21 matches found
`time-sync` was removed from crates.io due to malicious code
The time-sync crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. This the same attack that we've seen three times in the last few days. The malicious crate had 1 version published on 2026-03-04 approximately 50 minutes before...
RUSTSEC-2026-0036 `time-sync` was removed from crates.io due to malicious code
The time-sync crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. This the same attack that we've seen three times in the last few days. The malicious crate had 1 version published on 2026-03-04 approximately 50 minutes before...
EUVD-2000-0491
Malware in sbrugna...
Lawo AG vsm LTC Time Sync Path Traversal
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated Path Traversal Vulnerability product: Lawo AG - vsm LTC Time Sync vTimeSync vulnerable version: 4.5.6.0 fixed version: 4.5.6.0 CVE number: CVE-2024-6049...
CVE-2024-6049
The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...
CVE-2024-6049
The CVE-2024-6049 issue affects Lawo AG vsm LTC Time Sync (vTimeSync) Web server. A triple-dot path traversal vulnerability allows unauthenticated attackers to download arbitrary OS files via crafted HTTP requests, with exploitation possible only when a file extension is requested (e.g., .exe, .t...
CVE-2024-6049 Unauthenticated Path Traversal
The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...
Lawo AG vsm LTC Time Sync 路径遍历漏洞
Lawo vsm LTC Time Sync Lawo vTimeSync is an application from Lawo, Inc. A security vulnerability exists in Lawo AG vsm LTC Time Sync prior to version 4.5.6.0, which stems from the presence of a path traversal vulnerability that could allow an unauthenticated, remote attacker to download arbitrary...
PT-2024-38056 · F Logic · F-Logic Datacube3
Name of the Vulnerable Software and Affected Versions: F-logic DataCube3 version 1.0 Description: A critical issue has been found in the HTTP POST Request Handler component, specifically in the file /admin/config time sync.php. The manipulation of the ntp server argument leads to os command...
NTP time sync issue on VPX running on VMware platform
For Citrix ADC VPX instances deployed on VMware ESXi hypervisor, the Citrix ADC system time might go out of sync and consequently network time protocol NTP synchronization is lost. This problem occurs due to an issue with VMware ACPI timer emulation. tail -f ntpd.log 6 Dec 01:06:23 ntpd42663:...
REST API Error: S3 Error: The difference between the request time and the current time is too large / Invalid Credentials for Amazon S3
Challenge This article covers two different errors that occur when performing different tasks, but have the same root cause: When adding S3 Object Storage to Veeam Console, Veeam displays the follow error: Failed to list S3 buckets: check if the specified account has required permissions REST API...
Yi Technology Home Camera Time Sync Code Execution (CVE-2018-3892)
A remote code execution exists in the time syncing functionality of Yi Home Camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Provisioning Services and Daylight Saving Time
During a Target Device TD boot or reboot, after Daylight Saving Time DST but prior to any vDisk maintenance, you might notice that the TD system time is not consistent with the system time of the PVS Server. A user has reported the inability to log on to the domain. Log on with a local user accou...
Atrus Trivalie Productions Simple Network Time Sync 1.0 daemon Buffer Overflow
No description provided by source. source: http://www.securityfocus.com/bid/1289/info A scanf overflow has been discovered in the Simple Network Time Sync daemon and client version 1.0. Currently the buffer overflow has been tested on RedHat 6.1. It may be possible to obtain root, although it...
CVE-2000-0493
Buffer overflow in Simple Network Time Sync SMTS daemon allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long string...
CVE-2000-0493
Buffer overflow in Simple Network Time Sync SMTS daemon allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long string...
kill_sntsd.pl
I noticed an uncommon scanf overflow in the Simple Network Time Sync daemon and client version 1.0, tested on Redhat 6.1. I haven't looked into this fully yet, but it looks as tho it could be root comprimising as it sits on a priveledged udp port and seems to coredump, but looks like it only give...
Atrus Trivalie Productions Simple Network Time Sync 1.0 - daemon Buffer Overflow
Atrus Trivalie Productions Simple Network Time Sync 1.0 - daemon Buffer Overflow source: https://www.securityfocus.com/bid/1289/info A scanf overflow has been discovered in the Simple Network Time Sync daemon and client version 1.0. Currently the buffer overflow has been tested on RedHat 6.1. It...
Переполнение буфера в simple network time sync
Классическое переполнение буфера при строке длиннее 50 символов...
Atrus Trivalie Productions Simple Network Time Sync 1.0 - daemon Buffer Overflow
source: https://www.securityfocus.com/bid/1289/info A scanf overflow has been discovered in the Simple Network Time Sync daemon and client version 1.0. Currently the buffer overflow has been tested on RedHat 6.1. It may be possible to obtain root, although it appears one only has 50 characters to...