VMware vCenter Multiple Vulnerabilities (VMSA-2015-0008)

The VMware vCenter Server installed on the remote host is affected by the following vulnerabilities : - An XML external entity XXE injection flaw exists in Flex BlazeDS in the file flex-messaging-core.jar due to an incorrectly configured XML parser accepting XML external entities from untrusted...

[SECURITY] Fedora 23 Update: sudo-1.8.15-1.fc23

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

Windows Post Kill Antivirus and Hips

This module attempts to locate and terminate any processes that are identified as being Antivirus or Host-based IPS related. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Post Kill...

Open-Source Host-Based Intrusion Detection System: OSSEC

OSSEC is a platform to monitor and control your systems. It mixes together all the aspects of HIDS host-based intrusion detection, log monitoring, and Security Incident Management SIM/Security Information and Event Management SIEM together in a simple, powerful, and open source solution. Key...

Silex USB Device Server Web Configuration Page Empty Password

The Web Configuration Page of the remote Silex USB Device Server uses an empty password to manage the device. Knowing this, an attacker with access to the web server can gain administrative access to the device. Note that the device's Web Configuration Page uses host-based authentication. If a...

CVE-2013-1417

dotgsreq.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service daemon crash via a TGS-REQ request that triggers an attempted cross-realm referral for a host-bas...

UBUNTU-CVE-2013-1417

dotgsreq.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service daemon crash via a TGS-REQ request that triggers an attempted cross-realm referral for a host-bas...

[SAMHAIN 3.0.9] File Integrity Checker / Host-Based Intrusion Detection System

The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis , as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially...

CVE-2012-3416

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOWADMINISTRATOR or ALLOWWRITE by connecting from a system with a spoofed reverse DNS hostname...

DEBIAN-CVE-2012-3416

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOWADMINISTRATOR or ALLOWWRITE by connecting from a system with a spoofed reverse DNS hostname...

CVE-2012-3416

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOWADMINISTRATOR or ALLOWWRITE by connecting from a system with a spoofed reverse DNS hostname...

Design/Logic Flaw

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOWADMINISTRATOR or ALLOWWRITE by connecting from a system with a spoofed reverse DNS hostname...

CVE-2012-3416

CVE-2012-3416 affects Condor prior to 7.8.2. A remote attacker could bypass host-based authentication and perform privileged actions (e.g., ALLOW_ADMINISTRATOR, ALLOW_WRITE) by connecting from a system with a spoofed reverse DNS hostname. The issue is rated CVSSv2 base 10.0 (HIGH) with network ac...

CVE-2012-3416

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOWADMINISTRATOR or ALLOWWRITE by connecting from a system with a spoofed reverse DNS hostname...

PT-2012-4697 · Htcondor · Condor

Name of the Vulnerable Software and Affected Versions: Condor versions prior to 7.8.2 Description: The issue allows remote attackers to bypass host-based authentication and execute certain actions, such as ALLOW ADMINISTRATOR or ALLOW WRITE, by connecting from a system with a spoofed reverse DNS...

USN-1545-1: Nova vulnerability

Padraig Brady discovered that the fix for CVE-2012-3361 was incomplete and an authenticated user could still corrupt arbitrary files on the host running Nova. A remote attacker could use this to cause a denial of service or possibly gain privileges...

condor: host based authentication does not implement forward-confirmed reverse dns

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOWADMINISTRATOR or ALLOWWRITE by connecting from a system with a spoofed reverse DNS hostname...

Important: Red Hat Security Advisory: condor security update

Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 2.1 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

condor: host based authentication does not implement forward-confirmed reverse dns

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOWADMINISTRATOR or ALLOWWRITE by connecting from a system with a spoofed reverse DNS hostname...

U.S. drones affected by Keylogger Virus

U.S. drones affected by Keylogger Virus A keylogger of some sort has infiltrated classified and unclassified computer systems at Creech Air Force Base in Nevada, recording the keystrokes of pilots tasked with operating unmanned drone aircraft in Afghanistan and other international conflict zones...