UBUNTU-CVE-2015-6564

Use-after-free vulnerability in the mmanswerpamfreectx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITORREQPAMFREECTX request...

USN-2710-2 openssh regression

USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for CVE-2015-5600 caused a regression resulting in random authentication failures in non-default configurations. This update fixes the problem. Original advisory details: Moritz Jodeit discovered that OpenSSH incorrectly handled...

Drupal Shibboleth authentication module cross-site scripting vulnerability

Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Shibboleth Authentication is one of the user login and get access to the authentication module . A cross-site scripting vulnerability exists in the Drupal Shibboleth authentication...

Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

Multiple vulnerabilities in the pam package of the operating system openSUSE; exploiting these vulnerabilities can lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...

Vulnerabilities in the Debian GNU/Linux operating system that allow a local malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

The numerous vulnerabilities in the Debian GNU/Linux operating system’s pam package can be exploited, leading to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by local malicious actors...

DEBIAN-CVE-2014-2830

Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pamcifscreds, allows remote attackers to have unspecified impact via unknown vectors...

TIBCO Spotfire Analytics Server Authentication Module Unspecified Information Disclosure

The remote host is running a version of TIBCO Spotfire Analytics Server that is affected by an information disclosure vulnerability due to an unspecified flaw in the Authentication Module. A remote attacker can exploit this vulnerability to access sensitive information by sending a specially...

TIBCO Spotfire Server Authentication Module Unspecified Remote Code Execution

The remote host is running a version of TIBCO Spotfire Server that is affected by a remote code execution vulnerability due to a unspecified flaw in the Authentication Module. A remote attacker can exploit this vulnerability to execute arbitrary code on the remote host, subject to the privileges ...

TIBCO Spotfire Server Authentication Module Unspecified Privilege Escalation

The remote host is running a version of TIBCO Spotfire Server that is affected by a privilege escalation vulnerability due to an unspecified flaw in the Authentication Module. A remote attacker can exploit this vulnerability to access sensitive information and modify data. %NASLMINLEVEL 70300 C...

Authentication flaw

Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors...

CVE-2014-5285

CVE-2014-5285 affects the Authentication Module of TIBCO Spotfire Server prior to specific versions: 4.5.2, 5.0.x prior to 5.0.3, 5.5.x prior to 5.5.2, 6.0.x prior to 6.0.3, and 6.5.x prior to 6.5.1. The issue is described as an unspecified flaw in the Authentication Module that enables remote at...

CVE-2014-2544

Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x befor...

PAM S/Key: Information disclosure

Background PAM S/Key is a pluggable authentication module for the OpenBSD Single-key Password system. Description Ulrich Müller reported that a Gentoo patch to PAM S/Key does not remove credentials provided by the user from memory. Impact A local attacker with privileged access could inspect a...

DEBIAN-CVE-2012-6140

pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...

CVE-2012-4494

The CVE-2012-4494 issue affects the Drupal Shibboleth authentication module (7.x-4.0). The vulnerability arises because the module does not properly verify the active status of users, allowing remote blocked users to bypass intended access restrictions by logging in. This is supported by multiple...

Fedora Update for pam_yubico FEDORA-2011-15580

Check for the Version of pamyubico OpenVAS Vulnerability Test Fedora Update for pamyubico FEDORA-2011-15580 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Debian: Security Advisory (DSA-2279-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-2279-1 libapache2-mod-authnz-external - SQL injection

Bulletin has no description...

DSA-1978-1 phpgroupware - several vulnerabilities

Bulletin has no description...

CVE-2009-4527

CVE-2009-4527 concerns the Drupal Shibboleth authentication module. The affected components are Shibboleth module versions 5.x before 5.x-3.4 and 6.x before 6.x-3.2. The root cause is that statically granted privileges are not properly removed after a logout or session change, allowing physically...