EUVD-2006-1287

Malware in sbrugna...

PT-2024-23646 · Netentsec · Netentsec Ns-Asg

Name of the Vulnerable Software and Affected Versions: netentsec NS-ASG version 6.3 Description: The issue is related to SQL Injection. It can be exploited via the "/admin/add getlogin.php" API endpoint. Recommendations: For netentsec NS-ASG version 6.3, consider restricting access to the...

NetentSec NS-ASG 安全漏洞

NetentSec NS-ASG is an application security gateway from China NetentSec. A security vulnerability exists in NetentSec NS-ASG version 6.3, which originates from an SQL injection vulnerability in the /admin/addgetlogin.php file...

Updated shadow-utils packages fix security vulnerabilities

It was found that shadow-utils-4.2.1 had a potentially unsafe use of getlogin with the concern that the utmp entry might have a spoofed username associated with a correct uid CVE-2016-6251. It was found that shadow-utils-4.2.1 had an incorrect integer handling problem where it looks like the int...

cofool.com XSS vulnerability

Vulnerable URL: http://www.cofool.com/ucclientphp/sharedomain.php?act=getlogin=1477877088=c983ec2e7df9f38f4f416bf0acd9a563=prompt/OPENBUGBOUNTY/...

FreeBSD : FreeBSD -- Kernel stack disclosure in setlogin(2) / getlogin(2) (74389f22-6007-11e6-a6c3-14dae9d210b8)

When setlogin2 is called while setting up a new login session, the login name is copied into an uninitialized stack buffer, which is then copied into a buffer of the same size in the session structure. The getlogin2 system call returns the entire buffer rather than just the portion occupied by th...

CVE-2014-8476

The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer...

CVE-2014-8476

Removed by vendor...

Debian DSA-3070-1 : kfreebsd-9 - security update

Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure. - CVE-2014-3711 Denial of service through memory leak in sandboxed namei lookups. - CVE-2014-3952 Kernel memory disclosure in sockbuf control messages. - CVE-2014-395...

FreeBSD Security Advisory FreeBSD-SA-14:25.setlogin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:25.setlogin Security Advisory The FreeBSD Project Topic: Kernel stack disclosure in setlogin2 / getlogin2 Category: core Module: kernel Announced: 2014-11-04...

FreeBSD information leakage

Kernel information disclosure in setlogin/getlogin calls...

FreeBSD -- Kernel stack disclosure in setlogin(2) / getlogin(2)

Problem Description: When setlogin2 is called while setting up a new login session, the login name is copied into an uninitialized stack buffer, which is then copied into a buffer of the same size in the session structure. The getlogin2 system call returns the entire buffer rather than just the...

FreeBSD Security Advisory (FreeBSD-SA-06:12.opie.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:12.opie.asc ADV FreeBSD-SA-06:12.opie.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft In...

FreeBSD Security Advisory (FreeBSD-SA-06:12.opie.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:12.opie.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2006-1283

opiepasswd in One-Time Passwords in Everything OPIE in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a...

Design/Logic Flaw

opiepasswd in One-Time Passwords in Everything OPIE in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a...

CVE-2006-1283

opiepasswd in One-Time Passwords in Everything OPIE in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a...

OPIE -- arbitrary password change

Problem Description The opiepasswd1 program uses getlogin2 to identify the user calling opiepasswd1. In some circumstances getlogin2 will return "root" even when running as an unprivileged user. This causes opiepasswd1 to allow an unpriviled user to configure OPIE authentication for the root user...

iDEFENSE Security Advisory 2003-06-16.t

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 06.16.03: http://www.idefense.com/advisory/06.16.03.txt Linux-PAM getlogin Spoofing Vulnerability June 16, 2003 I. BACKGROUND The Pluggable Authentication Module PAM is a flexible mechanism for authenticating users. More...

CVE-2002-0754

Kerberos 5 su k5su in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them...