AWS OpenVPN Deployment Tool: AutoVPN

AWS OpenVPN Deployment Tool Dependencies: boto and paramiko python packages and aws .credentials file on system 1. Clone repo to system. 2. Execute autovpn with -C -k and -r options to deploy to AWS ./autovpn -C -r us-east-1 -k macbook 3. OpenVPN config files are downloaded to current working...

Design/Logic Flaw

Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file...

CVE-2015-1776

The CVE-2015-1776 issue affects Apache Hadoop 2.6.x where, when the Intermediate data encryption feature is enabled, intermediate data and the encryption key are stored together in a credentials file on disk. This design allows local users to read sensitive information from the credentials file, ...

CVE-2015-3939

Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file...

Directory traversal

Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file...

CVE-2015-3939

CVE-2015-3939 describes a directory traversal vulnerability in the NC854 and NC856 modules of the IDS RTU 850C devices. The root cause is improper path handling in an internal web server, allowing remote authenticated users to read arbitrary files (demonstrated by TELNET credentials). Affected pr...

GLSA-201206-22 : Samba: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201206-22 Samba: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code wit...

Nmap NSE net: vnc-brute

Performs brute force password auditing against VNC servers. SYNTAX: brute.firstonly: stop guessing after first password is found default: false brute.unique: make sure that each password is only guessed once default: true brute.retries: the number of times to retry if recoverable failures occurs...

rhn-client-tools: authorized information disclosure

yum-rhn-plugin in Red Hat Network Client Tools aka rhn-client-tools on Red Hat Enterprise Linux RHEL 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security...

Mandriva Security Advisory MDVSA-2009:320 (samba)

The remote host is missing an update to samba announced via advisory MDVSA-2009:320. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

samba: information disclosure in suid mount.cifs

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the...

samba: information disclosure in suid mount.cifs

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the...

Mandrake Security Advisory MDVSA-2009:277 (samba)

The remote host is missing an update to samba announced via advisory MDVSA-2009:277. OpenVAS Vulnerability Test $Id: mdksa2009277.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:277 samba Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Mandrake Security Advisory MDVSA-2009:277 (samba)

The remote host is missing an update to samba announced via advisory MDVSA-2009:277. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandriva Linux Security Advisory : samba (MDVSA-2009:277)

Multiple vulnerabilities has been found and corrected in samba : The SMB aka Samba subsystem in Apple Mac OS X 10.5.8, when Windows File Sharing is enabled, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and...

DEBIAN-CVE-2009-2948

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the...

CVE-2009-2948

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the...

CVE-2009-2948

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the...

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : samba vulnerabilities (USN-839-1)

J. David Hester discovered that Samba incorrectly handled users that lack home directories when the automated homes share is enabled. An authenticated user could connect to that share name and gain access to the whole filesystem. CVE-2009-2813 Tim Prouty discovered that the smbd daemon in Samba...

Information disclosure by setuid mount.cifs

Description The mount.cifs program allows a user to pass in the name of a credentials file or a file containing a password via several different means. When installed as a setuid program, it does not check to see whether the user would have had access to this file prior to gaining root privileges...