Cross site request forgery (csrf)

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an sshcommand field that is executed...

New GobRAT Remote Access Trojan Targeting Linux Routers in Japan

Linux routers in Japan are the target of a new Golang remote access trojan RAT called GobRAT. "Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT," the JPCERT Coordination Center JPCERT/CC...

CVE-2022-24630

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an sshcommand field that is executed...

PT-2023-12762 · Audiocodes · Audiocodes Device Manager Express

Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: An issue was discovered that allows execution of commands. The "/BrowseFiles.php" API endpoint is vulnerable to a POST request with a cmd parameter set to "ssh" a...

[SECURITY] Fedora 37 Update: libssh-0.10.5-1.fc37

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

CVE-2023-28319

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

AZL-26810 CVE-2023-28319 affecting package rust for versions less than 1.72.0-2

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

CVE-2023-28319

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

AZL-38554 CVE-2023-28319 affecting package tensorflow for versions less than 2.16.1-1

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

Design/Logic Flaw

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

Authentication Bypass

github.com/kubernetes/minikube is vulnerable to Authentication Bypass. The vulnerability exists due to the use of hard-coded credentials which allows a local attacker to use the default password and bypass the login via ssh access to the minikube container...

CVE-2023-28319

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

CVE-2023-28319

CVE-2023-28319 : A use-after-free in curl/libcurl’s SSH fingerprint check (verifying server public keys with a SHA-256 hash) occurs when verification fails; memory for the fingerprint is freed before the error message is built, potentially leaking the freed hash data in error output. Affected are...

Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Exploit

Exploit Title: Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Metasploit Date: Dec 9 2019 Exploit Author: Ege Balci Vendor Homepage: https://www.seagate.com/de/de/support/external-hard-drives/network-storage/seagate-central/ Version: 2015.0916 CVE : 2020-6627 This...

CVE-2023-28319

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

CVE-2023-28319

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)

Exploit Title: Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Metasploit Date: Dec 9 2019 Exploit Author: Ege Balci Vendor Homepage: https://www.seagate.com/de/de/support/external-hard-drives/network-storage/seagate-central/ Version: 2015.0916 CVE : 2020-6627 This...

CVE-2023-1944

This vulnerability enables ssh access to minikube container using a default password...

CVE-2023-1944

This vulnerability enables ssh access to minikube container using a default password...

Default credentials

This vulnerability enables ssh access to minikube container using a default password...