Enabling Save Passwords option with Receiver for ios and Storefront

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company's Help Desk/IT support team and can refer to CTX297149 for more information. For Storefront Direct Connections , password saving is not available for receiver for ios and end...

Stack overflow

An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authenticatio...

Google Simplifies Two-Step Verification

Most major technology companies offer some take on two-factor authentication as an option for users to secure access to accounts and web-based services. Making users drink from that pond, however, has been a different story. Simplifying the process of using the second form of authentication, most...

IRS Reinstates Get Transcript Service Following Hack

The Internal Revenue Service has reinstated its Get Transcript service, more than a year after hackers managed to manipulate settings in the system in order to steal information on more than 720,000 U.S. taxpayers. The IRS suspended the service – which gives citizens a way to look up line-by-line...

The vulnerability of the SAP HANA database management system allows a hacker to execute arbitrary code.

The vulnerability of the SAP HANA database management system’s SQL interface exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code during the SQL server authentication process...

Simple PHP Agenda Request Forgery Vulnerability

Simple PHP Agenda is a PHP, MYSQL based meeting schedule management tool. A request forgery vulnerability exists in Simple PHP Agenda auth/process.php, which allows remote attackers to construct malicious URIs, trick users into parsing them, and perform malicious actions in the context of the...

Intuit Suspends Turbo Tax, Investigating Fraudulent Returns

UPDATE: This story has been updated with commentary from Intuit. Intuit last Thursday suspended its Turbo Tax e-filing service after a dramatic increase in suspicious filings and criminal attempts to leverage stolen identities in order to claim tax refunds. Intuit has since restored Turbo Tax and...

RealVNC Authentication Bypass

No description provided by source. $Id: realvnc41bypass.rb 13641 2011-08-26 04:40:21Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...

Cerberus FTP Server 1.x Buffer Overflow DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2901/info erberus FTP Server is a free, multi-threaded file transfer utility for Microsoft Windows systems. There is a buffer overflow in Cerberus FTP Server. The problem occurs when a user is attempting to authenticate. ...

CVE-2010-5290

The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different...

Design/Logic Flaw

The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different...

Vino VNC Server 3.7.3 - Persistent Denial of Service

Trustwave SpiderLabs Security Advisory TWSL2013-028: Persistent Denial of Service Vulnerability in Vino VNC Server Published: 09/16/13 Version: 1.0 Vendor: The GNOME Project https://wiki.gnome.org/Vino Product: Vino VNC Server Version affected: Vino VNC Server 3.7.3 and earlier versions 3.8 stabl...

Flaw in Oracle Logon Protocol Leads to Easy Password Cracking

There is a serious vulnerability in the authentication protocol used by some Oracle databases, a flaw that could enable a remote attacker to brute-force a token provided by the server prior to authentication and determine a user’s password. The attacker could then log on as an authenticated user...

Looking to Bolster Security, Dropbox Adds Two-Factor Authentication

Several weeks after announcing that some of its users’ log-ins and passwords had been stolen, file storage company Dropbox announced it has added a two-step authentication process over the weekend to help reinforce the security of its users’ accounts. The added layer of security is currently...

JAKCMS <= v2.01 Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/python JAKCMS query$sql; if $jakdb-affectedrows 0 $row = $result-fetchassoc; $SESSION'JAKLoggedIn' = true; Additionally, functionality in the backend, allows...

IBM WebSphere Application Server Buffer Overflow (CVE-2005-1872)

The IBM WebSphere Application Server is a Java 2 Enterprise Edition J2EE and Web Services-based application server. The software is made available for various vendor operating systems. There exists a buffer overflow vulnerability in IBM's WebSphere Application Server. The vulnerability is caused ...

CA Multiple Products Console Server Login Handling Buffer Overflow (CVE-2007-2522)

CA Computer Associates provides a group of products intended for enhancing the security of enterprise as well as individual clients. Main series of these products were formerly known as CA eTrust products. The following is a brief list of major products in this group: CA Anti-Virus for the...

Microsoft Windows LSASS Denial of Service Vulnerability (975467)

This host is missing a critical security update according to Microsoft Bulletin MS09-059. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Windows LSASS Denial of Service Vulnerability (975467)

This host is missing a critical security update according to Microsoft Bulletin MS09-059. OpenVAS Vulnerability Test $Id: secpodms09-059.nasl 8724 2018-02-08 15:02:56Z cfischer $ Microsoft Windows LSASS Denial of Service Vulnerability 975467 Authors: Sharath S Updated By: Madhuri D on 2010-11-24 ...

ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service

ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service source: https://www.securityfocus.com/bid/36074/info The 'ntop' tool is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when crafted HTTP Basic Authentication credential...