296 matches found
CVE-2013-4096
ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOSTNAME field...
Information disclosure
ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message...
Authentication flaw
ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOSTNAME field...
CVE-2013-4097
ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message...
CVE-2013-4098
The CVE-2013-4098 entry concerns DS3 Authentication Server, where ServerAdmin/ErrorViewer.jsp accepts a message parameter that can be used to inject arbitrary error-page text. The public descriptions (NVD, Red Hat, CVE record) repeat this flaw, and an OpenVAS plugin notes DS3 has multiple vulnera...
CVE-2013-4096
The CVE-2013-4096 issue affects the DS3 Authentication Server’s ServerAdmin/TestTelnetConnection.jsp where remote authenticated users can execute arbitrary commands by injecting shell metacharacters into HOST_NAME. The NVD entry documents a high impact (CVSSv2 9.0, network access, no authenticati...
CVE-2013-4098
ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote attackers to inject arbitrary error-page text via the message parameter...
CVE-2013-4096
ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOSTNAME field...
CVE-2013-4097
DS3 Authentication Server is affected by a information disclosure vulnerability. The issue occurs in ServerAdmin/TestDRConnection.jsp where remote attackers can obtain sensitive information via a direct request, revealing the installation path in a -REG-E-OPEN error message. The CVE record is cor...
DS3 Authentication Server - Multiple Vulnerabilities
Original: http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt =============================== - Advisory - =============================== Tittle: DS3 Authentication Server - Command Execution Post Authentication & other minor issues Risk: High Date: 27.May.2013 Author: Pedro Andujar .:...
DS3 Authentication Server Multiple Vulnerabilities
DS3 Authentication Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DS3 Authentication Server multiple security vulnerabilities
Multiple web interface security vulnerabilities...
CVE-2013-0514: IBM Sterling External Authentication Server information disclosure
IBM Sterling External Authentication Server (SEAS) is affected by CVE-2013-0514 (information disclosure on error) and CVE-2013-0517 (OS command execution). The 0514 issue can leak product details during error handling; 0517 enables a local attacker with admin access to execute arbitrary OS comman...
Server: Multiple CSRF vulnerabilities
Multiple cross-site request forgery CSRF vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions before allows remote attackers to hijack the authentication for users via the "lat" and "lng" POST parameters to guesstimezone.php in /apps/calendar/ajax/settings/ CVE-2013-0299 Commits:...
FreeBSD Ports: FreeBSD
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Fedora Update for hostapd FEDORA-2012-15759
Check for the Version of hostapd OpenVAS Vulnerability Test Fedora Update for hostapd FEDORA-2012-15759 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
[SECURITY] Fedora 17 Update: hostapd-0.7.3-10.fc17
hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a "daemon" program that runs in the back- ground and acts as the backe...
CVE-2012-4445
CVE-2012-4445 describes a heap-based buffer overflow in the hostapd EAP-TLS implementation (eap_server_tls_process_fragment) when processing a fragmented TLS message with a small TLS Message Length, allowing a remote attacker to trigger a denial of service. Affected are hostapd releases 0.6 throu...
CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server
-----BEGIN PGP SIGNED MESSAGE----- CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server Issued: April 26, 2011 CA Technologies support is alerting customers to multiple security risks with CA Arcot WebFort Versatile Authentication Server. Two vulnerabilities exist...
CVE-2008-0887
gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859...