Microsoft SharePoint SSI / ViewState Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SharePoint Server-Side Include and ViewState RCE', 'Description' = %q This module exploits a server-side include SSI in SharePoint to...

OPENSUSE-SU-2020:1687-1 Security update for pdns-recursor

This update for pdns-recursor fixes the following issues: -pdns-recursorwas updated to 4.1.1 and 4.3.5: - CVE-2020-25829: Fixed a cache pollution related to DNSSEC validation boo1177383 - CVE-2020-14196: Fixed an access restriction bypass with API key and password authentication boo1173302...

CVE-2020-10123

The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating...

CVE-2019-19522

OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root...

Security Bulletin: Multiple vulnerabilities in NTP, OpenSSL and GNU glibc affect IBM Netezza Host Management

Summary NTP, OpenSSL, GNU glibc and Libreswan are used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2015-1799 DESCRIPTION: Network Time Protocol NTP Project NTP daemon ntpd is vulnerable to a denial of service, caus...

Authentication flaw

The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy BLE traffic during one authorized unlock action, and then calculating the authentication key via simple computations on the hex digits of a valid authentication request. This...

CVE-2019-10150

OpenShift Container Platform versions 3.6.x–4.6.0 fail to verify SSH host keys when using SSH key authentication during builds, allowing a network-adversary who can redirect traffic to alter build outputs (CVE-2019-10150). Affected product: OpenShift Container Platform. Root cause: builds do not ...

EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1556)

According to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause...

openSUSE Security Update : libssh2_org (openSUSE-2019-1290)

This update for libssh2org fixes the following issues : - Incorrect upstream fix for CVE-2019-3859 broke public key authentication bsc1133528, bsc1130103 This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...

OPENSUSE-SU-2019:1291-1 Security update for libssh2_org

This update for libssh2org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication bsc1133528, bsc1130103 This update was imported from the SUSE:SLE-15:Update update project...

SUSE SLES11 Security Update : libssh2_org (SUSE-SU-2019:14031-1)

This update for libssh2org fixes the following issues : Incorrect upstream fix for CVE-2019-3859 broke public key authentication bsc1133528, bsc1130103 Store but don't use keys of unsupported types in the knownhosts file bsc1091236 Note that Tenable Network Security has extracted the preceding...

SUSE SLED12 / SLES12 Security Update : libssh2_org (SUSE-SU-2019:1060-1)

This update for libssh2org fixes the following issues : - Incorrect upstream fix for CVE-2019-3859 broke public key authentication bsc1133528, bsc1130103 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempte...

Security update for libssh2_org (important)

openSUSE Security Update: Security update for libssh2org Announcement ID: openSUSE-SU-2019:1291-1 Rating: important References: 1130103 1133528 Cross-References: CVE-2019-3859 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has one errata is now available...

openSUSE Security Update : libssh2_org (openSUSE-2019-1291)

This update for libssh2org fixes the following issues : - Incorrect upstream fix for CVE-2019-3859 broke public key authentication bsc1133528, bsc1130103 This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...

SUSE-SU-2019:14032-1 Security update for libssh2_org

This update for libssh2org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication bsc1133528, bsc1130103...

SUSE-SU-2019:1060-1 Security update for libssh2_org

This update for libssh2org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication bsc1133528, bsc1130103...

SUSE-SU-2019:1059-1 Security update for libssh2_org

This update for libssh2org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication bsc1133528, bsc1130103...

SUSE-SU-2019:14031-1 Security update for libssh2_org

This update for libssh2org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication bsc1133528, bsc1130103 - Store but don't use keys of unsupported types in the knownhosts file bsc1091236...

"netScalerLoginFailure" SNMP trap recieved and log message appear in /var/log/ns.log on NetScaler when logging in using SSH Key based authentication

When SSH Key based authentication is being used, each time the a user logs in and authentication is performed using the SSH key pair, the following symptoms maybe observed: Following messages are seen in /var/log/ns.log Mar 12 12:16:48 10.10.10.10 03/12/2019:12:16:48 GMT NetScaler 0-PPE-2 : defau...

How to Secure SSH Access to the NetScaler Appliance with Public Key Authentication

This article contains information about securing administrative access to the NetScaler appliance by using the public key authentication mechanism of Secure Shell SSH. Requirements To complete the procedure in this document, the NetScaler appliance must have the following tools: An SSH client...