12 matches found
EUVD-2013-3637
Malware in sbrugna...
EUVD-2023-29930
Malicious code in bioql PyPI...
CVE-2013-3704
The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a...
USN-7330-1 ansible vulnerabilities
It was discovered that Ansible did not properly verify certain fields of X.509 certificates. An attacker could possibly use this issue to spoof SSL servers if they were able to intercept network communications. This issue only affected Ubuntu 14.04 LTS. CVE-2015-3908 Martin Carpenter discovered...
GitLab CE/EE 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE that stems from improper acces...
Linux: SSH LogLevel
INFO level is the basic level that only records login activity of SSH users. In many situations, such as Incident Response, it is important to determine when a particular user was active on a system. The logout record can eliminate those users who disconnected, which helps narrow the field. VERBO...
CVE-2016-8614
CVE-2016-8614 affects Ansible before version 2.2.0, where the apt_key module does not properly verify key fingerprints. This allows a remote attacker to create an OpenPGP key that matches a short key ID and inject it in place of the legitimate key. The vulnerability is described consistently acro...
DSA-3281-1 Debian Security Team PGP/GPG key change notice
This is a notice that the Debian Security Team has changed its PGP/GPG contact key because of a periodic regular key rollover. The new key's fingerprint is: 0D59 D2B1 5144 766A 14D2 41C6 6BAF 400B 05C3 E651 The creation date is 2015-01-18 and it has been signed by the previous Security Team conta...
Hardcoded credentials
The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a...
Nmap NSE 6.01: ssh-hostkey
Shows SSH hostkeys. Shows the target SSH server's key fingerprint and with high enough verbosity level the public key itself. It records the discovered host keys in 'nmap.registry' for use by other scripts. Output can be controlled with the 'sshhostkey' script argument. The script also includes a...
ssh-hostkey NSE Script
Shows SSH hostkeys. Shows the target SSH server's key fingerprint and with high enough verbosity level the public key itself. It records the discovered host keys in nmap.registry for use by other scripts. Output can be controlled with the sshhostkey script argument. You may also compare the...
HTC Touch vCard over IP Denial of Service PoC Code
Hello, PoC code for testing the MSL-2008-002 vulnerability HTC Touch vCard over IP Denial of Service is now available at: http://poc.mseclab.com/pocs/MSL-2008-002-PoC.py The code provide means for demonstrating the HTC Touch vCard over IP DoS by sending vCards to port UDP/9204 of the target IP...