247 matches found
Amazon Linux AMI : openssh (ALAS-2015-592)
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafte...
Medium: openssh
Issue Overview: The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid ...
CVE-2015-6563
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafte...
CVE-2015-6563
CVE-2015-6563 affects the OpenSSH sshd monitor component (monitor.c/monitor_wrap.c). The vulnerability allows a local attacker who has any SSH login access and can control the sshd uid to send a crafted MONITOR_REQ_PAM_INIT_CTX, enabling impersonation by leaking extraneous username data. Public a...
CVE-2015-6563
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafte...
CVE-2015-6563
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafte...
MS11-079: Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)
The version of Forefront Unified Access Gateway UAG running on the remote host has multiple vulnerabilities in the Web Monitor component : - An HTTP response splitting vulnerability in ExcelTable.asp. CVE-2011-1895 - A reflected XSS in ExcelTable.asp. CVE-2011-1896 - A reflected XSS in Default.as...