Westermo xRD Products Authentication Bypass (CVE-2018-10933)

libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2MSGUSERAUTHSUCCESS message in place of the SSH2MSGUSERAUTHREQUEST message which the server would expect to initiate authentication, the attacker could successfully...

CVE-2010-3376

CVE-2010-3376 affects ROOT 5.18/00 components: (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts. The flaw places a zero-length directory name into LD_LIBRARY_PATH, enabling local privilege escalation via a Trojan horse shared library in the current working directory. Exploitation st...