120 matches found
iTerm2 Security Vulnerability
iTerm2 is a terminal emulation program written for Mac OS X. A security vulnerability exists in iTerm2 versions prior to 3.5.0beta12 that stems from not cleaning up ssh hostnames in URLs...
CVE-2023-46300
CVE-2023-46300 affects iTerm2 on macOS, with remote code execution possible due to mishandling of certain escape sequences related to tmux integration in versions prior to 3.4.20. The Nessus and Red Hat/NVD records corroborate a RCE class flaw tied to escape sequence handling. Confirmed affected ...
iTerm2 Security Vulnerability
iTerm2 is a terminal emulation program written for Mac OS X. A security vulnerability exists in iTerm2 versions prior to 3.4.20 that stems from improper handling of certain escape sequences and allows remote code execution...
CVE-2023-46300
iTerm2 before 3.4.20 allow potentially remote code execution because of mishandling of certain escape sequences related to tmux integration...
CVE-2023-46301
iTerm2 before 3.4.20 allow potentially remote code execution because of mishandling of certain escape sequences related to upload...
CVE-2023-46321
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line...
CVE-2023-46322
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period...
CVE-2022-45872
iTerm2 before 3.4.18 mishandles a DECRQSS response...
CVE-2022-45872
iTerm2 before 3.4.18 mishandles a DECRQSS response...
CVE-2022-45872
CVE-2022-45872 affects iTerm2 prior to 3.4.18, where a DECRQSS response is mishandled. The issue concerns iTerm2 (macOS) with the vulnerability stemming from the mishandling in the DECRQSS parsing, and is described with CVSS v3.1 base metrics of 9.8 (CRITICAL) impacting confidentiality, integrity...
CVE-2022-45872
iTerm2 before 3.4.18 mishandles a DECRQSS response...
iTerm2 安全漏洞
iTerm2 is a terminal emulation program written for Mac OS X. A security vulnerability exists in iTerm2 version 3.4.18 that stems from incorrectly handling DECRQSS responses...
PT-2022-27662 · Iterm2 · Iterm2
Name of the Vulnerable Software and Affected Versions: iTerm2 versions prior to 3.4.18 Description: The issue is related to the mishandling of a DECRQSS response. Recommendations: For versions prior to 3.4.18, update to version 3.4.18 or later to resolve the issue...
CVE-2022-45872
iTerm2 before 3.4.18 mishandles a DECRQSS response...
Mac Users Targeted by Trojanized iTerm2 App
We go into more detail about a fake version of the iTerm2 app that downloads and runs malware, detected by Trend Micro as TrojanSpy.Python.ZURU.A, which collects private data from a victim’s machine...
New Mac malware masquerades as iTerm2, Remote Desktop and other apps
Last week, security researcher Patrick Wardle released details of a new piece of malware masquerading as the legitimate app iTerm2. The malware was discovered earlier the same day by security researcher Zhi @CodeColorist on Twitter, and detailed on a Chinese-language blog. For those who dont spea...
Online Marriage Registration System 1.0 Remote Code Execution
Exploit Title: Online Marriage Registration System OMRS 1.0 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-14-12 Exploit Author: Andrea Bruschi - www.andreabruschi.net Vendor Homepage: https://phpgurukul.com/ Software Link:...
openSUSE: Security Advisory for tmux (openSUSE-SU-2020:1834-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
iTerm2 Information Disclosure Vulnerability (CNVD-2020-41520)
iTerm2 is a GPL-licensed terminal emulator for macOS. An information disclosure vulnerability exists in iTerm2 3.3.6 and earlier versions, which can be exploited by a remote attacker to obtain sensitive information by searching for the NoSyncSearchHistory string in a .plist file in a public Git...
CVE-2019-19022
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Gi...