[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256040

 
 

909

 
 

199103

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 198218 Download | Alert*

The host is installed with BigAntSoft BigAnt IM Message Server and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly authenticate for file uploading. Successful exploitation allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors.

The host is installed with JBOSS Enterprise Application Platform before 5.0.3 and is prone to an authentication bypass vulnerability. A flaw is present in the application, which fails to handle an issue in authentication configuration. Successful exploitation could allow an attacker to perform a complete authentication bypass by using an arbitrary user and password.

unzip: De-archiver for .zip files Several security issues were fixed in unzip.

It was discovered that the Ubuntu image shipped on some Dell Latitude 2110 systems was accidentally configured to allow unauthenticated package installations. A remote attacker intercepting network communications or a malicious archive mirror server could exploit this to trick the user into installing unsigned packages, resulting in arbitrary code execution with root privileges.

It was discovered that Eucalyptus did not verify password resets from the Admin UI correctly. An unauthenticated remote attacker could issue password reset requests to gain admin privileges in the Eucalyptus environment.

The cluster logical volume manager daemon in LVM2 did not correctly validate credentials. A local user could use this flaw to manipulate logical volumes without root privileges and cause a denial of service in the cluster.

Matt Weatherford discovered that Likewise Open did not correctly check password expiration for the local-provider account. A local attacker could exploit this to log into a system they would otherwise not have access to.

Neil Wilson discovered that if VNC passwords were blank in QEMU configurations, access to VNC sessions was allowed without a password instead of being disabled. A remote attacker could connect to running VNC sessions of QEMU and directly control the system. By default, QEMU does not start VNC sessions.

It was discovered that pam_krb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. Derek Chan discovered that pam_krb5 incorrectly handled refreshing existing credentials when used with setuid applications. A local attacker could exploit this to create or overwrite arbitrary files, and ...

It was discovered that NTP did not properly perform signature verification. A remote attacker could exploit this to bypass certificate validation via a malformed SSL/TLS signature.


Pages:      Start    19214    19215    19216    19217    19218    19219    19220    19221    19222    19223    19224    19225    19226    19227    ..   19821

© SecPod Technologies