MGASA-2013-0296 Updated ssmtp package fixes security vulnerability

It was reported that ssmtp, an extremely simple MTA to get mail off the system to a mail hub, did not perform x509 certificate validation when initiating a TLS connection to server. A rogue server could use this flaw to conduct man-in- the-middle attack, possibly leading to user credentials leak...

Cisco Unified IP Phones Multiple Vulnerabilities (cisco-sa-20110601-phone)

According to its self-reported version, the version of the Cisco Unified IP Phone software running on the remote device has the following vulnerabilities : - Cisco Unified IP Phones 7900 series are prone to privilege escalation vulnerabilities. An authenticated attacker could exploit this issue t...

SEC Consult SA-20130805-0 :: Vodafone EasyBox Default WPS PIN Algorithm Weakness

SEC Consult Vulnerability Lab Security Advisory 20130805-0 ======================================================================= title: Vodafone EasyBox Default WPS PIN Algorithm Weakness product: EasyBox 802 & EasyBox 803 vulnerable version: EasyBox 802 - all versions EasyBox 803 - Production...

Windows 8 Phone Authentication Protocol Weakness

Microsoft issued a security advisory on Sunday, warning of a potential data leakage issue for Windows Phone users connecting to Wi-Fi hotspots. Hackers love to set traps for wireless users promising free Wi-Fi in airports, restaurants and other public areas. Once a mobile device connects to the...

PT-2013-2960 · Cisco · Cisco Firewall Services Module +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliances ASA devices affected versions not specified Cisco Firewall Services Module FWSM affected versions not specified Description: The Secure Shell SSH implementation does not properly terminate sessions, allowing...

Medium: cups

Issue Overview: It was discovered that CUPS administrative users members of the SystemGroups groups who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary...

D-Link DIR-300 Cross Site Scripting

Requirement 1. HTTPs Access to router 2. Ability to make configuration changes Access vector Remote Impact Persistent XSS / Script execution Vulnerable platform D-Link DIR-300 Firmware v1.3 Severity level High Steps to reproduce 1. Log in to D-link router. 2. Setup - LAN Setup - DHCP Client List ...

Private data can be disclosed to other computer users, or be modified by them – Opera Security Advisories

Private data such as cache, password files, and Opera’s configuration files are supposed to be visible only to the user who owns the Opera profile. Opera does not set the profile folder permissions correctly, allowing other computer users to read the sensitive contents of profile files. In some...

Thomson Wireless VoIP Cable Modem - Authentication Bypass

Thomson Wireless VoIP Cable Modem - Authentication Bypass Exploit Title: Thomson Wireless VoIP Cable Modem Auth Bypass Date: February 22, 2011 Authors: Glafkos Charalambous, George Nicolaou Product: TWG850-4 Wireless VoIP Cable Modem Software Version: ST9A.01.06 Severity: High Other...

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: LDAP Injection When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP...

Scientific Linux Security Update : ipa on SL6.x i386/x86_64

This Identity Management Application is a centralized authentication, identity management and authorization solution for both traditional and cloud based enterprise environments. It integrates components of the Upstream Directory Server, MIT Kerberos, the Upstream Certificate System, NTP, and DNS...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes...

CVE-2011-3636

CVE-2011-3636 describes a CSRF vulnerability in the FreeIPA management interface prior to 2.1.4. The flaw allows an attacker to hijack an administrator’s session and perform configuration-changing requests without authorization. Affected component: FreeIPA management UI. Root cause: CSRF in the w...

FreeIPA: CSRF vulnerability

Cross-site request forgery CSRF vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes...

Dell KACE K2000 Appliance contains backdoor administrator account

Overview The Dell KACE K2000 System Deployment Appliance contains a hidden administrator account that could allow a remote attacker to take control of an affected device. Description The Dell KACE K2000 Deployment Appliance is an integrated systems provisioning product for large-scale operating...

CentOS Update for samba3x CESA-2011:1220 centos5 i386

Check for the Version of samba3x OpenVAS Vulnerability Test CentOS Update for samba3x CESA-2011:1220 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS 5 : samba3x (CESA-2011:1220)

Updated samba3x packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

2Wire Cross-Site Request Forgery Password Reset Vulnerability

This module will reset the admin password on a 2Wire wireless router. This is done by using the /xslt page where authentication is not required, thus allowing configuration changes such as resetting the password as administrators. This module requires Metasploit: https://metasploit.com/download...

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series Advisory ID: cisco-sa-20110601-phone Revision 1.0 For Public Release 2011 June 1 1600 UTC GMT +----------------------------------------------------------------...

Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar Advisory ID: cisco-sa-20110601-cnr Revision 1.0 For Public Release 2011 June 01 1600 UTC GMT +---------------------------------------------------------------------...