Ruby Exploits
6,003 exploits tracked across all sources.
rsh/rlogin Service - Info Disclosure
The rsh/rlogin service is running.
by jduck
rsh/rlogin Service - Info Disclosure
The rsh/rlogin service is running.
by jduck
HP-UX - Unauthenticated Remote Login via Default Null Password
A Unix account has a default, null, blank, or missing password.
Satel Iberia SenNet Data Logger and Electricity Meters - Command Injection
A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, and SenNet Multitask Meter V5.21a-1.18b and prior. Successful exploitation of this vulnerability could result in the attacker breaking out of the jailed shell and gaining full access to the system.
CVSS 8.8
GNU inetutils < 1.9 - Remote Code Execution via Long Encryption Key
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
RuggedCom Rugged Operating System < 3.10.1 - Unauthenticated Backdoor Account Access via MAC Address Calculation
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.
HP-UX - Unauthenticated Remote Login via Default Null Password
A Unix account has a default, null, blank, or missing password.
Varnish < 2.1.0 - Unauthenticated Remote Code Execution via CLI vcl.inline Directive
The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.
by patrick, h00die <[email protected]>
Varnish < 2.1.0 - Unauthenticated Remote Code Execution via CLI vcl.inline Directive
The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.
by aushack, h00die <[email protected]>
NTP Monitor List Scanner
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
Ultrix - Unauthenticated NFS Access Control Bypass
Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list.
Echo/Chargen - DoS
Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.
NTP Monitor List Scanner
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
miniupnpd < 1.4 - Denial of Service via Crafted SSDP Request
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
by todb, hdm
HP-UX - Unauthenticated Remote Login via Default Null Password
A Unix account has a default, null, blank, or missing password.
by theLightCosine
VMware vCenter Update Manager - Directory Traversal and Arbitrary File Read
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.
by Alexey Sintsov, sinn3r
HP-UX - Unauthenticated Remote Login via Default Null Password
A Unix account has a default, null, blank, or missing password.
by theLightCosine
VMware ESX 3.0.3 and 3.5 and ESXi 3.5 - Path Traversal
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by National Cyber Security Centre, JaGoTu, zerosum0x0, Tom Sellers
CVSS 9.8
Windows RDP - Remote Code Execution via Crafted RDP Packets
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
by Royce Davis
Energizer DUO USB - Remote Code Execution via TCP Port 7777
UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777.
HP-UX - Unauthenticated Remote Login via Default Null Password
A Unix account has a default, null, blank, or missing password.
by thelightcosine, smashery
X.org X11 - Unauthenticated Access Control Bypass via xhost Command
An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.
HP-UX - Unauthenticated Remote Login via Default Null Password
A Unix account has a default, null, blank, or missing password.
Oracle MySQL 5.1.x < 5.1.63, 5.5.x < 5.5.24, 5.6.x < 5.6.6 - Authentication Bypass via Repeated Failed Authentication
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
by theLightCosine, jcran
By Source