Lucene search
+L

145 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:33 a.m.15 views

CVE-2019-16305

In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command executio...

8.8CVSS7.4AI score0.06743EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-17222

Malware in sbrugna...

9.8CVSS9.5AI score0.03214EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-7175

Malware in sbrugna...

7.5CVSS6.4AI score0.05049EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-7097

Malware in sbrugna...

8.8CVSS8.6AI score0.06743EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-6829

Malware in sbrugna...

10CVSS9.1AI score0.03804EPSS
Exploits3References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2019-4943

Malware in sbrugna...

8.8CVSS8.8AI score0.0411EPSS
Exploits3References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-15501

Malware in sbrugna...

7.5CVSS7.5AI score0.01427EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-40926

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00829EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-4873

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.0016EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-40927

Malicious code in bioql PyPI...

9.1CVSS9AI score0.00729EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:30 a.m.9 views

CVE-2024-48200

An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd conhost.exe...

8.4CVSS7.8AI score0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:5 a.m.13 views

CVE-2019-13475

In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute...

8.8CVSS8AI score0.0411EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:21 a.m.15 views

CVE-2017-15376

The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23...

10CVSS7.9AI score0.03804EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/02/19 12:23 p.m.11 views

CVE-2025-0714

The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted...

6.5CVSS6.3AI score0.0016EPSS
Exploits0References3
NVD
NVD
added 2025/02/17 12:15 p.m.18 views

CVE-2025-0714

The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted...

6.5CVSS0.0016EPSS
Exploits0References1
CVE
CVE
added 2025/02/17 11:56 a.m.141 views

CVE-2025-0714

The CVE-2025-0714 issue affects Mobatek MobaXterm versions prior to 25.0. It describes insecure password storage where an IV of zero bytes and a derivative master key are used for each stored password, causing AES-CTR (CFB) ciphertext to depend only on the plaintext and making data at rest easier...

6.5CVSS6.3AI score0.0016EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/17 11:56 a.m.26 views

CVE-2025-0714 Insecure storage of sensitive information in MobaXTerm <25.0.

The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted...

6.5CVSS0.0016EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/17 11:56 a.m.11 views

CVE-2025-0714 Insecure storage of sensitive information in MobaXTerm <25.0.

The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted...

6.5CVSS6.3AI score0.0016EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/17 12:0 a.m.5 views

Mobatek MobaXterm 安全漏洞

Mobatek MobaXterm is a suite of terminal software from Mobatek France that integrates an enhanced terminal, an X server, and a Unix command set GNU/Cygwin. A security vulnerability exists in Mobatek MobaXterm versions prior to 25.0, which stems from the way the password storage IV is generated an...

6.5CVSS6.6AI score0.0016EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/17 12:0 a.m.10 views

PT-2025-6799 · Mobaxterm · Mobaxterm

Name of the Vulnerable Software and Affected Versions: MobaXterm versions prior to 25.0 Description: The issue exists in the password storage of MobaXterm, where it uses an initialization vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the defaul...

6.5CVSS6.7AI score0.0016EPSS
Exploits0References5
Rows per page
Query Builder