644 matches found
The vulnerability of the Cisco UCS Central device’s centralized management system allows a perpetrator to gain privileges necessary to execute operating system commands.
The vulnerability of the Cisco UCS Central device management system exists because measures to neutralize the special elements used in the operating system command are not taken. Exploiting this vulnerability can allow a malicious actor, operating locally, to gain privileges necessary to execute...
Open-Source Host-Based Intrusion Detection System: OSSEC
OSSEC is a platform to monitor and control your systems. It mixes together all the aspects of HIDS host-based intrusion detection, log monitoring, and Security Incident Management SIM/Security Information and Event Management SIEM together in a simple, powerful, and open source solution. Key...
Moderate: Red Hat Security Advisory: ipa and slapi-nis security and bug fix update
Updated ipa and slapi-nis packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Centralized Management Console
------------------------------------------------------------------------ Cross-Site Scripting vulnerability in EMC M&R Watch4net Centralized Management Console ------------------------------------------------------------------------ Han Sahin, November 2014...
EMC M&R (Watch4net) Centralized Management Console XSS Vulnerability
A cross site scripting vulnerability was found in EMC M&R Watch4net Centralized Management Console. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their...
Oracle Linux 7 : ipa (ELSA-2015-0442)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0442 advisory. - CVE-2014-7850 freeipa: XSS flaw can be used to escalate privileges 1165774 - CVE-2014-7828 freeipa: password not required when OTP in use 1160877...
RedHat Update for ipa RHSA-2015:0442-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
某Gov行政中心系统Oracle注入漏洞(使用量大)
简要描述: 其涉及全国各省行政服务中心,案例不比大汉jcms少 详细说明: 看这里。。。 接上一弹 WooYun: 某大型政府服务系统Oracle注入使用量大 所有涉及单位为政府政务中心(其涉及全国各省行政服务中心,案例不比大汉jcms少): 如: http://www.sinanxzfw.gov.cn/ 思南县行政服务中心 http://www.yjxzfw.com.cn/ 印江县行政服务中心 http://www.gygxzw.gov.cn:8066/ 贵阳国家高新区行政服务中心 http://www.tlsp.net/ 铁岭市公共行政服务中心 http://58.42.249.11...
Host Based Intrusion Detection System: Samhain
The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. samhain is a file and host integrity and intrusion alert system...
Moderate: Red Hat Security Advisory: spacewalk-java security update
Updated spacewalk-java packages that fix one security issue are now available for Red Hat Satellite 5.5 and 5.6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Government, Industry Focusing on Issue of Resiliency
WASHINGTON–As things stand right now, the United States has no overarching national information security policy or centralized agency responsible for defending the government’s networks in the event of a serious cyberattack. There have been many pushes over the years to change that and put one...
SAMHAIN v3.1.2 - File Integrity Checker / Host-Based Intrusion Detection System
The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis , as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially...
Modern Honeypot Network
Modern Honeypot Network Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management. Honeypot Deployed sensors with intrusion detection software installed: Snort, Kippo, Conpot, and Dionaea...
[SECURITY] Fedora 20 Update: guacamole-server-0.8.4-3.fc20
Guacamole is an HTML5 remote desktop gateway. Guacamole provides access to desktop environments using remote desktop prot ocols like VNC and RDP. A centralized server acts as a tunnel and proxy, allowing access to multiple desktops through a web browser. No browser plugins are needed, and no clie...
Nortel Contact Recording Centralized Archive 6.5.1 - SQL Injection Exploit
No description provided by source. ?php / Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration Web Service getSubKeys Remote SQL Injection Exploit tested against: Microsoft Windows Server 2003 r2 sp2 Microsoft SQL Server 2005 Express download uri:...
Webmin 0.x RPC Function Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5591/info In cases where users of Webmin do not have root access on the underlying host, it may be possible to mount privilege escalation attacks on the underlying host. This normally occurs in configurations where multip...
Cyberoam Central Console 2.00.2 - File Include Vulnerability
No description provided by source. Title: ====== Cyberoam Central Console v2.00.2 - File Include Vulnerability Date: ===== 2012-02-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=405 VL-ID: ===== 405 Introduction: ============= Cyberoam Central Console CCC appliances...
[SECURITY] Fedora 19 Update: freeradius-2.2.3-7.fc19
The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. The server is similar in some respects to Livingston's 2.0 server. While FreeRADIUS started as a variant of the Cistron RADIUS server, they don't share a lot in common any more. It now has many...
[SECURITY] Fedora 20 Update: freeradius-3.0.1-4.fc20
The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. The server is similar in some respects to Livingston's 2.0 server. While FreeRADIUS started as a variant of the Cistron RADIUS server, they don't share a lot in common any more. It now has many...
HVAC Vendor: Data Connection to Target was Billing System
The heating, ventilation and air conditioning contractor linked to the Target breach said its data connection to the giant retailer was “exclusively for electronic billing, contract submission and project management,” the company’s president and owner said yesterday. Ross E. Fazio said in a...