Lucene search
K

14906 matches found

Packet Storm
Packet Storm
added 2021/05/18 12:0 a.m.158 views

rxvt 2.7.0 / rxvt-unicode 9.22 Code Execution

!/usr/bin/env python Title: rxvt remote code execution over scp with $SHELL=/bin/bash 0day Version: rxvt 2.7.10, rxvt-unicode 9.22 Author: def Date: 2021-05-16 CVE: N/A ------------------------------------------------------------------------------ URXVT VULNERABILITY In rxvt-based terminals, ANSI...

7.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/13 10:23 a.m.50 views

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System

Summary Redhat provided OpenSSH is used by IBM Integrated Analytics System. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2020-14145 DESCRIPTION: OpenSSH is vulnerable to a man-in-the-middle attack, caused by an observable discrepancy flaw. An attacker...

5.9CVSS1.2AI score0.02057EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2021/05/12 12:0 a.m.5 views

Ubuntu: Security Advisory (USN-4944-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
ThreatPost
ThreatPost
added 2021/05/11 7:46 p.m.40 views

GitHub Prepares to Move Beyond Passwords

GitHub, the ubiquitous host for software development and version control and unfortunate target of a steady pitter-patter of attacks targeting the same, is now supporting security keys when using Git over SSH. In a post on Monday, GitHub security engineer Kevin Jones said that this is the next st...

5.8AI score
Exploits0References16
HackRead
HackRead
added 2021/05/11 7:30 p.m.39 views

GitHub Will Now Support Security Keys for SSH Git Operations

By Deeba Ahmed To prevent account takeover in SSH Git operations, GitHub has now added support for security keys. This is a post from HackRead.com Read the original post: GitHub Will Now Support Security Keys for SSH Git Operations...

1AI score
Exploits0
Kitploit
Kitploit
added 2021/05/10 9:30 p.m.110 views

DNSObserver - A Handy DNS Service Written In Go To Aid In The Detection Of Several Types Of Blind Vulnerabilities

A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends notifications with the received request's details via Slack. DNSObserver can help you find bugs such as blind OS command...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/05/07 12:0 a.m.515 views

SSH Password Authentication Accepted

The SSH server on the remote host accepts password authentication. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid149334; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2021/05/07...

7.2AI score
Exploits0References1
OSV
OSV
added 2021/05/05 11:15 a.m.17 views

CVE-2021-31800

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing...

9.8CVSS7.6AI score
Exploits0References9
AlpineLinux
AlpineLinux
added 2021/05/05 10:24 a.m.40 views

CVE-2021-31800

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing...

9.8CVSS9.9AI score0.1926EPSS
Exploits1
Hacker One
Hacker One
added 2021/05/04 6:57 a.m.133 views

Sifchain: Private RSA key for Vagrant exposed in GitHub repository

Summary: The private RSA key used for SSH on Vagrant is exposed in sifnode GitHub repository. Steps To Reproduce: 1. Visit this link which shows the privatekey file used for your Vagrant virtual machine Suggested solution Remove the private key from the repository. Even though you remove it, it...

6.6AI score
Exploits0
Fedora
Fedora
added 2021/05/03 2:12 a.m.55 views

[SECURITY] Fedora 32 Update: ansible-2.9.20-1.fc32

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

5.5CVSS3.3AI score0.00333EPSS
Exploits0
Fedora
Fedora
added 2021/05/03 2:6 a.m.51 views

[SECURITY] Fedora 34 Update: ansible-2.9.20-1.fc34

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

5.5CVSS3.3AI score0.00333EPSS
Exploits0
Fedora
Fedora
added 2021/05/03 1:48 a.m.49 views

[SECURITY] Fedora 33 Update: ansible-2.9.20-1.fc33

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

5.5CVSS3.3AI score0.00333EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/05/03 12:0 a.m.24 views

Fedora: Security Advisory for ansible (FEDORA-2021-4a17f0225d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.5CVSS6.3AI score0.00333EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/05/03 12:0 a.m.24 views

Fedora: Security Advisory for ansible (FEDORA-2021-0414eb891b)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.5CVSS6.3AI score0.00333EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/05/03 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for e2fsprogs (EulerOS-SA-2021-1777)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.3AI score0.01105EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/05/03 12:0 a.m.24 views

Fedora: Security Advisory for ansible (FEDORA-2021-c1116fb75e)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.5CVSS6.3AI score0.00333EPSS
Exploits0References2
0day.today
0day.today
added 2021/04/30 12:0 a.m.53 views

Micro Focus Operations Bridge Reporter shrboadmin Default Password Exploit

This Metasploit module abuses a known default password on Micro Focus Operations Bridge Reporter. The shrboadmin user, installed by default by the product has the password of shrboadmin, and allows an attacker to login to the server via SSH. This module has been tested with Micro Focus Operations...

9.8CVSS9.6AI score0.15776EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/04/30 12:0 a.m.228 views

Micro Focus Operations Bridge Reporter shrboadmin Default Password

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'Micro Focus Operations Bridge Reporter shrboadmin default password', 'Description' = %q This...

7.5CVSS0.15776EPSS
Exploits3
Veracode
Veracode
added 2021/04/29 11:57 p.m.12 views

Man-in-the-Middle (MitM)

ansible is vulnerable to man-in-the-middle attacks. The vulnerability exists because the Git module encourages the use of StrictHostKeyChecking=no with SSH, enabling attackers to intercept the traffic...

4.4AI score
Exploits0
Rows per page
Query Builder