TencentOS Server 4: pam (TSSA-2024:1020)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1020 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2024-10963

A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this...

PT-2024-16667

Name of the Vulnerable Software and Affected Versions pam access affected versions not specified Red Hat Nan affected versions not specified Description A flaw was found in pam access, where certain rules in its configuration file are mistakenly treated as hostnames. This issue allows attackers t...

CVE-2000-0234

CVE-2000-0234 affects the Cobalt RaQ2 and RaQ3 appliances via the default access.conf configuration, which permits remote attackers to view the contents of a ".htaccess" file. The root cause is the default configuration allowing this exposure, leading to partial confidentiality impact. The connec...

Cobalt apache configuration exposes .htaccess

Following some discussion on the cobalt-users list, it seems that this problem affects both the Raq2 and Raq3. It likely affects other cobalt products, but I haven't confirmed it. I verified this on my Raq2. By default, raq-hosted sites expose .htaccess files to the world. The configuration files...