27 matches found
EUVD-2008-1300
Malware in sbrugna...
CVE-2024-28085
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...
ejinshan Security Breach
ejinshan is a terminal security management system of China Falcon Security ejinshan company for localized environment, which can fully manage linux system. A security vulnerability exists in ejinshan v8+, which allows an attacker to upload arbitrary files to any location on the server...
SUSE CVE-2008-1293
ldm in Linux Terminal Server Project LTSP 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 aka display :6...
PartyLoud - A Simple Tool To Generate Fake Web Browsing And Mitigate Tracking
PartyLoud is a highly configurable and straightforward free tool that helps you prevent tracking directly from your linux terminal, no special skills required. Once started, you can forget it is running. It provides several flags; each flag lets you customize your experience and change PartyLoud...
LTSP LDM Elevation of Privilege Vulnerability
LTSP is a well-known Linux Terminal Server Project program that adds thin client support to Linux servers. An elevation of privilege vulnerability exists in LTSP LDM, which can be exploited by an attacker with certain privileges to gain privileges by performing a symbolic link attack on files wit...
Debian: Security Advisory (DLA-2064-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2064-1] ldm security update
Package : ldm Version : 2:2.2.15-2+deb8u1 CVE ID : CVE-2019-20373 Debian Bug : 948538 It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project incorrectly parsed responses from an SSH server which could result in local root privilege escalation. For...
Debian DSA-4601-1 : ldm - security update
It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project, incorrectly parsed responses from an SSH server, which could result in local root privilege escalation. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
UBUNTU-CVE-2019-20373
LTSP LDM through 2.18.06 allows fat-client root access because the LDMUSERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script...
HackerTarget ToolKit v2.0 - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery
Use open source tools and network intelligence to help organizations with attack surface discovery and identification of security vulnerabilities. Identification of an organizations vulnerabilities is an impossible task without tactical intelligence on the network footprint. By combining open...
Hackertarget - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery
Use open source tools and network intelligence to help organizations with attack surface discovery and identification of security vulnerabilities. Identification of an organizations vulnerabilities is an impossible task without tactical intelligence on the network footprint. By combining open...
Enumdb - MySQL and MSSQL Brute Force And Post Exploitation Tool To Search Through Databases And Extract Sensitive Information
Enumdb is brute force and post exploitation tool for MySQL and MSSQL databases. When provided a list of usernames and/or passwords, it will cycle through each looking for valid credentials. By default enumdb will use newly found, or given, credentials to search the database and find tables...
Vulnerabilities in the Debian GNU/Linux operating system that allow a malicious individual to compromise the confidentiality and integrity of protected information
The ltsp-server-standalone package for the Debian GNU/Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to violations of privacy and the integrity of protected information. These vulnerabilities can be exploited by malicious individuals...
[SECURITY] Fedora 21 Update: xrdp-0.6.1-11.fc21
The goal of this project is to provide a fully functional Linux terminal server, capable of accepting connections from rdesktop and Microsoft's own terminal server / remote desktop clients...
Gentoo Security Advisory GLSA 200805-07 (ltsp)
The remote host is missing updates announced in advisory GLSA 200805-07. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
GLSA-200805-07 : Linux Terminal Server Project: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200805-07 Linux Terminal Server Project: Multiple vulnerabilities LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X.org X11 server GLSA 200705-06, GLSA 200710-16, GLSA 200801-09, libpng GLSA...
Linux Terminal Server Project: Multiple vulnerabilities
Background The Linux Terminal Server Project adds thin-client support to Linux servers. Description LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X.org X11 server GLSA 200705-06, GLSA 200710-16, GLSA 200801-09, libpng GLSA 200705-24, GLSA 200711-08, Freetype GL...
Debian DSA-1561-1 : ldm - programming error
Christian Herzog discovered that within the Linux Terminal Server Project, it was possible to connect to X on any LTSP client from any host on the network, making client windows and keystrokes visible to that host. NOTE: most ldm installs are likely to be in a chroot environment exported over NFS...
CVE-2008-1293
ldm in Linux Terminal Server Project LTSP 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 aka display :6...