Lucene search
K

38 matches found

OpenVAS
OpenVAS
added 2013/12/30 12:0 a.m.21 views

openSUSE: Security Advisory for Fixes (openSUSE-SU-2013:1954-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS5.2AI score0.00481EPSS
Exploits1References1
OPENSUSE Linux
OPENSUSE Linux
added 2013/12/25 6:10 p.m.30 views

Fixes a local vulnerability (important)

Fixed CVE-2013-3709: make the secret token file secrettoken.rb readable only for the webyast user to avoid forging the session cookie bnc851116 reported by joernchen of Phenoelit...

7.2CVSS1.1AI score0.00481EPSS
Exploits1References1
NVD
NVD
added 2013/12/23 11:55 p.m.26 views

CVE-2013-3709

WebYaST 1.3 uses weak permissions for config/initializers/secrettoken.rb, which allows local users to gain privileges by reading the Rails secret token from this file...

7.2CVSS6.3AI score0.00481EPSS
Exploits1References7
Prion
Prion
added 2013/12/23 11:55 p.m.12 views

Design/Logic Flaw

WebYaST 1.3 uses weak permissions for config/initializers/secrettoken.rb, which allows local users to gain privileges by reading the Rails secret token from this file...

7.2CVSS6.9AI score0.00481EPSS
Exploits1References7Affected Software3
Cvelist
Cvelist
added 2013/12/23 11:0 p.m.31 views

CVE-2013-3709

WebYaST 1.3 uses weak permissions for config/initializers/secrettoken.rb, which allows local users to gain privileges by reading the Rails secret token from this file...

6.2AI score0.00481EPSS
Exploits1References7
CVE
CVE
added 2013/12/23 11:0 p.m.58 views

CVE-2013-3709

CVE-2013-3709 affects WebYaST 1.3 where the config/initializers/secret_token.rb file has weak permissions, allowing a local attacker to read the Rails secret token and potentially forge session cookies. SUSE/openSUSE advisories (openSUSE-SU-2013:1952/1954/1961) patch this by making secret_token.r...

7.2CVSS6.3AI score0.00481EPSS
Exploits1References7Affected Software3
OSV
OSV
added 2013/12/02 4:20 p.m.6 views

SUSE-RU-2015:0793-1 Security update for webyast

The following security issue has been fixed: CVE-2013-3709: webyast: local privilege escalation via secret rails tokens execution. This vulnerability was reported by joernchen of Phenoelit. Security Issue reference: CVE-2013-3709...

7.2CVSS6.5AI score0.00481EPSS
Exploits1References4
Prion
Prion
added 2013/01/26 9:55 p.m.16 views

Design/Logic Flaw

SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984...

5.8CVSS7AI score0.02081EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2013/01/26 9:55 p.m.27 views

CVE-2012-0435

SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984...

5.8CVSS6.4AI score0.02081EPSS
Exploits0References4
Cvelist
Cvelist
added 2013/01/26 9:0 p.m.27 views

CVE-2012-0435

SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984...

6.4AI score0.02081EPSS
Exploits0References4
CVE
CVE
added 2013/01/26 9:0 p.m.60 views

CVE-2012-0435

CVE-2012-0435 affects SUSE WebYaST prior to 1.2 0.2.63-0.6.1. A remote attacker can modify the hosts list via a crafted /host request on TCP port 4984, enabling a man-in-the-middle attack against WebYaST. The root cause is the insecure handling of the hosts list, allowing unauthenticated modifica...

5.8CVSS6.7AI score0.02081EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/01/25 12:0 a.m.24 views

WebYaST Host Modification MiTM

The WebYaST web client hosted on the remote web server is vulnerable to a man-in-the-middle attack. Authentication is not required to modify which hosts the WebYaST web client is configured to connect to. A remote, unauthenticated attacker could exploit this by causing all WebYaST traffic to be...

5.8CVSS5.6AI score0.02081EPSS
Exploits0References5
CERT
CERT
added 2013/01/25 12:0 a.m.30 views

SUSE WebYaST remotely accessible hosts list vulnerability

Overview The WebYaST hosts list is remotely accessible by unauthenticated attackers. An attacker may be able to add a malicious host to the list and perform a man-in-the-middle attack against WebYaST. Description The SUSE security advisory states:The hosts list used by WebYaST for connecting to...

5.8CVSS6.4AI score0.02081EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/11/19 12:0 a.m.23 views

WebYaST Web Client Detection

WebYaST web client, a web interface for YaST, was detected on the remote host. YaST is used for administration of hosts running SUSE Linux operating systems. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62966; scriptversion"1.5"; scriptcvsdate"Date: 2019/11/22";...

5.4AI score
Exploits0References1
NVD
NVD
added 2010/09/03 8:0 p.m.14 views

CVE-2010-1507

WebYaST in yast2-webclient in SUSE Linux Enterprise SLE 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key...

5CVSS6.6AI score0.02121EPSS
Exploits0References5
Prion
Prion
added 2010/09/03 8:0 p.m.15 views

Code injection

WebYaST in yast2-webclient in SUSE Linux Enterprise SLE 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key...

5CVSS7.1AI score0.02121EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2010/09/03 7:0 p.m.17 views

CVE-2010-1507

WebYaST in yast2-webclient in SUSE Linux Enterprise SLE 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key...

6.6AI score0.02121EPSS
Exploits0References5
CVE
CVE
added 2010/09/03 7:0 p.m.53 views

CVE-2010-1507

Vulnerability CVE-2010-1507 affects WebYaST in the yast2-webclient of SUSE Linux Enterprise 11 on the WebYaST appliance. The root cause is a fixed secret key embedded in the appliance image, which enables remote attackers to spoof session cookies by exploiting knowledge of this key. Publicly know...

5CVSS6.8AI score0.02121EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder