Authentication Bypass

gradio is vulnerable to Authentication Bypass. The vulnerability exists due to the use of hard coded private ssh keys when sharing demos, which allows an attacker to gain access to other demos on the system...

GHSA-PFVH-P8QP-9WW9 Gogs OS Command Injection vulnerability

Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server on case-insensitive file systems. All installations with repository upload enabled default on case-insensitive file systems...

Gogs OS Command Injection vulnerability

Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server on case-insensitive file systems. All installations with repository upload enabled default on case-insensitive file systems...

Exploit for Improper Authentication in Fortinet Fortiproxy

CVE-2022-40684 One-click enumeration of all usernames and wr...

ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root Vulnerability

ASUS ASMB8 iKVM firmware versions 1.14.51 and below suffers from a flaw where SNMPv2 can be used with write access to introduce arbitrary extensions to achieve remote code execution as root. The researchers also discovered a hardcoded administrative account...

ABUS Security Camera TVIP 20000-21150 LFI / Remote Code Execution Vulnerability

ABUS Security Camera version TVIP 20000-21150 suffers from local file inclusion, hardcoded credential, and command injection vulnerabilities. When coupled together, they can be leveraged to achieve remote access as root via ssh...

ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit Title: ASUS ASMB8 iKVM RCE and SSH Root Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-002-2023 Vendor Homepage: https://servers.asus.com/search?q=ASMB8 Version/Model: ASMB8 iKVM...

ABUS Security Camera TVIP 20000-21150 LFI / Remote Code Execution

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit Title: ABUS Security Camera LFI, RCE and SSH Root Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-001-2023 Vendor Homepage: https://www.abus.com Version/Model: TVIP 20000-21150 probabl...

Privilege Escalation

haproxy, buster is vulnerable to Privilege Escalation. An attacker is able to change their resource allocations, promote containers to privileged mode, or potentially add ssh authorized keys to a remote shell on the target machine by creating new files on the host system. In order for an attacker...

Privilege Escalation

firefox is vulnerable to Privilege Escalation. An attacker is able to change their resource allocations, promote containers to privileged mode, or potentially add ssh authorized keys to a remote shell on the target machine by creating new files on the host system. In order for an attacker to...

Privilege Escalation

firefox is vulnerable to Privilege Escalation. An attacker is able to change their resource allocations, promote containers to privileged mode, or potentially add ssh authorized keys to a remote shell on the target machine by creating new files on the host system. In order for an attacker to...

[SECURITY] Fedora 37 Update: ksshaskpass-5.27.1-1.fc37

A ssh-add helper that uses kwallet and kpassworddialog...

OESA-2023-1127 xorg-x11-server security update

X.Org X11 X server Security Fixes: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on...

Debian: Security Advisory (DLA-3340-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3340 : libgit2-27 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3340 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3340-1 [email protected]...

CVE-2023-25823

Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links i.e. creating a Gradio app and then setting share=True, a private SSH key is sent to any...

PYSEC-2023-16

Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links i.e. creating a Gradio app and then setting share=True, a private SSH key is sent to any...

Update share links to use FRP instead of SSH tunneling

Impact This is a vulnerability which affects anyone using Gradio's share links i.e. creating a Gradio app and then setting share=True with Gradio versions older than 3.13.1. In these older versions of Gradio, a private SSH key is sent to any user that connects to the Gradio machine, which means...

GHSA-3X5J-9VWR-8RR5 Update share links to use FRP instead of SSH tunneling

Impact This is a vulnerability which affects anyone using Gradio's share links i.e. creating a Gradio app and then setting share=True with Gradio versions older than 3.13.1. In these older versions of Gradio, a private SSH key is sent to any user that connects to the Gradio machine, which means...

CVE-2023-25823 Gradio contains Use of Hard-coded Credentials

Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links i.e. creating a Gradio app and then setting share=True, a private SSH key is sent to any...