Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2016/03/18 12:0 a.m.1461 views

Dropbear SSH Server < 2016.72 xauth Command Injection

According to its self-reported version in the banner, the version of Dropbear SSH running on the remote host is prior to 2016.72. It is, therefore, affected by a command injection vulnerability when X11 Forwarding is enabled, due to improper sanitization of X11 authentication credentials. An...

6.4CVSS7AI score0.19302EPSS
Exploits4References4
CNVD
CNVD
added 2016/03/17 12:0 a.m.1 views

OpenSSH xauth Command Injection Vulnerability

OpenSSH is an open source implementation of the SSH protocol. OpenSSH = 7.2p1 suffers from an xauth command injection vulnerability in the implementation. An attacker can bypass security restrictions and inject shell commands into data using a valid certificate and the privilege to establish a...

6.4CVSS7.7AI score0.37016EPSS
Exploits13References1
0day.today
0day.today
added 2016/03/16 12:0 a.m.480 views

OpenSSH 7.2p1 - Authenticated xauth Command Injection

Exploit for multiple platform in category remote exploits ''' Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 Version: 0.2 Date: Mar 3rd, 2016 Tag: openssh xauth command injection may lead to forced-command and /bin/false bypass Overview -------- Name: openssh Vendor:...

7.1AI score0.37016EPSS
Exploits13
Packet Storm
Packet Storm
added 2016/03/15 12:0 a.m.1033 views

OpenSSH 7.2p1 xauth Command Injection / Bypass

Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 Version: 0.2 Date: Mar 3rd, 2016 Tag: openssh xauth command injection may lead to forced-command and /bin/false bypass Overview -------- Name: openssh Vendor: OpenBSD References: http://www.openssh.com/1 Version: 7.2p1 2...

5.5CVSS0.6AI score0.37016EPSS
Exploits13
Packet Storm
Packet Storm
added 2016/03/15 12:0 a.m.1763 views

Dropbear SSHD xauth Command Injection / Bypass

Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116 Version: 0.2 Date: Mar 3rd, 2016 Tag: dropbearsshd xauth command injection may lead to forced-command bypass Overview -------- Name: dropbear Vendor: Matt Johnston References: https://matt.ucc.asn.au/dropbear/dropbear.ht...

5.5CVSS0.7AI score0.37016EPSS
Exploits13
Hacker One
Hacker One
added 2016/03/10 5:49 p.m.33 views

Internet Bug Bounty: OpenSSH / dropbearSSHd xauth command injection

OpenSSH affects all version = 7.2p1 with X11Forwarding yes acc. to OpenSSH this bug is 20 years old and affects all versions back to openssh v1 status: fixed, vendor advisory: http://www.openssh.com/txt/x11fwd.adv dropbearSSHd affects = 2015.71 basically all versions that come with x11 support;...

6.7AI score
Exploits0
Rows per page
Query Builder