GHSA-C35Q-FFPF-5QPM AsyncSSH Rogue Session Attack

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation. Details The rogue session attack targets any SSH client connecting to an AsyncSSH server, on which the attacker must have a shell...

CVE-2020-16259

Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user...

Chetcpasswd本地权限提升漏洞

Chetcpasswd是一个允许用户通过Web更改自己Squid及Web访问口令的工具。 Chetcpasswd在处理参数时存在漏洞，本地攻击者可能利用此漏洞提升自己权限。 如果配置为使用postchange和alertemail的话，或在更改口令后将新的passwd文件拷贝到旧的passwd文件，chetcpasswd就可能不安全地执行外部程序，允许本地攻击者获得root用户权限。但要利用这个漏洞要求攻击者在服务器上拥有有效的shell帐号且知道允许使用chetcpasswd的IP地址。 CHETCPASSWD CHETCPASSWD 2.4.1...