NewStart CGSL MAIN 6.06 (SP) : cloud-init Multiple Vulnerabilities (NS-SA-2026-0026)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has cloud-init packages installed that are affected by multiple vulnerabilities: - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included sshdeletekeys: 0, disabling cloud-init's deletion of ssh host keys. In some...

CVE-2025-6519 Consistent predictable generation of the password for the default admin user "ONEDAY" to the application services

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

Linux Distros Unpatched Vulnerability : CVE-2017-18021

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only appli...

cloud-init through 19.4 relies on Mersenne Twister for a random password which makes it easier for attackers to predict passwords because rand_str in cloudinit/util.py calls the random.choice function.

...

UBUNTU-CVE-2020-8631

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function...

gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities

Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't contain any quote. Fortunately, PHP is flexible enoug...