138 matches found
EUVD-2013-3208
Malware in sbrugna...
EUVD-2005-1121
Malware in sbrugna...
CVE-2013-0931
EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration...
CVE-2013-0942
Cross-site scripting XSS vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-3280
EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash...
CVE-2013-3271
EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote attackers to discover correct login credentials via a brute-force attack...
CVE-2023-40519
A cross-site scripting XSS vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575ee9195b0, 01.01.01.30097902fd999e76, and 00.12.01.95655881254b459 allows remote attackers to inject arbitrary web script or HTML v...
Cisco Duo 安全漏洞
Cisco Duo is a fully managed solution from Cisco, Inc. providing secure access to your applications and data. A security vulnerability exists in Cisco Duo that stems from a flaw in the logging component of the authentication agent that could allow an authenticated, remote attacker to view sensiti...
[SECURITY] Fedora 37 Update: polkit-kde-5.27.1-1.fc37
Provides Policy Kit Authentication Agent that nicely fits to KDE...
K56231955: RSA Authentication Agent vulnerabilities CVE-2018-1232, CVE-2018-1233, and CVE-2018-1234
Security Advisory Description CVE-2018-1232 RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit...
SUSE CVE-2015-3218
The authenticationagentnew function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit aka polkit before 0.113 allows local users to cause a denial of service NULL pointer dereference and polkitd daemon crash by calling RegisterAuthenticationAgent with an invalid object path...
SUSE CVE-2015-4625
Integer overflow in the authenticationagentnewcookie function in PolicyKit aka polkit before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value...
SUSE CVE-2019-3827
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...
Exploit for Incorrect Authorization in Polkit_Project Polkit
PolicyKit CVE-2021-3560 Exploitation Authentication Agent ====...
Exploit for Incorrect Authorization in Polkit_Project Polkit
PolicyKit CVE-2021-3560 Exploit Authentication Agent ====...
CVE-2021-36368
An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...
Fedora: Security Advisory for polkit-kde (FEDORA-2021-85c9774673)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
NewStart CGSL CORE 5.04 / MAIN 5.04 : gvfs Vulnerability (NS-SA-2019-0224)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gvfs packages installed that are affected by a vulnerability: - An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users...
gvfs security and bug fix update
1.36.2-3 - Force NT1 protocol version for workgroup support 1619719 1.36.2-2 - Prevent spawning new daemons if outgoing operation exists 1632960 - CVE-2019-3827: Prevent access if any authentication agent isnt available 1673887...
gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password
An incorrect permission check in the admin backend in gvfs was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users...