Lucene search
K

528 matches found

RedHat Linux
RedHat Linux
added 2008/07/24 5:2 p.m.4 views

/etc/pam.d/su is wrong in RHEL-4.6

The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a 1 locked or 2 expired account by entering the account name on the command line, related to improper use of the pamsucceedif.so module...

4.4CVSS5.8AI score0.00313EPSS
Exploits2References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.2 views

Webmin and Usermin authentication bypass vulnerability

Overview Webmin and Usermin, web-based system management tools for UNIX, contain a vulnerability which may allow a remote attacker to bypass authentication when PAM authentication is used. Impact A remote attacker could bypass Webmin and Usermin's authentication, and execute an arbitrary command...

9.3CVSS7.3AI score0.04127EPSS
Exploits0References9
Cent OS
Cent OS
added 2007/11/15 5:15 p.m.73 views

pam security update

CentOS Errata and Security Advisory CESA-2007:0737 Updated pam packages that fix two security flaws, resolve two bugs, and add an enhancement are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team...

4.3CVSS6.5AI score0.02342EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2007/07/10 12:0 a.m.18 views

CVE-2007-3639

WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via 1 the wphttpreferer parameter to wp-pass.php, related to the wpgetreferer function in wp-includes/functions.php; and possibly other vectors related to 2...

4CVSS4.7AI score0.02391EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/06/14 12:0 a.m.32 views

CentOS 3 : pam (CESA-2007:0465)

Updated pam packages that resolves several bugs and security flaws are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules PAM provide a system whereby administrators ca...

3.4CVSS5.3AI score0.00413EPSS
Exploits0References5
Fedora
Fedora
added 2007/06/11 8:4 p.m.15 views

[SECURITY] Fedora Core 6 Update: pam-0.99.6.2-3.22.fc6

PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...

3.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2007/06/07 11:32 p.m.52 views

Moderate: Red Hat Security Advisory: pam security and bug fix update

Updated pam packages that resolves several bugs and security flaws are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules PAM provide a system whereby administrators ca...

3.4CVSS5.7AI score0.00413EPSS
Exploits0References6
OSV
OSV
added 2007/05/21 8:30 p.m.1 views

DEBIAN-CVE-2007-2768

OpenSSH, when using OPIE One-Time Passwords in Everything for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords OTP, a similar issue to CVE-2007-2243...

4.3CVSS7AI score0.08654EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2007/05/21 12:0 a.m.3 views

PT-2007-4082

Name of the Vulnerable Software and Affected Versions OpenSSH affected versions not specified Description The issue allows remote attackers to determine the existence of certain user accounts. This is possible when OpenSSH is using OPIE One-Time Passwords in Everything for PAM. The system display...

4.3CVSS8.6AI score0.08654EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2006/07/05 12:0 a.m.26 views

CentOS 4 : pam (CESA-2005:805)

An updated pam package that fixes a security weakness is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. PAM Pluggable Authentication Modules is a system security tool that allows system administrators t...

2.1CVSS5.3AI score0.00428EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/10/28 12:0 a.m.26 views

RHEL 4 : pam (RHSA-2005:805)

An updated pam package that fixes a security weakness is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. PAM Pluggable Authentication Modules is a system security tool that allows system administrators t...

2.1CVSS5.3AI score0.00428EPSS
Exploits0References3
Cent OS
Cent OS
added 2005/10/26 11:18 p.m.74 views

pam security update

CentOS Errata and Security Advisory CESA-2005:805 An updated pam package that fixes a security weakness is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. PAM Pluggable Authentication Modules is a system...

2.1CVSS5.7AI score0.00428EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2005/10/26 3:58 p.m.20 views

Low: Red Hat Security Advisory: pam security update

An updated pam package that fixes a security weakness is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. PAM Pluggable Authentication Modules is a system security tool that allows system administrators t...

2.1CVSS5.7AI score0.00428EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2005/10/17 7:52 a.m.7 views

security flaw

pamldap and nssldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password...

5CVSS5.8AI score0.02752EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/08/30 12:0 a.m.28 views

Debian DSA-785-1 : libpam-ldap - authentication bypass

It has been discovered that libpam-ldap, the Pluggable Authentication Module allowing LDAP interfaces, ignores the result of an attempt to authenticate against an LDAP server that does not set an optional data field. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

7.5CVSS5.1AI score0.03645EPSS
Exploits0References3
Debian
Debian
added 2005/08/25 4:54 p.m.27 views

[SECURITY] [DSA 785-1] New libpam-ldap packages fix authentication bypass

-------------------------------------------------------------------------- Debian Security Advisory DSA 785-1 [email protected] http://www.debian.org/security/ Martin Schulze August 25th, 2005 http://www.debian.org/security/faq -...

7.5CVSS6.1AI score0.03645EPSS
Exploits0
CVE
CVE
added 2005/04/21 4:0 a.m.108 views

CVE-2001-1459

OpenSSH

7.5CVSS9AI score0.02158EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2005/04/21 4:0 a.m.33 views

CVE-2001-1459

OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module PAM session if commands are executed with no pty, which allows local users to bypass resource limits rlimits set in pam.d...

7.5CVSS6.3AI score0.02158EPSS
Exploits0
OSV
OSV
added 2003/05/12 4:0 a.m.1 views

DEBIAN-CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

5CVSS9.2AI score0.76751EPSS
Exploits10References1
Positive Technologies
Positive Technologies
added 2003/05/02 12:0 a.m.9 views

PT-2003-1109 · Openssh +1 · Openssh-Portable +1

Name of the Vulnerable Software and Affected Versions: OpenSSH-portable versions 3.6.1p1 and earlier Description: The issue allows remote attackers to determine valid usernames via a timing attack when a user does not exist, due to the immediate sending of an error message with PAM support enable...

10CVSS7.6AI score0.99506EPSS
Exploits207References350
Rows per page
Query Builder