Fedora: Security Advisory (FEDORA-2023-31d5d51a2d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2023-791e2dc6cb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2023-a3af7820e8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL MAIN 6.02 : openssh Vulnerability (NS-SA-2024-0061)

The remote NewStart CGSL host, running version MAIN 6.02, has openssh packages installed that are affected by a vulnerability: - A vulnerability was found in OpenSSH. The PKCS11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if ...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : wireshark (SUSE-SU-2024:3165-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3165-1 advisory. wireshark was updated from version 3.6.23 to version 4.2.6 jscPED-8517: - Security issues fixed...

Siemens Industrial Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

python-jose: algorithm confusion with OpenSSH ECDSA keys and other key formats

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

Cerberus FTP Server SFTP Username Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh' class MetasploitModule 'Cerberus FTP Server SFTP Username Enumeration', 'Description' = %q This module uses a dictionary to brute force valid usernames...

Fortinet SSH Backdoor Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet SSH Backdoor Scanner', 'Description' = %q This module scans for the Fortinet SSH backdoor. , 'Author' = 'operator8203 ', PoC 'wvu' Modul...

GitLab User Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'json' class MetasploitModule 'GitLab User Enumeration', 'Description' = " The GitLab 'internal' API is exposed unauthenticated on GitLab. This allows the userna...

Juniper SSH Backdoor Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh' class MetasploitModule 'Juniper SSH Backdoor Scanner', 'Description' = %q This module scans for the Juniper SSH backdoor also valid on Telnet. Any...

Eaton Xpert Meter SSH Private Key Exposure Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework XXX: This shouldn't be necessary but is now require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'Eaton Xpert Meter SSH Private Key Exposure Scanner'...

Apache Karaf Default Credentials Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh' class MetasploitModule "Apache Karaf Default Credentials Command Execution", 'Description' = %q This module exploits a default misconfiguration flaw on...

Sysax Multi-Server 6.10 SSHD Key Exchange Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sysax Multi-Server 6.10 SSHD Key Exchange Denial of Service', 'Description' = %q This module sends a specially-crafted SSH Key Exchange causing t...

Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh/transport/session' require 'net/sftp' require 'openssl' class MetasploitModule 'Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read',...

QNAP QTS and Photo Station Local File Inclusion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'QNAP QTS and Photo Station Local File Inclusion', 'Description' = %q This module exploits a local file inclusion in QNAP QTS and Photo Station th...

Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns

Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances. "The attacks involve threat actors that employ methods such as the deployment of shel...

CBL Mariner 2.0 Security Update: hyperv-daemons / kernel (CVE-2024-26979)

The version of hyperv-daemons / kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26979 advisory. - NIST NVD Details CVE-2024-26979 Note that Nessus has not tested for this issue but has...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 Vulnerability Checker Overview This Python...

The vulnerability of the xinetd process of the sshd daemon in the Juniper Networks Junos OS Evolved operating system allows a hacker to cause a service failure.

The vulnerability of the xinetd process of the sshd daemon in the Juniper Networks Junos OS Evolved operating system is related to the failure to release resources after their useful lifespan has ended. Exploiting this vulnerability allows a malicious actor to cause service failures by sending...