22 matches found
CVE-2023-49222
Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges...
EUVD-2019-10288
Malware in sbrugna...
EUVD-2023-0088
Malicious code in bioql PyPI...
CVE-2022-36321
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases...
GHSA-3X5J-9VWR-8RR5 Update share links to use FRP instead of SSH tunneling
Impact This is a vulnerability which affects anyone using Gradio's share links i.e. creating a Gradio app and then setting share=True with Gradio versions older than 3.13.1. In these older versions of Gradio, a private SSH key is sent to any user that connects to the Gradio machine, which means...
Design/Logic Flaw
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases...
CVE-2022-36321
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases...
Directory traversal
aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH keyidrsa...
CVE-2022-26252
aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH keyidrsa...
aaPanel 6.8.21 - Directory Traversal (Authenticated)
Exploit Title: aaPanel 6.8.21 - Directory Traversal Authenticated Date: 22.02.2022 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.aapanel.com/ Software Link: https://www.aapanel.com Version: 6.8.21 Tested on: Ubuntu Application vulnerable to Directory Traversal and attacker c...
Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution Vulnerabilities
Zyxel CNM SecuManager versions 3.1.0 and 3.1.1 suffer from having hard-coded secrets, missing authentication, backdoors, and remote code execution vulnerabilities. Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution The HTML version on "Multiple vulnerabilities found in Zyxe...
Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution
Hello, Please find a text-only version below sent to security mailing lists. The HTML version on "Multiple vulnerabilities found in Zyxel CNM SecuManager" is posted here: https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html === text-version of the advisory ===...
CVE-2019-1731
A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The...
Design/Logic Flaw
A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The...
CVE-2015-1316
Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key...
Design/Logic Flaw
Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key...
Malicious Typo-Squatting
coffescript is a maliciously typo-squatting package. During the installation of these packages, the user’s private SSH key and bash history are set to a third party server...
Malicious Typo-Squatting
coffe-script is a maliciously typo-squatting package. During the installation of these packages, the user's private SSH key and bash history are set to a third party server...
Information disclosure
The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...
CVE-2017-16203
The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...