Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rsync vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2019-1000018
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user wit...
Pizzashack Rssh 2.3.4
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
1 Github repository
NA
CVE-2012-2252
Incomplete blacklist vulnerability in rssh prior to 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.
Pizzashack Rssh 2.2.2
Pizzashack Rssh 2.2.1
Pizzashack Rssh 2.0.0
Pizzashack Rssh 2.3.1
Pizzashack Rssh 2.3.0
Pizzashack Rssh 2.2.3
Pizzashack Rssh 2.0.2
Pizzashack Rssh 2.0.1
Pizzashack Rssh 2.1.0
Pizzashack Rssh 2.1.1
Pizzashack Rssh
Pizzashack Rssh 2.3.2
Pizzashack Rssh 2.0.4
Pizzashack Rssh 2.0.3
9.8
CVSSv3
CVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent malicious users to have unspecified impact by leveraging improper pointer arithmetic.
Zlib Zlib
Opensuse Leap 42.2
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Debian Debian Linux 8.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Oracle Mysql
Oracle Database Server 18c
Oracle Jdk 1.8.0
Oracle Jdk 1.7.0
Oracle Jdk 1.6.0
Oracle Jre 1.6.0
Oracle Jre 1.8.0
Oracle Jre 1.7.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Eus 7.4
1 Github repository
NA
CVE-2012-2251
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.
Pizzashack Rssh 2.3.2
NA
CVE-2005-4533
Argument injection vulnerability in scponlyc in scponly 4.1 and previous versions, when both scp and rsync compatibility are enabled, allows local users to execute arbitrary applications via "getopt" style argument specifications, which are not filtered.
Scponly Scponly 2.1
Scponly Scponly 3.0
Scponly Scponly 3.8
Scponly Scponly 3.9
Scponly Scponly 4.1
Scponly Scponly 3.11
Scponly Scponly 3.5
Scponly Scponly 2.0
NA
CVE-2007-0670
Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin.
Ibm Aix 5.3
Ibm Aix 5.2
NA
CVE-2007-6350
scponly 4.6 and previous versions allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository ...
Scponly Scponly
Scponly Scponly 4.5
Scponly Scponly 4.4
Scponly Scponly 4.3
Scponly Scponly 4.2
NA
CVE-2006-1320
util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf.
Rssh Rssh 2.3.0
NA
CVE-2004-1161
rssh 2.2.2 and previous versions does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.
Rssh Rssh 2.2.1
Rssh Rssh 2.2.2
Rssh Rssh 2.0
Rssh Rssh 2.1
Rssh Rssh 2.2
Gentoo Linux
1 EDB exploit
9.8
CVSSv3
CVE-2016-7560
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and previous versions, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote malicious users to read or write to arbitrary files via unspecified vectors.
Fortinet Fortiwlc 7.0-9-1
Fortinet Fortiwlc 7.0-10-0
Fortinet Fortiwlc 8.0-5-0
Fortinet Fortiwlc 8.1-2-0
Fortinet Fortiwlc
Fortinet Fortiwlc 8.2-4-0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »