Code injection

A vulnerability has been identified in RUGGEDCOM i800 All versions V4.3.8, RUGGEDCOM i801 All versions V4.3.8, RUGGEDCOM i802 All versions V4.3.8, RUGGEDCOM i803 All versions V4.3.8, RUGGEDCOM M2100 All versions V4.3.8, RUGGEDCOM M2200 All versions V4.3.8, RUGGEDCOM M969 All versions V4.3.8,...

CVE-2021-37209

A vulnerability has been identified in RUGGEDCOM i800 All versions V4.3.8, RUGGEDCOM i801 All versions V4.3.8, RUGGEDCOM i802 All versions V4.3.8, RUGGEDCOM i803 All versions V4.3.8, RUGGEDCOM M2100 All versions V4.3.8, RUGGEDCOM M2200 All versions V4.3.8, RUGGEDCOM M969 All versions V4.3.8,...

Icinga Web 2 路径遍历漏洞

Icinga Web 2 is an application software.Icinga Web 2 is the next generation open source monitoring web interface, framework and command line interface developed by Icinga Project to support Icinga 2, Icinga Core and any other IDO database compatible monitoring backend. Icinga Web 2 suffers from a...

CVE-2022-24715 Arbitrary code execution for authenticated users in Icinga Web 2

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6...

CVE-2022-24715

CVE-2022-24715 affects Icinga Web 2. Authenticated users with access to the configuration can create SSH resource files in unintended directories, enabling arbitrary code execution. The issue is fixed in Icinga Web 2 releases 2.8.6, 2.9.6, and 2.10. Upgrading is the recommended remediation; if up...

Debian DLA-2938-1 : twisted - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2938 advisory. - Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an...

CVE-2022-24715

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6...

CVE-2022-24715 Arbitrary code execution for authenticated users in Icinga Web 2

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6...

Denial Of Service (DoS)

twisted is vulnerable to denial of service. The vulnerability exists due to the lack of validation of the peer's SSH version identifier and accepting an infinite amount of data allowing an attacker to craft a request that uses all available memory and crashes the server,...

ZOHO ManageEngine Key Manager Plus信息泄露漏洞

ZOHO ManageEngine Key Manager Plus is a web-based SSH secret key management solution from ZOHO. The vulnerability is caused by the application not effectively protecting the stored SSL certificates and associated key pairs, which can be exploited by an attacker to obtain the stored SSL certificat...

Cisco Unified Communications Manager (CUCM) Detection Consolidation

Consolidation of Cisco Unified Communications Manager CUCM, formerly Call Manager detections. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2022-21716

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

DEBIAN-CVE-2022-21716

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

CVE-2022-21716

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

Design/Logic Flaw

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

UBUNTU-CVE-2022-21716

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

PYSEC-2022-160

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

GHSA-RV6R-3F5Q-9RGX Twisted SSH client and server deny of service during SSH handshake.

Impact The Twisted SSH client and server implementation naively accepted an infinite amount of data for the peer's SSH version identifier. A malicious peer can trivially craft a request that uses all available memory and crash the server, resulting in denial of service. The attack is as simple as...

Twisted SSH client and server deny of service during SSH handshake.

Impact The Twisted SSH client and server implementation naively accepted an infinite amount of data for the peer's SSH version identifier. A malicious peer can trivially craft a request that uses all available memory and crash the server, resulting in denial of service. The attack is as simple as...

Red Team lab automation

It’s not uncommon for red teamers to regularly tear down and rebuild their test labs, I know I do on a sometimes daily basis. It keeps things fresh and manageable, and now, using Infrastructure as Code IaC, we can create a consistent environment to test tools and techniques in. If we break...