EUVD-2016-7789

Malware in sbrugna...

Scientific Linux Security Update : samba on SL7.x i686/x86_64 (2021:5192)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:5192-1 advisory. - samba: Active Directory AD domain user could become root on domain members CVE-2020-25717 - samba: SMB1 client connections can be downgraded to...

RHEL 8 : samba (RHSA-2021:4843)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4843 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

Sierra Wireless AirLink ES450 ACEManager Information Exposure Exploit

An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to...

golang: smtp.PlainAuth susceptible to man-in-the-middle password harvesting

It was found that smtp.PlainAuth authentication scheme in Go did not verify the TLS requirement properly. A remote man-in-the-middle attacker could potentially use this flaw to sniff SMTP credentials sent by a Go application...

CVE-2016-6904

Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials...

CVE-2016-6904

Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials...

Authentication flaw

Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials...

CVE-2016-6904

Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials...

Google Talk - 'gtalk://' Deprecated URI Handler Injection

Google Talk gtalk:// Deprecated Uri Handler /gaiaserver Parameter Injection Vulnerability tested against: Internet Explorer 8 Microsoft Windows all versions download url of 1.0.0.104: http://www.google.com/talk/install.html download urls of 1.0.0.105: http://www.google.com/talk/intl/it/...

Google Talk - gtalk: Deprecated URI Handler Injection

Google Talk - gtalk: Deprecated URI Handler Injection Google Talk gtalk:// Deprecated Uri Handler /gaiaserver Parameter Injection Vulnerability tested against: Internet Explorer 8 Microsoft Windows all versions download url of 1.0.0.104: http://www.google.com/talk/install.html download urls of...

RHEL 2.1 / 3 / 4 : fetchmail (RHSA-2007:0018)

Updated fetchmail packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility. A denial of service flaw was found when Fetchmail was run in...

Vulnerability in Amtote International homebet self service wagering system.

Product Description: Internet-based account wagering interface utilizing HTML and JAVA web based applications. The HTML functionality includes viewing current account balances, viewing current odds by track, placing wagers, reviewing wagers, and viewing official results/prices by track. The JAVA...