Redis unauthorized access can lead to a Remote Access Server Permissions-bug warning-the black bar safety net

Recently, the Rubik's Cube security team monitoring for Redis unauthorized access of a new type of attack, under certain conditions, may be the remote cause the server to fall, the Rubik's Cube Safety team in a timely manner to the attacks carried out research and threat assessment, and by the cu...

OpenSSH -- PermitRootLogin may allow password connections with 'without-password'

OpenSSH 7.0 contained a logic error in PermitRootLogin= prohibit-password/without-password that could, depending on compile-time configuration, permit password authentication to root while preventing other forms of authentication. This problem was reported by Mantas Mikulenas...

[SECURITY] [DSA 3192-1] checkpw security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3192-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 17, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3192-1] checkpw security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3192-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 17, 2015 http://www.debian.org/security/faq -...

checkpw vulnerable to denial-of-service (DoS)

Overview checkpw is a password authentication program. checkpw contains a denial-of-service DoS vulnerability due to a flaw in processing account names CWE-400. Hiroya Ito of GMO Pepabo, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

Juniper Junos JPPP Daemon Remote Denial of Service Vulnerability

Juniper Networks JUNOS is an operating system that runs on Juniper Networks' line of border routers and more. A vulnerability in the Juniper Networks JUNOS PPP backend program when using PPP authentication specially crafted for PAP authentication requests allows an attacker to exploit the...

[SECURITY] Fedora 19 Update: curl-7.29.0-27.fc19

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Apache Tomcat Manager Application Deployer Authenticated Code Execution

No description provided by source. $Id: tomcatmgrdeploy.rb 11330 2010-12-14 17:26:44Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

MDaemon SMTP Server 5.0.5 Null Password Authentication Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8382/info A vulnerability has been reported to affect the MDaemon SMTP authentication handler. It has been reported that any valid username or account can be used in conjunction with a null password, to access the MDaemon...

[SECURITY] Fedora 19 Update: curl-7.29.0-13.fc19

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

CVE-2013-5163

Apple Mac OS X: CVE-2013-5163 describes a vulnerability in Directory Services prior to OS X 10.8.5 Supplemental Update that allows a local user to bypass password validation and modify Directory Services records via unspecified vectors. The issue stems from a logic/credential verification flaw an...

WordPress Backupbuddy Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

CVE-2012-6440

The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information. Rockwell...

CVE-2012-6440 Rockwell Automation ControlLogix PLC Improper Input Validation

The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information. Rockwell...

CVE-2012-6440

CVE-2012-6440 affects Rockwell Automation EtherNet/IP products (e.g., 1756-ENBT/EWEB, 1768-ENBT/EWEB, CompactLogix L32E/L35E, 1788-ENBT, 1794-AENTR, MicroLogix 1100/1400, and pre‑20x controllers). The vulnerability arises from the Web server password authentication mechanism, enabling MitM and Re...

Authentication flaw

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session...

CVE-2012-5975

CVE-2012-5975 affects SSH Tectia Server on UNIX/Linux: versions 6.0.4–6.0.20, 6.1.0–6.1.12, 6.2.0–6.2.5, and 6.3.0–6.3.2 are vulnerable when old-style password authentication is enabled. A crafted session can bypass authentication by exploiting SSH2_USERAUTH_CHANGE REQUEST via a blank password, d...

Ubuntu: Security Advisory (USN-1467-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[USN-1467-1] MySQL vulnerabilities

========================================================================== Ubuntu Security Notice USN-1467-1 June 11, 2012 mysql-5.1, mysql-5.5, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities ========================================================================== A security issue affects these...

Apple Ships Mammoth Security Update for OS X

Apple released OS X Lion v10.7.2 yesterday along with an absolutely enormous security update that patches some 80 bugs in the various iterations of Apple’s operating system. One of the patches fixes a highly critical vulnerability that enables an attacker to run code on a remote machine with a...