QNAP QTS and Photo Station Local File Inclusion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'QNAP QTS and Photo Station Local File Inclusion', 'Description' = %q This module exploits a local file inclusion in QNAP QTS and Photo Station th...

Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh/transport/session' require 'net/sftp' require 'openssl' class MetasploitModule 'Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read',...

Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns

Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances. "The attacks involve threat actors that employ methods such as the deployment of shel...

CBL Mariner 2.0 Security Update: hyperv-daemons / kernel (CVE-2024-26979)

The version of hyperv-daemons / kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26979 advisory. - NIST NVD Details CVE-2024-26979 Note that Nessus has not tested for this issue but has...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 Vulnerability Checker Overview This Python...

The vulnerability of the xinetd process of the sshd daemon in the Juniper Networks Junos OS Evolved operating system allows a hacker to cause a service failure.

The vulnerability of the xinetd process of the sshd daemon in the Juniper Networks Junos OS Evolved operating system is related to the failure to release resources after their useful lifespan has ended. Exploiting this vulnerability allows a malicious actor to cause service failures by sending...

CVE-2024-43798

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is...

CVE-2024-43798 Chisel AUTH environment variable not respected in server entrypoint

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is...

CVE-2024-43798

CVE-2024-43798 affects Chisel, a fast TCP/UDP tunnel over HTTP secured via SSH. The vulnerability occurs because the server does not read the documented AUTH environment variable for credentials, allowing any unauthenticated user to connect even when credentials are set. This impacts deployments ...

Synology NAS / DiskStation Manager Detection (SSH Login)

SSH login-based detection of Synology NAS / DiskStation Manager DSM. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.14.35 security update

Red Hat OpenShift Container Platform release 4.14.35 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a security impact of...

Exploit for CVE-2024-40892

fwbt Writeup: https://www.labs.greynoise.io/grimoire/2024-08-...

CVE-2024-43410

Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length,...

CVE-2024-43410 Russh has an OOM Denial of Service due to allocation of untrusted amount

Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length,...

CVE-2024-43410

CVE-2024-43410 (Russh) : The russh Rust SSH library is vulnerable to an OOM DoS caused by allocating memory based on an untrusted 4-byte packet length. An unauthenticated client can set this length to any value, triggering large allocations before authentication and potentially exhausting the ser...

CVE-2024-43410 Russh has an OOM Denial of Service due to allocation of untrusted amount

Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length,...

CVE-2024-43410 Russh has an OOM Denial of Service due to allocation of untrusted amount

Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length,...

GO-2023-2097 Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled in github.com/charmbracelet/soft-serve

Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled in github.com/charmbracelet/soft-serve...

CVE-2020-11847

CVE-2020-11847 affects OpenText NetIQ Privileged Account Manager (PAM) prior to 3.7.0.1. An SSH-authenticated user can access the PAM server and run an OS command via bash to obtain full system access. The root cause is exposure of command execution during SSH access to the PAM server, as describ...

GO-2023-1671 Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process in tailscale.com

Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process in tailscale.com...