6340 matches found
Design/Logic Flaw
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket...
CVE-2016-10009
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket...
CVE-2016-10009
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket...
CVE-2016-10009
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket...
CVE-2016-10009
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket...
Required Applications and Permissions for Multi-OS FLR and Repository Support for Linux
Purpose This document provides information about required applications that must exist on Linux machines to function with Veeam Backup and Replication. Solution Permissions Requirements Permissions are dependent on the intended role of the Linux server. For more information, review this page of t...
Hakku Framework - Simple Penetration Testing Framework
Hakku is simple framework that has been made for penetration testing tools. Hakku framework offers simple structure, basic CLI, and useful features for penetration testing tools developing. Hakku is on early stages and may be unstable, so please download the released versions from github or...
Commix 1.6 - Automated All-In-One OS Command Injection And Exploitation Tool
Commix short for comm and i njection e x ploiter is an automated tool written by Anastasios Stasinopoulos @ancst that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities...
F5 Networks BIG-IP : OpenSSH vulnerability (K14845276)
When SSHD tries to authenticate a non-existing user, it will pick up a fake password structure hard-coded in the SSHD source code. An attacker can measure timing information to determine if a user exists when verifying a password. CVE-2016-6210 C Tenable Network Security, Inc. The descriptive tex...
FreeBSD : openssh -- multiple vulnerabilities (2aedd15f-ca8b-11e6-a9a5-b499baebfeaf)
The OpenSSH project reports : - ssh-agent1: Will now refuse to load PKCS11 modules from paths outside a trusted whitelist run-time configurable. Requests to load modules could be passed via agent forwarding and an attacker could attempt to load a hostile PKCS11 module across the forwarded agent...
CVE-2016-9154
Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D All firmware versions V6.00.046 and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U All...
Design/Logic Flaw
Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D All firmware versions V6.00.046 and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U All...
CVE-2016-9154
Siemens Desigo PX Web modules (PXA40-W0/W1/W2; PXA30-W0/W1/W2 for PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D, PXC00-U, PXC64-U, PXC128-U) are affected by CVE-2016-9154. The root cause is a pseudo-random number generator with insufficient entropy used to generate HTTPS certificates, enabling a r...
Siemens Patches Insufficient Entropy Vulnerability in ICS Systems
German industrial giant Siemens has provided a firmware update addressing vulnerabilities that are found in a popular line of its Desigo PX industrial control hardware used in controlling primarily HVAC systems in commercial buildings . On Wednesday, Siemens, in coordination with ICS-CERT, issued...
CVE-2016-10009
It was found that ssh-agent could load PKCS11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running...
Remote msfconsole: msf-remote-console
Remote msfconsole A remote msfconsole written in Python 2.7 to connect to the msfrcpd server of metasploit. This tool gives you the ability to load modules permanently as daemon on your server like autopwn2. Although it gives you the ability to remotely use the msfrpcd server it is recommended to...
LDAP Code Injection
org.apache.karaf.jaas.modules is vulnerable to LDAP code injection. This is caused because the username is not encoded...
USN-3134-1: Python vulnerabilities | Cloud Foundry
USN-3134-1: Python vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information...
Auto Backdooring Utility: backdoorme
Auto Backdooring Utility Backdoorme is a powerful utility capable of backdooring Unix machines with a slew of backdoors. Backdoorme uses a familiar metasploit interface with tremendous extensibility.Backdoorme relies on having an existing SSH connection or credentials to the victim, through which...
PT-2016-3172
Name of the Vulnerable Software and Affected Versions Apache httpd versions 2.2.x through 2.2.32 Apache httpd versions 2.4.x through 2.4.25 Description The issue is related to the use of the ap get basic auth pw function by third-party modules outside of the authentication phase, which may lead t...