CVE-2022-1668

CVE-2022-1668 affects Secheron SEPCOS Control and Protection Relay. Weak default root credentials allow remote attackers to obtain OS superuser privileges over an open SSH port. Public advisories (ICS-CISA) describe multiple related vulnerabilities and confirm a high-severity risk with remote exp...

CVE-2022-1668 Secheron SEPCOS Control and Protection Relay

Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH...

CVE-2022-1668 Secheron SEPCOS Control and Protection Relay

Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH...

CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed)

A remote and low-privileged WatchGuard Firebox or XTM user can read arbitrary system files when using the SSH interface due to an argument injection vulnerability affecting the diagnose command. Additionally, a remote and highly privileged user can write arbitrary system files when using the SSH...

CVE-2017-20083

A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to backdoor. An attack has to be approached locally. The exploit has been disclosed to the public and...

CVE-2017-20083 JUNG Smart Visu Server SSH Server backdoor

A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to backdoor. An attack has to be approached locally. The exploit has been disclosed to the public and...

CVE-2017-20083

CVE-2017-20083 affects JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Connected sources describe two undocumented OS user accounts on the device enabling SSH access, which can be abused to create a backdoor locally. The issue is rooted in unauthorized accounts and leads to remote access compromi...

CVE-2017-20083 JUNG Smart Visu Server SSH Server backdoor

A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to backdoor. An attack has to be approached locally. The exploit has been disclosed to the public and...

SUSE SLES12 Security Update : python-Twisted (SUSE-SU-2022:2117-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2117-1 advisory. - Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server...

CVE-2022-32974

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...

Command injection

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...

CVE-2022-32974

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...

SMA Technologies OpCon UNIX agent adds the same SSH key to all installations

Overview SMA Technologies OpCon UNIX agent adds the same SSH key on every installation and subsequent updates. An attacker with access to the private key can gain root access on affected systems. Description During OpCon UNIX agent installation and updates, an SSH public key is added to the root...

SUSE-SU-2022:2117-1 Security update for python-Twisted

This update for python-Twisted fixes the following issues: - CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data using all the available memory bsc1196739...

Sourcegraph Gitserver 3.36.3 Remote Code Execution

Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Date: 2022-06-10 Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remo...

Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Hardcoded Backdoor User and Outdated Software Components product: Nexans FTTO GigaSwitch industrial/office switches HW version 5 vulnerable version: See "Vulnerable /...

Nightingale - Docker Environment For Pentesting Which Having All The Required Tool For VAPT

In today's technological era, docker is the most powerful technology in each and every domain, whether it is Development, cyber security, DevOps, Automation, or Infrastructure. Considering the demand of the industry, I would like to introduce my idea to create a NIGHTINGALE: docker image for...

Exploit for CVE-2022-31749

Hook Hook exploits a parameter injection vulnerability in the...

CVE-2022-27511

Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted...

CVE-2022-27511

CVE-2022-27511 affects Citrix Application Delivery Management (ADM). A remote, unauthenticated attacker could leverage an improper access-control flaw to reset the administrator password at the next device reboot, enabling access via SSH with default credentials. Patched versions exist (Citrix AD...