Weak Encryption Algorithm(s) Supported (SSH)

The remote SSH server is configured to allow / support weak encryption algorithms. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

go -- remote denial of service

Jason Buberel reports: Go has an infinite loop in several big integer routines that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability...

Quanta LTE Router Code Execution / Backdoor Accounts

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: Multiple vulnerabilities found in Quanta LTE routers backdoor, backdoor accounts, RCE, weak WPS ... Advisory URL: https://pierrekim.github.io/advisories/2016-quanta-0x00.txt Blog URL:...

[SECURITY] Fedora 23 Update: dropbear-2016.72-1.fc23

Dropbear is a relatively small SSH server and client. It's particularly use ful for "embedded"-type Linux or other Unix systems, such as wireless routers...

Dropbear SSH Server < 2016.72 xauth Command Injection

According to its self-reported version in the banner, the version of Dropbear SSH running on the remote host is prior to 2016.72. It is, therefore, affected by a command injection vulnerability when X11 Forwarding is enabled, due to improper sanitization of X11 authentication credentials. An...

Self Hosted Git Service: Gogs

Gogs is a self-hosted Git service written in Go which is very easy to get running and has low system usage as well. It aspires to be the easiest, fastest, and most painless way to set up a self-hosted Git service. With Go, this can be done with an independent binary distribution across ALL...

SideDoor - Debian/Ubuntu Backdoor Using A Reverse SSH Tunnel

sidedoor maintains a reverse tunnel to provide a backdoor. sidedoor can be used to remotely control a device behind a NAT. sidedoor is packaged for Debian-based systems with systemd or upstart. It has been used on Debian 8 jessie and Ubuntu 14.04 LTS trusty. The sidedoor user has full root access...

JShielder - LAMP/LEMP Secure Deployment

JSHielder is an Open Source tool developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux server with little...

Security update for openssh (critical)

CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature bsc961642 - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the...

Security update for openssh (critical)

This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature bsc961642 - CVE-2016-0778: A malicious or compromised server could could trigger a...

OpenSSH client Information Leak & Buffer Overflow

Since version 5.4 released on March 8, 2010, the OpenSSH client supports an undocumented feature called roaming: if the connection to an SSH server breaks unexpectedly, and if the server supports roaming as well, the client is able to reconnect to the server and resume the suspended SSH session...

Debian: Security Advisory (DSA-3446-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Juniper Networks Junos OS SSH Server Denial of Service Vulnerability

Juniper Networks Junos is a Juniper Networks network operating system designed for the company's hardware systems. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in the SSH server of the Juniper Networks Junos OS. A remote attacker...

Code injection

The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D25, 14.2 before 14.2R3,...

CVE-2015-7752

The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D25, 14.2 before 14.2R3,...

CVE-2015-7752

CVE-2015-7752 affects Juniper Networks Junos OS SSH server on multiple releases (listed in the description). A remote attacker can cause a denial of service via unspecified SSH traffic, resulting in CPU consumption. Public exploit details are not provided in the supplied documents; remediation/fi...

Sysax Multi Server 6.40 SSH Component Denial of Service Exploit

Exploit for windows platform in category dos / poc ''' Exploit title: Sysax Multi Server 6.40 ssh component denial of service vulnerability Date: 29-8-2015 Vendor homepage: http://www.sysax.com Software Link: http://www.sysax.com/download/sysaxservsetup.msi Version: 6.40 Author: 3unnym00n Details...

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality and integrity of protected information

The multiple vulnerabilities in the openssh-server-5.3p1 package of the Red Hat Enterprise Linux operating system can be exploited, leading to breaches of confidentiality and integrity of protected information. These vulnerabilities can be exploited remotely...

SSH Login Failed For Authenticated Checks

It was NOT possible to login using the provided SSH credentials. Hence authenticated checks are NOT enabled. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Zarp - Local Network Attack Framework

Zarp is a network attack tool centered around the exploitation of local networks. This does not include system exploitation, but rather abusing networking protocols and stacks to take over, infiltrate, and knock out. Sessions can be managed to quickly poison and sniff multiple systems at once,...