DEBIAN-CVE-2018-15473

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c...

kdump information disclosure vulnerability

kdump is a kernel crash dump functionality component used in the Linux kernel based on kexec. A security vulnerability exists in versions of kdump prior to 2012-01-20, which stems from the program's lack of host key authentication. A remote attacker can exploit this vulnerability to impersonate t...

How to use Struts2 vulnerabilities to bypass firewall get Root permissions-bug warning-the black bar safety net

This article I want to share is about the Apache struts2 CVE-2013–2251 vulnerability, since the vulnerability can lead to remote code execution, had once been widely abused. The vulnerability principle is that, by manipulating the prefix“action:”/”redirect:”/”redirectAction:”parameter in the Stru...

NetScaler 10.1, 10.5, 11.0, 11.1 and 12.0 Builds Temporarily Offline

Citrix SD-WAN, formerly NetScaler SD-WAN UPDATE: New builds are now available. Please seehttps://support.citrix.com/article/CTX227928 for more information. Original article text: Due to an issue found in the builds, NetScaler 10.1, 10.5, 11.0, 11.1 and 12.0 builds are not available for download...

ntp: missing key check allows impersonation between authenticated peers (VU#357792)

A flaw was found in the way NTP verified trusted keys during symmetric key authentication. An authenticated client A could use this flaw to modify a packet sent between a server B and a client C using a key that is different from the one known to the client A...

Moderate: Red Hat Security Advisory: ntp security and bug fix update

An update for ntp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability

A vulnerability in the SSH version 2 SSHv2 protocol implementation of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass user authentication. Successful exploitation could allow the attacker to log in with the privileges of the user or the privileges configure...

CVE-2016-1335

The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previous...

CVE-2016-1335

The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previous...

AIX 6.1 TL 9 : ntp (IV73783)

Network Time Protocol NTP Project NTP daemon ntpd is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization. %NASLMINLEVEL...

AIX 7.1 TL 2 : ntp (IV74262)

Network Time Protocol NTP Project NTP daemon ntpd is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization. %NASLMINLEVEL...

AIX 6.1 TL 6 : ntp4 (IV71094)

https://vulners.com/cve/CVE-2014-9297 Network Time Protocol NTP Project NTP daemon ntpd could allow a remote attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG. An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to bypass ACLs and launch further...

AIX 7.1 TL 0 : ntp4 (IV71096)

https://vulners.com/cve/CVE-2014-9297 Network Time Protocol NTP Project NTP daemon ntpd could allow a remote attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG. An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to bypass ACLs and launch further...

Vulnerabilities in NTPv4 affect AIX,Vulnerabilities in NTPv4 affect VIOS

IBM SECURITY ADVISORY First Issued: Mon Jun 29 10:00:16 CDT 2015 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/ntp4advisory.asc https://aix.software.ibm.com/aix/efixes/security/ntp4advisory.asc...

Retrospect Backup Client uses weak password hashing

Overview Retrospect Backup Client is a client to a network-based backup utility. This client stores passwords in a hashed format that is weak and susceptible to collision, allowing an attacker to generate a password hash collision and gain access to the target's backup files. Description CWE-916:...

UBUNTU-CVE-2015-4171

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtai...

SmarTTY - Multi-tabbed SSH Client with SCP Support

SmarTTY is a free multi-tabbed SSH client that supports copying files and directories with SCP on-the-fly and editing files in-place. One SSH session - multiple tabs Most SSH servers support up to 10 sub-sessions per connection. SmarTTY makes the best of it: no annoying multiple windows, no need ...

NTP MAC Spoofing Vulnerability

NTP Network Time Protocol is a protocol used by clients to synchronize the date and time with a time server. A MAC spoofing vulnerability exists in NTP. Due to NTP4 installation using symmetric key authentication when the unauthenticated code MAC is received. Allows an attacker to exploit the...

NTP ntpd Denial of Service Vulnerability

NTP Network Time Protocol is a protocol used by clients to synchronize the date and time with a time server. A denial of service vulnerability exists in NTP ntpd due to inconsistencies in packets received by NTP4 installations using symmetric key authentication. An attacker is allowed to exploit...

SSH Username Enumeration

This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The default action sends a malformed corrupted SSHMSGUSERAUTHREQUEST packet using public key authentication must be enabled to enumerate users. On some versions of OpenSSH under some configurations,...