22 matches found
EUVD-2004-1159
Malware in sbrugna...
EUVD-2019-1737
Malware in sbrugna...
EUVD-2005-3344
Malware in sbrugna...
rssh - multiple vulnerabilities
NVD reports: rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp...
CVE-2019-1000018
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission...
CVE-2012-2251
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a 1 "-e" or 2 "--" command line option...
CVE-2012-3478
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line...
CVE-2005-3345
CVE-2005-3345 affects rssh versions 2.0.0 through 2.2.3, enabling local users to bypass access restrictions and gain root privileges via the rssh_chroot_helper chroot to an external directory. The connected sources confirm the vulnerability and its local-privilege-escalation impact, but do not pr...
CVE-2004-1628
Removed by vendor...
CVE-2004-1161
rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via 1 rdist -P, 2 rsync, or 3 scp -S...
CVE-2004-1161
rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via 1 rdist -P, 2 rsync, or 3 scp -S...
CVE-2004-1161
Removed by vendor...
CVE-2004-1161
rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via 1 rdist -P, 2 rsync, or 3 scp -S...
CVE-2004-0609
rssh 2.0 through 2.1.x expands command line arguments before entering a chroot jail, which allows remote authenticated users to determine the existence of files in a directory outside the jail...
rssh, scponly: Unrestricted command execution
Background rssh and scponly are two restricted shells, allowing only a few predefined commands. They are often used as a complement to OpenSSH to provide access to remote users without providing any remote execution privileges. Description Jason Wies discovered that when receiving an authorized...
RSSH 2.x - Arbitrary Command Execution
RSSH 2.x - Arbitrary Command Execution source: https://www.securityfocus.com/bid/11792/info rssh is reported prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow an attacke...
RSSH 2.x - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/11792/info rssh is reported prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow an attacker to gain elevated privileges on a...
rssh & scponly -- arbitrary command execution
Jason Wies identified both rssh & scponly have a vulnerability that allows arbitrary command execution. He reports: The problem is compounded when you recognize that the main use of rssh and scponly is to allow file transfers, which in turn allows a malicious user to transfer and execute entire...
GLSA-200410-28 : rssh: Format string vulnerability
The remote host is affected by the vulnerability described in GLSA-200410-28 rssh: Format string vulnerability Florian Schilhabel from the Gentoo Linux Security Audit Team found a format string vulnerability in rssh syslogging of failed commands. Impact : Using a malicious command, it may be...
FreeBSD : rssh -- format string vulnerability (166)
The following package needs to be updated: rssh %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg1f82675726be11d9ad2d0050fc56d258.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-200...