PT-2025-25679 · WordPress · Rextheme Wp Vr

Name of the Vulnerable Software and Affected Versions: RexTheme WP VR versions through 8.5.26 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential...

The vulnerability of the SSH-server software solution for monitoring the status of B&R APROL industrial systems allows a intruder to execute arbitrary commands.

The vulnerability of the SSH-server software solution for monitoring the status of B&R APROL industrial systems is related to the inclusion of functions from an unreliable and uncontrolled area. Exploiting this vulnerability could allow a perpetrator to execute arbitrary commands...

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433: Erlang/OTP's SSH Server Exploit...

DEBIAN-CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

Creating Scripts to Identify Vulnerable SSH Servers

This whitepaper covers how to create Nmap scripts to identify banners and versions of SSH servers. It also covers methods to mitigate the public visibility of banners and version information on SSH servers. Written in Portuguese...

CVE-2024-52490 WordPress Pathomation plugin <= 2.5.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through = 2.5.1...

CLSA-2024-1708638566 openssh: Fix of CVE-2023-48795

CVE-2023-48795: implement "strict key exchange" in ssh and sshd...

CVE-2022-44719

An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions...

The vulnerability of the SSH-server software used in Bosch BVMS video surveillance systems allows a intruder to gain unauthorized access to the network.

The vulnerability of the SSH-server software used in Bosch BVMS video surveillance systems is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to the network by using port redirection requests...

Bosch Video Management System 安全漏洞

Bosch Video Management System is a video management system from Bosch, Germany. A security vulnerability exists in Bosch Video Management System, which stems from improper authorization of the SSH server, allowing an authenticated attacker to access resources on the internal network via port...

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

SUSE CVE-2019-3858

An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

SUSE CVE-2019-3856

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

SUSE CVE-2019-3859

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire and libssh2packetrequirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

CVE-2022-28622

A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2...

Jenkins Kubernetes Continuous Deploy 插件跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...

PT-2022-17138 · Jenkins · Jenkins Ftp Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SCP publisher Plugin versions 1.8 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. The...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Self-contained lab environment PoC that runs a reverse-shell w...

CVE-2021-34718

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...