[SECURITY] Fedora 36 Update: vultr-2.0.3-5.fc36

Vultr CLI is a command line tool for using the Vultr API. It allows you to create and manage your virtual machines, SSH public keys, snapshots, and startup scripts on your Vultr account. You can also use it to directly SSH into a Vultr virtual machine through the vultr ssh command...

Sourcegraph Gitserver 3.36.3 Remote Code Execution

Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Date: 2022-06-10 Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remo...

CVE-2021-37471

Cradlepoint IBR900-600 devices running versions 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line...

CVE-2021-37471

Cradlepoint IBR900-600 devices running versions 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line...

CVE-2021-37471

The CVE-2021-37471 entry concerns Cradlepoint IBR900-600 devices running firmware versions prior to 7.21.10. The vulnerability is caused by a restricted shell escape sequence that can be exploited to concurrently deny availability of the NetCloud Manager console, the local console, and the SSH co...

CVE-2020-5759

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command...

Linux: Separate partition for /home

The /home directory contains local files for user. This script tests if a separate partition exists for /home. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU...

“The default account is not initialized” error is displayed when adding an IAM role to Veeam Backup for AWS

Challenge The Default Backup Restore IAM role is not created upon the Veeam Backup for AWS installation. Attempts to add IAM roles to Veeam Backup for AWS in the Add Account wizard fail with the error: The default account is not initialized Cause The backup server cannot access the required AWS...

Linux: Package updates available

Package updates may include vulnerability fixes or new functionality to a package. Keeping the packages to the newest available version reduces the risk of a successful attack. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are...

CVE-2016-8613

A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. T...

Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read Vulnerability

Exploit for linux platform in category local exploits Exploit Title: Dell EMC RecoverPoint boxmgmt CLI /etc/passwd: terminating, 34 bad configuration options Command "ssh -F /etc/passwd 127.0.0.1" exit...

SUSE-SU-2017:2660-1 Security update for libvirt

This update for libvirt fixes several issues. This security issue was fixed: - bsc1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution These non-security issues were fixed: - bsc1025340: Use xend for nodeGetFreeMemory API -...

SUSE-SU-2017:2598-1 Security update for libvirt

This update for libvirt fixes several issues. This security issue was fixed: - bsc1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution These non-security issues were fixed: - bsc1049505, bsc1051017: Security manager: Don't...

Debian DLA-1068-1 : git security update

Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules. For Debian 7 'Wheezy', these problems have been fixed in version...

SSH command injection Vulnerability(CVE-2017-1000117)analysis-vulnerability warning-the black bar safety net

0x01 vulnerability overview A malicious person can through the ingenious structure“ssh://...”link, and let the victim in the implementation of the program, such as the case to access the malicious link, so as to achieve command execution purposes. The links can be placed in the git project...

cvs -- Remote code execution via ssh command injection

Hank Leininger reports: Bugs in Git, Subversion, and Mercurial were just announced and patched which allowed arbitrary local command execution if a malicious name was used for the remote server, such as starting with - to pass options to the ssh client: git clone...

CVE-2016-3654

The device management command line interface CLI in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter...

Design/Logic Flaw

The device management command line interface CLI in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter...

CVE-2016-3654

The device management command line interface CLI in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter...

OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)

No description provided by source. !/bin/sh OpenSSH = 3.6.p1 - User Identification. Nicolas Couture - [email protected] Description: -Tells you wether or not a user exist on a distant server running OpenSSH. Usage: -You NEED to have the host's public key before executing this script...