145 matches found
CVE-2019-16305
In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command executio...
EUVD-2019-17222
Malware in sbrugna...
EUVD-2015-7175
Malware in sbrugna...
EUVD-2019-7097
Malware in sbrugna...
EUVD-2017-6829
Malware in sbrugna...
EUVD-2019-4943
Malware in sbrugna...
EUVD-2021-15501
Malware in sbrugna...
EUVD-2022-40926
Malicious code in bioql PyPI...
EUVD-2025-4873
Malicious code in bioql PyPI...
EUVD-2022-40927
Malicious code in bioql PyPI...
CVE-2024-48200
An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd conhost.exe...
CVE-2019-13475
In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute...
CVE-2017-15376
The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23...
CVE-2025-0714
The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted...
CVE-2025-0714
The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted...
CVE-2025-0714
The CVE-2025-0714 issue affects Mobatek MobaXterm versions prior to 25.0. It describes insecure password storage where an IV of zero bytes and a derivative master key are used for each stored password, causing AES-CTR (CFB) ciphertext to depend only on the plaintext and making data at rest easier...
CVE-2025-0714 Insecure storage of sensitive information in MobaXTerm <25.0.
The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted...
CVE-2025-0714 Insecure storage of sensitive information in MobaXTerm <25.0.
The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted...
Mobatek MobaXterm 安全漏洞
Mobatek MobaXterm is a suite of terminal software from Mobatek France that integrates an enhanced terminal, an X server, and a Unix command set GNU/Cygwin. A security vulnerability exists in Mobatek MobaXterm versions prior to 25.0, which stems from the way the password storage IV is generated an...
PT-2025-6799 · Mobaxterm · Mobaxterm
Name of the Vulnerable Software and Affected Versions: MobaXterm versions prior to 25.0 Description: The issue exists in the password storage of MobaXterm, where it uses an initialization vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the defaul...