Hostname / Host ID Mac Address to allocate / Modify License...

Licensing Error: "Inconsistent Server Host ID"

When importing a license file in the XenApp 6.0 License Administration Console, the following error occurs: Inconsistent server host ID in C:\Program Files x86\Citrix\Licensing\MyFiles\licensexxxxxxx.lic...

CVE-2018-21022

makeXMLListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the hostid parameter...

CVE-2018-21021

imggantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the hostid parameter...