2160 matches found
CVE-2015-5600
Summary (CVE-2015-5600): The kbdint_next_device function in OpenSSH sshd up to version 6.9 fails to properly constrain keyboard-interactive device processing within a single connection, enabling remote brute-force attempts or a denial-of-service via a long/duplicative ssh -oKbdInteractiveDevices ...
CVE-2015-5600
The kbdintnextdevice function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service CPU consumptio...
UBUNTU-CVE-2015-5600
The kbdintnextdevice function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service CPU consumptio...
[SECURITY] Fedora 21 Update: ipython-2.4.1-7.fc21
IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: Comprehensive object introspection. Input history, persistent across sessions. Caching of output results during a session with automatically generated references. Readline based name...
[SECURITY] Fedora 22 Update: ipython-2.4.1-7.fc22
IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: Comprehensive object introspection. Input history, persistent across sessions. Caching of output results during a session with automatically generated references. Readline based name...
Updated openssh package fixes security vulnerability
The OpenSSH server, when keyboard-interactive challenge response authentication is enabled and PAM is being used the default configuration in Mageia, can be tricked into allowing more password attempts than the MaxAuthTries setting would normally allow in one connection, which can aid an attacker...
openssh: authentication limits bypass
The OpenSSH server normally wouldn't allow successive authentications that exceed the MaxAuthTries setting in sshdconfig, however when using kbd-interactive challenge-response authentication the allowed login retries can be extended limited only by the LoginGraceTime setting, that can be more tha...
Bug in OpenSSH Opens Linux Machines to Password Cracking Attack
A simple but highly critical vulnerability recently disclosed in the most widely used OpenSSH software allows attackers to try thousands of password login attempts per connection in a short period. OpenSSH is the most popular software widely used for secure remote access to Linux-based systems...
PT-2015-3444
Name of the Vulnerable Software and Affected Versions OpenSSH versions through 6.9 Description The issue is related to the kbdint next device function in the OpenSSH sshd service, which does not properly restrict the processing of keyboard-interactive devices within a single connection. This make...
Cheat - Create and view interactive cheatsheets on the command-line
cheat allows you to create and view interactive cheatsheets on the command-line. It was designed to help remind nix system administrators of options for commands that they use frequently, but not frequently enough to remember. cheat depends only on python and pip. Example The next time you're...
SQL injection vulnerability in txtContent parameter in InteractiveCommunication/InterActiveIndex.aspx of Wave Government Service Platform
Wave software government system is an industry informatization application system built on the basis of cloud computing and big data. There is a SQL injection vulnerability in the txtContent parameter of the InteractiveCommunication/InterActiveIndex.aspx of the Wave government service platform,...
Windows Interactive Powershell Session, Reverse TCP
Listen for a connection and spawn an interactive powershell session This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' module MetasploitModule CachedSize = :dynamic include...
Windows Interactive Powershell Session, Bind TCP
Listen for a connection and spawn an interactive powershell session This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' Extends the Exec payload run a powershell command module MetasploitModule...
[SECURITY] Fedora 21 Update: mksh-50f-1.fc21
mksh is the MirBSD enhanced version of the Public Domain Korn shell pdksh, a bourne-compatible shell which is largely similar to the original AT&T Korn shell. It includes bug fixes and feature improvements in order to produce a modern, robust shell good for interactive and especially script use,...
[SECURITY] Fedora 20 Update: mksh-50f-1.fc20
mksh is the MirBSD enhanced version of the Public Domain Korn shell pdksh, a bourne-compatible shell which is largely similar to the original AT&T Korn shell. It includes bug fixes and feature improvements in order to produce a modern, robust shell good for interactive and especially script use,...
Windows Interactive Powershell Session, Bind TCP
Listen for a connection and spawn an interactive powershell session This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' Extends the Exec payload to run a powershell command module MetasploitModule...
Windows Interactive Powershell Session, Reverse TCP
Listen for a connection and spawn an interactive powershell session This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' module MetasploitModule CachedSize = :dynamic include...
Windows Interactive Powershell Session, Bind TCP
Interacts with a powershell session on an established socket connection This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' module MetasploitModule CachedSize = :dynamic include Msf::Payload::Sing...
[SECURITY] Fedora 22 Update: jython-2.7-0.7.rc2.fc22
Jython is an implementation of the high-level, dynamic, object-oriented language Python seamlessly integrated with the Java platform. The predecessor to Jython, JPython, is certified as 100% Pure Java. Jython is freely available for both commercial and non-commercial use and is distributed with...
Cisco Unified Communications Manager Interactive Voice Response Interface SQL Injection Vulnerability
A vulnerability in the Interactive Voice Response IVR interface of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to conduct SQL injection attacks. The vulnerability is due to a lack of input validation on user-supplied input within SQL queries. An attack...