14823 matches found
Salt 安全漏洞
Salt is an automation, infrastructure management, data-driven orchestration, and remote execution application from the Salt project. Salt has a security vulnerability that stems from the Salt-SSH preflight option copying scripts to predictable paths to the target, which allows an attacker to forc...
GHSA-7HPF-G48V-HW3J Zoraxy has an authenticated command injection in the Web SSH feature
Summary A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Details Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers. In...
Zoraxy has an authenticated command injection in the Web SSH feature
Summary A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Details Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers. In...
CVE-2024-7516
A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a...
CVE-2024-7516 Brocade Fabric OS before 9.2.2 does not enforce strict host key checking
A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a...
CVE-2024-7516 Brocade Fabric OS before 9.2.2 does not enforce strict host key checking
A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a...
CVE-2024-7516
CVE-2024-7516 affects Brocade Fabric OS versions before 9.2.2. The vulnerability arises from the ability to forge SSH keys during remote operations initiated by a switch admin, enabling man-in-the-middle remote service session hijacking. Impact is described as high for confidentiality, integrity,...
CVE-2024-52010
Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...
CVE-2024-52010
CVE-2024-52010 concerns Zoraxy, a general-purpose HTTP reverse proxy/forwarding tool, with a vulnerability in the Web SSH feature. In HandleCreateProxySession , the request to create an SSH session handles a user-supplied username that can be injected into the sshCommand ; the username is not val...
CVE-2024-52010 Zoraxy has an authenticated command injection in the Web SSH feature
Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...
CVE-2024-52010 Zoraxy has an authenticated command injection in the Web SSH feature
Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...
CVE-2024-52010 Zoraxy has an authenticated command injection in the Web SSH feature
Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...
CVE-2024-50560
A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.2, SCALANCE...
CVE-2024-50560
A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.2, SCALANCE...
CVE-2024-50560
A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.2, SCALANCE...
PT-2024-35095 · Zoraxy · Zoraxy
Name of the Vulnerable Software and Affected Versions: Zoraxy versions 2.6.1 through 3.1.2 Description: A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows...
Privileged escalation via crafted use of portcfg command
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extensio...
CVE-2024-11068
The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account...
CVE-2024-11065
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet...
CVE-2024-11063
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet...