70 matches found
CVE-2017-1779
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824...
CVE-2017-1779
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824...
CVE-2017-1779
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824...
RedSnarf - A Pen-Testing / Red-Teaming Tool For Windows Environments
RedSnarf is a pen-testing / red-teaming tool by Ed Williams for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques. RedSnarf functionality includes: Retrieval of local SAM hashes Enumeration of user/s running with elevated syste...
The vulnerability of Apache Subversion software allows a malicious intruder to compromise the confidentiality and integrity of protected information.
Vulnerability exists in Apache Subversion due to the storage of cached user credentials, based on MD5 hashes of URL addresses and authentication realms. Exploiting this vulnerability allows remote servers to gain access to user credentials by using a specially crafted authentication realm...
Mandriva Linux Security Advisory : subversion (MDVSA-2015:085)
Updated subversion packages fix security vulnerabilities : The moddavsvn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via an OPTIONS request CVE-2014-0032. Ben Reser discovered that Subversion did not...
Moderate: Red Hat Security Advisory: subversion security update
Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...
Apache Subversion 1.0.x - 1.7.17 / 1.8.x < 1.8.10 Multiple Vulnerabilities
The version of Subversion Server installed on the remote host is version 1.x.x prior to 1.7.18 or 1.8.x prior to 1.8.10. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the Serf RA layer. This flaw causes wildcards for HTTPS connections to be improperly evaluated,...
[USN-2316-1] Subversion vulnerabilities
========================================================================== Ubuntu Security Notice USN-2316-1 August 14, 2014 subversion vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...
MGASA-2014-0339 Updated subversion packages fix security vulnerabilities
Updated subversion packages fix security vulnerabilities: Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communicatio...
MGASA-2014-0338 Updated subversion packages fix CVE-2014-3528
Updated subversion packages fix security vulnerability: Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server CVE-2014-3528. The subversion package has been patched t...
Updated subversion packages fix CVE-2014-3528
Updated subversion packages fix security vulnerability: Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server CVE-2014-3528. The subversion package has been patched t...
CVE-2014-3528
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm...
CVE-2014-3528
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm...
Authentication flaw
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm...
CVE-2014-3528
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm...
Ubuntu 14.04 LTS : Subversion vulnerabilities (USN-2316-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2316-1 advisory. Lieven Govaerts discovered that the Subversion moddavsvn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote...
USN-2316-1 subversion vulnerabilities
Lieven Govaerts discovered that the Subversion moddavsvn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS...
USN-2316-1: Subversion vulnerabilities
Lieven Govaerts discovered that the Subversion moddavsvn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS...
subversion -- several vulnerabilities
Subversion Project reports: Using the Serf RA layer of Subversion for HTTPS uses the aprfnmatch API to handle matching wildcards in certificate Common Names and Subject Alternate Names. However, aprfnmatch is not designed for this purpose. Instead it is designed to behave like common shell...