1855 matches found
Troubleshooting Authentication Issue Through Netscaler when Using LDAP and RSA
Authentication fails when using Dual auth LDAP+RSA on NetScaler...
MGASA-2016-0280 Updated openssh packages fix security vulnerability
The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...
Theory PHP Common Vulnerabilities first bomb: installation problems-vulnerability warning-the black bar safety net
First get a copy of the source code, certainly is the first install, and the installation file will often appear problem. Generally the installation file after the installation is complete, basically not automatically delete the install file, I encountered will be automatically deleted if it...
SUSE-SU-2016:1343-1 Security update for salt
salt was updated to fix one security issue. This security issue was fixed: - CVE-2016-3176: Insecure configuration of PAM external authentication service. Authenticating were able to specify the PAM service bsc972436...
SUSE-SU-2016:0972-1 Security update for salt
salt was updated to fix one security issue. This security issue was fixed: - CVE-2016-3176: Insecure configuration of PAM external authentication service. Authenticating were able to specify the PAM service bsc972436...
MGASA-2016-0125 Updated pidgin-otr packages fix security vulnerability
The pidgin-otr plugin before 4.0.2 is vulnerable to a heap use after free error. The bug is triggered when a user tries to authenticate a buddy and happens in the function createsmpdialog CVE-2015-8833...
Command Injection in Command Line Interface
Palo Alto Networks firewalls implement a command line interface for interactive configuration through a serial interface or a remote SSH session. An issue was identified that can cause incorrect parsing of a specific SSH command parameter, leading to arbitrary command execution on the OS level...
JVN#20246313: Cybozu Office vulnerable to denial-of-service (DoS)
Cybozu Office contains a denial-of-service DoS vulnerability due to an issue in "customapp". Impact An authenticated attacker may cause a denial-of-service DoS condition which all users can not use the system. Solution Update the Software Update to the latest version according to the information...
SUSE-SU-2016:0347-1 Security update for curl
This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer bsc962983 The following non-security bugs were fixed: -...
CVE-2015-8748
Radicale before 1.1 allows remote authenticated users to bypass ownerwrite and owneronly limitations via regex metacharacters in the user name, as demonstrated by "."...
CVE-2016-0755
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015...
CURL-CVE-2016-0755 NTLM credentials not-checked for proxy connection reuse
libcurl reuses NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. libcurl maintains a pool of connections after a transfer has completed. The pool of connections is then gone through when a ne...
NetScaler Gateway Stuck at /cgi/login for a User of a Particular Group
After NetScaler Gateway authentication, logon page gets stuck at /cgi/login for a user of a particular group. Users of other groups have no issue...
JVN#56210048: Apple OS X authentication issue when recovering from sleep mode
Apple OS X contains an issue with authentication when recovering from sleep mode. This issue exists due to a flaw in the the processing of the text entered in the dialog box upon recovering from sleep mode. Impact When Apple Remote Desktop is used in full screen mode and the remote connection is...
NetScaler Gateway Rejects RADIUS Accept Request
RADIUS authentication is configured on NetScaler Gateway. RADIUS accepts the authentication and sends the correct message however NetScaler rejects the authentication. The RADIUS log files show that the authentication is accepted. The network trace shows that a message is sent from RADIUS server...
MGASA-2015-0295 Updated openssh package fixes security vulnerability
The OpenSSH server, when keyboard-interactive challenge response authentication is enabled and PAM is being used the default configuration in Mageia, can be tricked into allowing more password attempts than the MaxAuthTries setting would normally allow in one connection, which can aid an attacker...
Code injection
unattended-upgrades before 0.86.1 does not properly authenticate packages when the 1 force-confold or 2 force-confnew dpkg options are enabled in the DPkg::Options:: apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors...
UBUNTU-CVE-2015-3164
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket...
CVE-2015-4171
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtai...
MGASA-2015-0065 Updated rsync package fixes security vulnerability
Updated rsync package fixes security vulnerability: Ryan Finnie discovered that rsync 3.1.0 contains a denial of service issue when attempting to authenticate using a nonexistent username. A remote attacker could use this flaw to cause a denial of service via CPU consumption CVE-2014-2855. The...