EUVD-2012-4053

Malware in sbrugna...

CVE-2012-4109

The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86559...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability (cisco-sa-20190501-nexus9k-sshkey)

According to its self-reported version, Cisco NX-OS Software for Nexus 9000 Series Fabric Switches ACI Mode has a Default SSH System Key. An unauthenticated, remote attacker can exploit this, to gain root privileges. Please see the included Cisco BIDs and Cisco Security Advisory for more...

Path traversal

The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "pub.pem"...

CVE-2017-2298

The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "pub.pem"...

CVE-2017-2298

The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "pub.pem"...

CVE-2017-2298

The CVE-2017-2298 entry concerns the mcollective-sshkey-security plugin for Puppet prior to version 0.5.1. The root cause is that the plugin uses a server-specified identifier as part of the path where a file is written, enabling a compromised server to cause a file to be written to an arbitrary ...

CVE-2017-2298

The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "pub.pem"...

Jenkins Credential Collector

This module can be used to extract saved Jenkins credentials, user tokens, SSH keys, and secrets. Interesting files will be stored in loot along with combined csv output. require 'nokogiri' require 'base64' require 'digest' require 'openssl' require 'sshkey' class MetasploitModule 'Jenkins...

Hydra 8.5 - Network Logon Cracker

A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept...

Command injection

The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86559...

CVE-2012-4109

The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86559...

CVE-2012-4109

The CVE-2012-4109 issue affects Cisco UCS Fabric Interconnect: the clear sshkey command fails to sanitize input, enabling an authenticated, local attacker to inject commands and gain a root shell. Impact is local privilege escalation with full OS access. Cisco’s advisory confirms the vulnerabilit...

Cisco Unified Computing System Fabric Interconnect clear sshkey Command Injection Vulnerability

A vulnerability in the clear sshkey command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. An...

[Hydra v 7.4] Fast Network cracker

One of the biggest security holes are passwords, as every password security study shows. A very fast network logon cracker which support many different services, THC-Hydra is now updated to 7.4 version. Hydra available for Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, Currently supports...

Fast Network cracker Hydra v 7.4 updated version download

One of the biggest security holes are passwords, as every password security study shows. A very fast network logon cracker which support many different services, THC-Hydra is now updated to 7.4 version. Hydra available for Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, Currently supports...