820 matches found
openSUSE Security Update : exim (openSUSE-2016-326)
This update to exim 4.86.2 fixes the following issues : - CVE-2016-1531: local privilege escalation for set-uid root exim when using 'perlstartup' boo968844 Important: Exim now cleans the complete execution environment by default. This affects Exim and subprocesses such as transports calling othe...
MePIN Secure Authenticator - Customized SSL, Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application MePIN Secure Authenticator published at the 'play' market has multiple vulnerabilities...
[SECURITY] Fedora 22 Update: wpa_supplicant-2.4-7.fc22
wpasupplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 IEEE 802.11i / RSN. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11...
[SECURITY] Fedora 23 Update: wpa_supplicant-2.4-6.fc23
wpasupplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 IEEE 802.11i / RSN. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11...
Apple Mac OSX 10.7.510.8.210.9.510.10.2 - Rootpipe Local Privilege Escalation
Apple Mac OSX 10.7.510.8.210.9.510.10.2 - Rootpipe Local Privilege Escalation PoC exploit code for rootpipe CVE-2015-1130 Created by Emil Kvarnhammar, TrueSec Tested on OS X 10.7.5, 10.8.2, 10.9.5 and 10.10.2 import os import sys import platform import re import ctypes import objc import sys from...
Secure Computing e.iD Authenticator for Palm 2.0 PIN Brute-Force Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2105/info Summary: An attacker that obtains access to the sceiddb.pdb file, part of Secure Computing's e.iD Authenticator for Palm, can determine the user's PIN. Problem Description: Secure Computing's SafeWord is a syste...
National Science Foundation Squid Web Proxy 1.0/1.1/2.1 Authentication Failure
No description provided by source. source: http://www.securityfocus.com/bid/741/info There is a vulnerability present in certain versions of the Squid Web Proxy Cache developed by the National Science Foundation. This problem is only in effect when users of the cache are using an external...
CVE-2013-4177
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors...
CVE-2013-4178
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password OTP...
Default credentials
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password OTP...
Authentication flaw
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors...
CVE-2013-4178
CVE-2013-4178 affects the Google Authenticator login module for Drupal (6.x-1.x prior to 6.x-1.2; 7.x-1.x prior to 7.x-1.4). The issue allows remote attackers to gain access by replaying a login request containing username, password, and OTP. Affected versions are explicit; Drupal core is not aff...
CVE-2013-4177
The CVE-2013-4177 entry refers to the Drupal Google Authenticator login module (versions 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4). The underlying issue is that the module does not properly identify user account names, which could allow remote attackers to bypass the two‑factor authentic...
CVE-2013-4177
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors...
CVE-2013-4178
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password OTP...
Microsoft Protects User Accounts with New Security Features
Microsoft announced yesterday that it will complement the two-factor authentication it enabled for account holders in April with additional security features designed to deny account hijacking and unauthorized access. Windows PC and mobile users, along with Outlook, SkyDrive, Xbox, Skype and othe...
tomcat: Session fixation in form authenticator
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a...
tomcat: Session fixation in form authenticator
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a...
tomcat: Session fixation in form authenticator
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a...
tomcat: Session fixation in form authenticator
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a...