CVE-2004-2004

CVE-2004-2004 affects the SUSE LINUX 9.1 Personal edition Live CD, where the root account is configured without a password. This allows remote attackers to gain root privileges via SSH. The vulnerability is described with a CVSS base score of 10.0 (HIGH) and a network attack vector with no authen...

[NT] GlobalScape Secure FTP Server Arbitrary Command Overflow ( Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2005-1021

Memory leak in Secure Shell SSH in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service memory consumption via an incorrect username or password...

CVE-2001-1474

SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache...

CVE-2001-1475

SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key VK is generated...

CVE-2001-1476

SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not...

CVE-2001-1474

CVE-2001-1474 concerns SSH prior to version 2.0, where host key checking is disabled when connecting to localhost. This creates a vulnerability condition that can be exploited by poisoning the client’s DNS cache to silently redirect connections to localhost. The description in the connected docum...

CVE-2001-1475

SSH before 2.0, when using RC4 and password authentication, is vulnerable to replaying messages until a new server key is generated. The affected component is the SSH protocol implementation prior to 2.0, with the underlying issue arising from RC4-based session handling that allows remote attacke...

CVE-2001-1476

CVE-2001-1476: SSH implementations prior to 2.0 using RC4 with the disallow NULL passwords option are vulnerable to remote session replay that can reveal parts of user passwords via modified attempts and the login message behavior. Root cause is a flaw in session handling under these conditions, ...

CVE-2005-1021

Memory leak in Secure Shell SSH in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service memory consumption via an incorrect username or password...

CVE-2005-1020

Cisco IOS SSH server TACACS+ DoS affecting IOS 12.0–12.3: (1) username containing a domain name with TACACS+ auth, (2) a new SSH session in login phase when an existing user issues a send command, and (3) logging/termination during data send. Results in resource exhaustion and device reload. Cisc...

Cisco routers IOS ssh DoS

Bugs in ssh in conbination with TACACS+ causes router to hang or reload...

Vulnerabilities in Cisco IOS Secure Shell Server

Certain release trains of Cisco Internetwork Operating System IOS®, when configured to use the IOS Secure Shell SSH server in combination with Terminal Access Controller Access Control System Plus TACACS+ as a means to perform remote management tasks on IOS devices, may contain two vulnerabilitie...

CVE-2002-1644

SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges...

CVE-2002-1644

The CVE-2002-1644 entry describes a local privilege-escalation flaw in SSH Secure Shell for Servers and SSH Secure Shell for Workstations, version 2.0.13 through 3.2.1, when run without a PTY. The root cause is that the process does not call setsid to detach the child from the parent’s process gr...

CVE-2002-1646

SSH Secure Shell for Servers versions 3.0.0–3.1.1 allow remote attackers to override AllowedAuthentications, permitting password or other less secure authentication schemes instead of those configured. This can enable unauthorized access via password-based authentication as described in multiple ...

Unpassworded 'help' Account

The account 'help' on the remote host does not have a password set. An attacker may use this to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "help"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid17575;...

HP-UX Security patch : PHSS_9810

The remote host is missing HP-UX Security Patch number PHSS9810 . Security Vulnerability in libXt for HP-UX 9.X & 10.X %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid17571;...

HP-UX Security patch : PHKL_7059

The remote host is missing HP-UX Security Patch number PHKL7059 . Security Vulnerability with rpc.pcnfsd %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid17401; scriptversion"1.6";...

HP-UX Security patch : PHKL_8293

The remote host is missing HP-UX Security Patch number PHKL8293 . Security Vulnerability with rpc.pcnfsd %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid17404; scriptversion"1.6";...