5452 matches found
Solaris Update for Native LDAP, PAM, name-service-switch 138874-05
Check for the Version of Native LDAP, PAM, name-service-switch OpenVAS Vulnerability Test Solaris Update for Native LDAP, PAM, name-service-switch 138874-05 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software;...
DEBIAN-CVE-2009-3564
puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files...
[SECURITY] Fedora 10 Update: kdebase-workspace-4.3.1-1.fc10
The KDE Workspace consists of what is the desktop of the KDE Desktop Environment. This package contains: khotkeys a hotkey daemon klipper a cut & paste history utility kmenuedit the menu editor krandrtray resize and rotate X screens krunner a command run interface ksysguard a performance monitor...
cman security, bug fix, and enhancement update
2.0.115-1 - RSA II fencing agent has been fixed. - Resolves: rhbz493802 2.0.114-1 - local variable 'verbosefilename' referenced before assignment has been fixed - RSA II fencing agent has been fixed. - Resolves: rhbz493802 rhbz514758 2.0.113-1 - Limitations with 2-node fencescsi are now properly...
Alex Howard on Compliance, Breach Notification and the Rockefeller Bill
Dennis Fisher talks with Alex Howard, associate editor of Searchcompliance.com, about the burden compliance places on security staffs, the growing tide of breach notification laws and the misunderstandings surrounding the Rockefeller bill and the Internet kill switch. Download Subscribe to the...
3Com SuperStack Switch Denial of Service
This module causes a temporary denial of service condition against 3Com SuperStack switches. By sending excessive data to the HTTP Management interface, the switch stops responding temporarily. The device does not reset. Tested successfully against a 3300SM firmware v2.66. Reported to affect...
CVE-2009-1474
The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not 1 encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not 2 s...
CVE-2009-1473
The 1 Windows and 2 Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to a decrypt network traffi...
Input validation
The 1 Windows and 2 Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to a decrypt network traffi...
Hardcoded credentials
The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the PN9108 power-control unit have a hardcoded SSL private key, which makes it easier for remote attackers to decrypt https sessions by extracting this key from...
Hardcoded credentials
The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has a hardcoded AES encryption key, which makes it easier for man-in-the-middle attackers to 1 execute arbitrary Java code, or 2 gain access to machines connected to...
CVE-2009-1473
The 1 Windows and 2 Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to a decrypt network traffi...
CVE-2009-1474
The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not 1 encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not 2 s...
CVE-2009-1474
The CVE-2009-1474 issue affects ATEN KH1516i (firmware 1.0.063) and KN9116 (firmware 1.1.104). It states that mouse events are not encrypted and the session cookie is not marked Secure in HTTPS, enabling potential man-in-the-middle abuse and cookie interception over HTTP. Connected sources confir...
CVE-2009-1473
The CVE-2009-1473 entry affects ATEN KH1516i (firmware 1.0.063) and KN9116 (firmware 1.1.104). The root cause is an insecure RSA-based handling of the symmetric session-key negotiation in the Windows/Java clients, enabling a remote attacker to decrypt traffic or perform MITM by replaying client-s...
CVE-2009-1472
Affected products: ATEN KH1516i IP KVM Switch (browser firmware 1.0.063) and ATEN KN9116 IP KVM Switch (firmware 1.1.104). Vulnerability summary: The Java client program used to connect to these switches contains a hardcoded AES encryption key in the client, enabling a man-in-the-middle attacker ...
Sendmail / Sendmail Switch / SMI Sendmail / Sendmail UCB SMTP Server Detection (SMTP)
SMTP based detection of Sendmail / Sendmail Switch / SMI Sendmail / Sendmail UCB. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mandriva Update for kernel MDKSA-2007:171 (kernel)
Check for the Version of kernel OpenVAS Vulnerability Test Mandriva Update for kernel MDKSA-2007:171 kernel Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
kernel security and bug fix update
2.6.18-128.1.6.0.1.el5 - NET Add entropy support to e1000 and bnx2 John Sobecki,Guru Anbalagane orabug 6045759 - MM shrink zone patch John Sobecki,Chris Mason orabug 6086839 - NET Add xen pv/bonding netconsole support Tina yang orabug 6993043 bz 7258 - nfs convert ENETUNREACH to ENOTCONN Guru...
CVE-2009-1064
Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method...