Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rsync vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2017-8805
Debian ftpsync prior to 20171017 does not use the rsync --safe-links option, which allows remote malicious users to conduct directory traversal attacks via a crafted upstream mirror.
Debian Ftpsync
9.8
CVSSv3
CVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent malicious users to have unspecified impact by leveraging improper pointer arithmetic.
Zlib Zlib
Opensuse Leap 42.2
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Debian Debian Linux 8.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Oracle Mysql
Oracle Database Server 18c
Oracle Jdk 1.8.0
Oracle Jdk 1.7.0
Oracle Jdk 1.6.0
Oracle Jre 1.6.0
Oracle Jre 1.8.0
Oracle Jre 1.7.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Eus 7.4
1 Github repository
NA
CVE-2012-2252
Incomplete blacklist vulnerability in rssh prior to 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.
Pizzashack Rssh 2.2.2
Pizzashack Rssh 2.2.1
Pizzashack Rssh 2.0.0
Pizzashack Rssh 2.3.1
Pizzashack Rssh 2.3.0
Pizzashack Rssh 2.2.3
Pizzashack Rssh 2.0.2
Pizzashack Rssh 2.0.1
Pizzashack Rssh 2.1.0
Pizzashack Rssh 2.1.1
Pizzashack Rssh
Pizzashack Rssh 2.3.2
Pizzashack Rssh 2.0.4
Pizzashack Rssh 2.0.3
NA
CVE-2012-2251
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.
Pizzashack Rssh 2.3.2
NA
CVE-2007-0670
Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin.
Ibm Aix 5.3
Ibm Aix 5.2
NA
CVE-2005-4533
Argument injection vulnerability in scponlyc in scponly 4.1 and previous versions, when both scp and rsync compatibility are enabled, allows local users to execute arbitrary applications via "getopt" style argument specifications, which are not filtered.
Scponly Scponly 2.1
Scponly Scponly 3.0
Scponly Scponly 3.8
Scponly Scponly 3.9
Scponly Scponly 4.1
Scponly Scponly 3.11
Scponly Scponly 3.5
Scponly Scponly 2.0
NA
CVE-2007-6350
scponly 4.6 and previous versions allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository ...
Scponly Scponly
Scponly Scponly 4.5
Scponly Scponly 4.4
Scponly Scponly 4.3
Scponly Scponly 4.2
NA
CVE-2006-1320
util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf.
Rssh Rssh 2.3.0
NA
CVE-2004-1161
rssh 2.2.2 and previous versions does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.
Rssh Rssh 2.2.1
Rssh Rssh 2.2.2
Rssh Rssh 2.0
Rssh Rssh 2.1
Rssh Rssh 2.2
Gentoo Linux
1 EDB exploit
9.8
CVSSv3
CVE-2016-7560
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and previous versions, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote malicious users to read or write to arbitrary files via unspecified vectors.
Fortinet Fortiwlc 7.0-9-1
Fortinet Fortiwlc 7.0-10-0
Fortinet Fortiwlc 8.0-5-0
Fortinet Fortiwlc 8.1-2-0
Fortinet Fortiwlc
Fortinet Fortiwlc 8.2-4-0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »