Lucene search
+L
MobatekMobaxterm

10 matches found

cve
cve
added 2019/07/09 9:58 p.m.154 views

CVE-2019-13475

CVE-2019-13475 affects Mobatek MobaXterm 11.1. The vulnerability is in the mobaxterm: URI handler, enabling an argument injection that allows an attacker to execute arbitrary commands when a user visits a crafted URL. The payload can inject -exec to run commands, with -hideterm and -exitwhendone ...

8.8CVSS8.9AI score0.0411EPSS
Web
cve
cve
added 2022/12/05 12:0 a.m.138 views

CVE-2022-38336

CVE-2022-38336 affects Mobatek MobaXterm prior to 22.1. The issue is an access-control flaw that allows attackers to connect to the server via SSH or SFTP without authentication. Public details describe the root cause as auth bypass in the SSH/SFTP handling; impact is high (unauthorized access). ...

8.1CVSS7.9AI score0.00829EPSS
cve
cve
added 2022/12/05 12:0 a.m.100 views

CVE-2022-38337

CVE-2022-38337 affects Mobatek MobaXterm prior to v22.1, where aborting a SFTP connection sends a hardcoded password to the server, which the server may treat as an invalid login and trigger a user DoS (e.g., via fail2ban). Root cause is hardcoded credentials during SFTP abort. Impact is Denial o...

9.1CVSS9.1AI score0.00729EPSS
cve
cve
added 2017/10/16 4:0 a.m.63 views

CVE-2017-15376

Mobatek MobaXterm 10.4 is affected by CVE-2017-15376 due to a TELNET service that does not require authentication, allowing remote command execution via TCP port 23. The vulnerability is rooted in the TELNET service configuration, enabling an unauthenticated attacker to execute arbitrary commands...

10CVSS9.8AI score0.03804EPSS
cve
cve
added 2017/03/20 4:0 p.m.63 views

CVE-2017-6805

CVE-2017-6805 : Affected product is MobaXterm Personal Edition 9.4. The issue is a directory traversal vulnerability in the TFTP server that can be triggered by a GET request containing .., allowing remote attackers to read arbitrary files. Public references (NVD, Nessus plugin, Exploit-DB entrie...

5.3CVSS5.2AI score0.07796EPSS
cve
cve
added 2019/05/13 3:58 p.m.60 views

CVE-2019-7690

The CVE affects Mobatek MobaXterm Personal Edition v11.1 Build 3860. In this version, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after disconnecting from the remote SSH server. This impacts Passwordless Authentication that uses ...

9.8CVSS9.5AI score0.03214EPSS
cve
cve
added 2015/11/04 2:0 a.m.57 views

CVE-2015-7244

Mobatek MobaXterm prior to version 8.3 is affected by CVE-2015-7244 due to a default server configuration that disables access control and does not require authentication for X11 connections. This allows a remote attacker to execute arbitrary commands or view/inject X11 data via port 6000, using ...

7.5CVSS7.7AI score0.05049EPSS
cve
cve
added 2019/09/14 2:4 p.m.56 views

CVE-2019-16305

CVE-2019-16305 affects Mobatek MobaXterm 11.1 and 12.1. The protocol handler is vulnerable to command injection: a crafted MobaXterm protocol link prompts the user to run MobaXterm to handle the link, then prompts for further confirmation, enabling command execution (demonstrated via MobaXterm://...

8.8CVSS8.9AI score0.06743EPSS
cve
cve
added 2021/06/03 10:58 a.m.56 views

CVE-2021-28847

CVE-2021-28847 affects Mobatek MobaXterm prior to 21.0. A remote attacker can cause a denial of service (Windows GUI hang) by sending rapid, repeated tab title change requests, leading to many SetWindowTextA/SetWindowTextW calls. Exploitation is network-based, with low attack complexity and no us...

7.5CVSS7.4AI score0.01427EPSS
cve
cve
added 2026/03/09 3:24 p.m.38 views

CVE-2026-25866

MobaXterm versions prior to 26.1 are affected by an Unquoted Search Path vulnerability. The app uses WinExec to launch Notepad++ without a fully qualified executable path when opening remote files. An attacker can place a malicious executable earlier in the search order, leading to arbitrary code...

8.5CVSS6.3AI score0.00132EPSS