18 matches found
EUVD-2026-18817
A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...
CVE-2026-3184
A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...
CVE-2026-3184
Affects util-linux, specifically the login(1) utility when invoked with -h. The root cause is improper hostname canonicalization, which can modify the supplied remote hostname before setting PAM_RHOST. This weakness can bypass host-based PAM access control rules that rely on fully qualified domai...
CVE-2026-3184
A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...
Jupyter Login Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/jupyter' class MetasploitModule 'Jupyter Login Utility', 'Description' = %...
Varnish Cache CLI Login Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/varnish' require 'metasploit/framework/tcp/client' class MetasploitModule...
SUSE CVE-2008-1926
Argument injection vulnerability in login login-utils/login.c in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."...
Octopus Deploy Login Utility
This module simply attempts to login to an Octopus Deploy server using a specific username and password. It has been confirmed to work on version 3.4.4 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require...
GitLab Login Utility
This module attempts to login to a GitLab instance using a specific user/pass. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...
MySQL Login Utility
This module simply queries the MySQL instance for a specific user/pass default is root with blank. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...
Buffalo NAS Login Utility
This module simply attempts to login to a Buffalo NAS instance using a specific username and password. It has been confirmed to work on version 1.68 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require...
HP System Management Homepage Login Utility
This module attempts to login to HP System Management Homepage using host operating system authentication. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/loginscanner/smh' require...
Tomcat Application Manager Login Utility
This module simply attempts to login to a Tomcat Application Manager instance using a specific user/pass. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...
D-Link DIR-615H HTTP Login Utility
This module attempts to authenticate to different D-Link HTTP management services. It has been tested successfully on D-Link DIR-615 Hardware revision H devices. It is possible that this module also works with other models. This module requires Metasploit: https://metasploit.com/download Current...
Nessus XMLRPC Interface Login Utility
This module simply attempts to login to a Nessus XMLRPC interface using a specific user/pass. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nessus XMLRPC Interface Login Utility', 'Descriptio...
util-linux: audit log injection via login
Argument injection vulnerability in login login-utils/login.c in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."...
Multiple OS /bin/login Remote Overflow
The remote implementation of the /bin/login utility, used when authenticating a user via telnet or rsh contains an overflow which allows an attacker to gain a shell on this host, without even sending a shell code. An attacker may use this flaw to log in as any user except root on the remote host....
login_patch.txt
diff -ur ./util-linux-2.9o/lib/pathnames.h ./util-linux-2.9o-mp/lib/pathnames.h --- ./util-linux-2.9o/lib/pathnames.h Sun Oct 11 14:19:16 1998 +++ ./util-linux-2.9o-mp/lib/pathnames.h Wed Jul 14 22:51:13 1999 @@ -86,6 +86,7 @@ define PATHSECURE "/etc/securesingle" define PATHUSERTTY "/etc/usertty...