CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800, Security Vulnerabilities

Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a...

Security Advisory - Glibc Buffer Overflow Vulnerability

Huawei noticed that Qualys had disclosed the buffer overflow in the GNU C Library (glibc) on January 27th, 2015, Applications call various gethostbyname function are affected and attackers can exploit this vulnerability to perform remote code execution. (Vulnerability ID: HWPSIRT-2015-01045) This.....

GNU glibc gethostbyname Function Buffer Overflow Vulnerability

On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This vulnerability is related to the various gethostbyname functions included in glibc and affects applications that call these functions. This vulnerability may allow an attacker to obtain...

OracleVM 3.3 : krb5 (OVMSA-2014-0034)

The remote OracleVM system is missing necessary patches to address critical security updates : actually apply that last patch incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345, #1128157) ksu: when evaluating .k5users, don't throw away data from .k5users when we're not passed a...

Juniper Networks Junos OS FPC DoS Vulnerability (JSA10655)

Juniper Networks Junos OS is prone to a denial of service (DoS) ...

Amazon Linux AMI : krb5 (ALAS-2014-443)

It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418 , CVE-2013-6800) A NULL pointer....

CentOS 6 : krb5 (CESA-2014:1389)

Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity...

Medium: krb5

Issue Overview: It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800)....

Scientific Linux Security Update : krb5 on SL6.x i386/x86_64 (20141014)

It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer.....

SOL15785 - Kerberos vulnerability CVE-2013-6800

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists....

K15785 : Kerberos vulnerability CVE-2013-6800

Security Advisory Description An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different...

CVE-2014-7800

The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dlygrn for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

CVE-2014-7800

The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dlygrn for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

Information disclosure

The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dlygrn for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

CVE-2014-7800

The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dlygrn for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

krb5 security update

CentOS Errata and Security Advisory CESA-2014:1389 Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause.....

Oracle Linux 6 : krb5 (ELSA-2014-1389)

From Red Hat Security Advisory 2014:1389 : Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base...

krb5 security and bug fix update

[1.10.3-33] - actually apply that last patch [1.10.3-32] - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345, #1128157) [1.10.3-31] - ksu: when evaluating .k5users, don't throw away data from .k5users when we're not passed a command to run, which implicitly means we're attempting to run ...

RedHat Update for krb5 RHSA-2014:1389-02

The remote host is missing an update for...

Scientific Linux Security Update : krb5 on SL5.x i386/x86_64 (20140916)

It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer.....

(RHSA-2014:1389) Moderate: krb5 security and bug fix update

Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a.....

RHEL 6 : krb5 (RHSA-2014:1389)

Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity...

Juniper Junos 'em' Interface Fragmentation Remote DoS (JSA10655)

According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability. A remote attacker can exploit this issue by sending a set of specially crafted fragmented packets to cause the 'em' driver to become permanently blocked when trying to...

Security Advisory-9 OpenSSL vulnerabilities on Huawei products

This security advisory (SA) describes the impact of 9 OpenSSL vulnerabilities discovered in third-party software. (Vulnerability ID: HWPSIRT-2014-0816) These vulnerabilities are referenced in this document as follows: 1.Information leak in pretty printing functions (CVE-2014-3508). A flaw in...

CentOS 5 : krb5 (CESA-2014:1245)

Updated krb5 packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings,...

CentOS Update for krb5-devel CESA-2014:1245 centos5

The remote host is missing an update for...

krb5 security update

CentOS Errata and Security Advisory CESA-2014:1245 Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). It was found that if a KDC served multiple realms, certain...

CVE-2014-6800

The Bloom Township 206 (aka net.parentlink.bloom) application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

CVE-2014-6800

The Bloom Township 206 (aka net.parentlink.bloom) application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

Design/Logic Flaw

The Bloom Township 206 (aka net.parentlink.bloom) application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

CVE-2014-6800

The Bloom Township 206 (aka net.parentlink.bloom) application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability

Description GNU Bash is prone to remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Advantech EKI-1320 1.98 ...

Oracle Linux 5 : krb5 (ELSA-2014-1245)

From Red Hat Security Advisory 2014:1245 : Updated krb5 packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base...

krb5 security and bug fix update

[1.6.1-78.el5] - gssapi: pull in upstream fix for a possible NULL dereference in spnego (CVE-2014-4344, #1121509) [1.6.1-77.el5] - fix what appears to be a cosmetic error in the patch for self-tests for CVE-2014-4341 [1.6.1-76.el5] - run the backported self-tests, such as they are, for...

RedHat Update for krb5 RHSA-2014:1245-01

The remote host is missing an update for...

(RHSA-2014:1245) Moderate: krb5 security and bug fix update

Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function...

RHEL 5 : krb5 (RHSA-2014:1245)

Updated krb5 packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings,...

CVE-2014-5800

The smart.nhibzbanking (aka nh.smart.nhibzbanking) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

CVE-2014-5800

The smart.nhibzbanking (aka nh.smart.nhibzbanking) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

Design/Logic Flaw

The smart.nhibzbanking (aka nh.smart.nhibzbanking) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

CVE-2014-5800

The smart.nhibzbanking (aka nh.smart.nhibzbanking) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

[SECURITY] Fedora 19 Update: krb5-1.11.3-25.fc19

Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted...

Fedora Update for krb5 FEDORA-2014-9305

The remote host is missing an update for...

ManageEngine Password Manager MetadataServlet.dat SQL Injection Exploit

Exploit for multiple platform in category web...

ManageEngine Password Manager MetadataServlet.dat SQL Injection

No description provided by...

ManageEngine Password Manager - MetadataServlet.dat SQL Injection (Metasploit)

ManageEngine Password Manager - MetadataServlet.dat SQL Injection...

ManageEngine Password Manager - MetadataServlet.dat SQL Injection (Metasploit)

...

ManageEngine Desktop Central / Password Manager LinkViewFetchServlet.dat SQL Injection

This module exploits an unauthenticated blind SQL injection in LinkViewFetchServlet, which is exposed in ManageEngine Desktop Central v7 build 70200 to v9 build 90033 and Password Manager Pro v6 build 6500 to v7 build 7002 (including the MSP versions). The SQL injection can be used to achieve...

ManageEngine Password Manager MetadataServlet.dat SQL Injection Exploit

This Metasploit module exploits an unauthenticated blind SQL injection in LinkViewFetchServlet, which is exposed in ManageEngine Desktop Central v7 build 70200 to v9 build 90033 and Password Manager Pro v6 build 6500 to v7 build 7002 (including the MSP versions). The SQL injection can be used to...

ManageEngine Password Manager MetadataServlet.dat SQL Injection

...