15 matches found
CVE-2023-45239
A lack of input validation exists in tacplus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tacplus to inject shell commands and gain remote code execution on the tacplus server...
EUVD-2023-52693
Malicious code in bioql PyPI...
CVE-2023-48643
Shrubbery tacplus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tacplus.cfg configuration file. These are executed when a client sends an authorization request with a...
CVE-2023-48643
Shrubbery tacplus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tacplus.cfg configuration file. These are executed when a client sends an authorization request with a...
CVE-2023-48643
Shrubbery tacplus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tacplus.cfg configuration file. These are executed when a client sends an authorization request with a...
CVE-2023-48643
Shrubbery tacplus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tacplus.cfg configuration file. These are executed when a client sends an authorization request with a...
CVE-2023-48643
CVE-2023-48643 affects Shrubbery tac_plus 2.x, 3.x, and 4.x up to F4.0.4.28. The issue arises when pre-auth or post-auth checks are configured as shell commands in tac_plus.cfg; strings from TACACS+ packets are used as command arguments, allowing injection that leads to unauthenticated remote com...
CVE-2023-45239
A lack of input validation exists in tacplus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tacplus to inject shell commands and gain remote code execution on the tacplus server...
CVE-2023-45239
A lack of input validation exists in tacplus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tacplus to inject shell commands and gain remote code execution on the tacplus server...
Input validation
A lack of input validation exists in tacplus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tacplus to inject shell commands and gain remote code execution on the tacplus server...
CVE-2023-45239
The CVE-2023-45239 entry concerns tac_plus, a TACACS+ daemon. A lack of input validation prior to commit 4fdf178 allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands when pre- or post-authorization commands are enabled, enabling remot...
CVE-2023-45239
A lack of input validation exists in tacplus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tacplus to inject shell commands and gain remote code execution on the tacplus server...
CVE-2023-45239
A lack of input validation exists in tacplus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tacplus to inject shell commands and gain remote code execution on the tacplus server...
CVE-2002-0225
tacplus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files...
CVE-2000-0486
The CVE-2000-0486 entry documents a buffer overflow in the Cisco TACACS+ tac_plus server triggered by a malformed packet with a long length field, leading to a potential denial of service . The affected component is tac_plus on Cisco TACACS+ implementations; the root cause is a faulty handling of...