14906 matches found
rxvt 2.7.0 / rxvt-unicode 9.22 Code Execution
!/usr/bin/env python Title: rxvt remote code execution over scp with $SHELL=/bin/bash 0day Version: rxvt 2.7.10, rxvt-unicode 9.22 Author: def Date: 2021-05-16 CVE: N/A ------------------------------------------------------------------------------ URXVT VULNERABILITY In rxvt-based terminals, ANSI...
Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System
Summary Redhat provided OpenSSH is used by IBM Integrated Analytics System. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2020-14145 DESCRIPTION: OpenSSH is vulnerable to a man-in-the-middle attack, caused by an observable discrepancy flaw. An attacker...
Ubuntu: Security Advisory (USN-4944-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GitHub Prepares to Move Beyond Passwords
GitHub, the ubiquitous host for software development and version control and unfortunate target of a steady pitter-patter of attacks targeting the same, is now supporting security keys when using Git over SSH. In a post on Monday, GitHub security engineer Kevin Jones said that this is the next st...
GitHub Will Now Support Security Keys for SSH Git Operations
By Deeba Ahmed To prevent account takeover in SSH Git operations, GitHub has now added support for security keys. This is a post from HackRead.com Read the original post: GitHub Will Now Support Security Keys for SSH Git Operations...
DNSObserver - A Handy DNS Service Written In Go To Aid In The Detection Of Several Types Of Blind Vulnerabilities
A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends notifications with the received request's details via Slack. DNSObserver can help you find bugs such as blind OS command...
SSH Password Authentication Accepted
The SSH server on the remote host accepts password authentication. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid149334; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2021/05/07...
CVE-2021-31800
Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing...
CVE-2021-31800
Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing...
Sifchain: Private RSA key for Vagrant exposed in GitHub repository
Summary: The private RSA key used for SSH on Vagrant is exposed in sifnode GitHub repository. Steps To Reproduce: 1. Visit this link which shows the privatekey file used for your Vagrant virtual machine Suggested solution Remove the private key from the repository. Even though you remove it, it...
[SECURITY] Fedora 32 Update: ansible-2.9.20-1.fc32
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...
[SECURITY] Fedora 34 Update: ansible-2.9.20-1.fc34
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...
[SECURITY] Fedora 33 Update: ansible-2.9.20-1.fc33
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...
Fedora: Security Advisory for ansible (FEDORA-2021-4a17f0225d)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for ansible (FEDORA-2021-0414eb891b)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Huawei EulerOS: Security Advisory for e2fsprogs (EulerOS-SA-2021-1777)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for ansible (FEDORA-2021-c1116fb75e)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Micro Focus Operations Bridge Reporter shrboadmin Default Password Exploit
This Metasploit module abuses a known default password on Micro Focus Operations Bridge Reporter. The shrboadmin user, installed by default by the product has the password of shrboadmin, and allows an attacker to login to the server via SSH. This module has been tested with Micro Focus Operations...
Micro Focus Operations Bridge Reporter shrboadmin Default Password
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'Micro Focus Operations Bridge Reporter shrboadmin default password', 'Description' = %q This...
Man-in-the-Middle (MitM)
ansible is vulnerable to man-in-the-middle attacks. The vulnerability exists because the Git module encourages the use of StrictHostKeyChecking=no with SSH, enabling attackers to intercept the traffic...