EUVD-2020-25480

Malware in sbrugna...

EUVD-2016-6892

Malware in sbrugna...

pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

Impact When the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding such as password, MD5, GSS, or SSPI authentication. This cou...

SUSE CVE-2010-5298

Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a multithreaded environment...

IBM Security Identity Governance and Intelligence Information Disclosure Vulnerability (CNVD-2020-31092)

IBM Security Identity Governance and Intelligence IGI is a suite of identity governance solutions from IBM in the United States. The product includes features such as lifecycle management, access risk assessment and identity management. A security vulnerability exists in IBM Security IGI version...

Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available

Summary There are multiple security vulnerabilities in various components used by IBM Security Identity Manager Virtual Appliance Vulnerability Details CVEID: CVE-2016-0351 DESCRIPTION: IBM Security Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information,...

Security Bulletin: A Security vulnerability has been fixed in IBM Security Privileged Identity Manager (CVE-2016-0353)

Summary Security Vulenerability fixed in IBM Security Privileged Identity Manager related to session cookies in SSL mode. Vulnerability Details CVEID: CVE-2016-0353 DESCRIPTION: IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive informatio...

mysql: incorrect enforcement of ssl-mode=REQUIRED in MySQL 5.5 and 5.6

It was discovered that the MySQL client command line tools only checked after authentication whether server supported SSL. A man-in-the-middle attacker could use this flaw to hijack client's authentication to the server even if the client was configured to require SSL connection...

CVE-2015-7944

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service resourc...

CVE-2015-7944

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service resourc...

SUSE SLES11 Security Update : mysql (SUSE-SU-2017:1137-1) (Riddle)

This update for mysql to version 5.5.55 fixes the following issues: These security issues were fixed : - CVE-2017-3308: Unspecified vulnerability in Server: DML bsc1034850 - CVE-2017-3309: Unspecified vulnerability in Server: Optimizer bsc1034850 - CVE-2017-3329: Unspecified vulnerability in...

IBM Kenexa LCMS Premier on Cloud Information Disclosure Vulnerability (CNVD-2017-04799)

IBM Kenexa LCMS Premier on Cloud is an adjustable Learning Content Management System LCMS for developing, maintaining, and delivering effective employee training from IBM USA. A security vulnerability exists in IBM Kenexa LCMS Premier on Cloud that stems from the program failing to set a security...

CVE-2017-1142

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to...

Information disclosure

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to...

CVE-2017-1142

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to...

CVE-2016-5958

IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture...

IBM Rational License Key Server Administration and Reporting Tool 8.1.4.x < 8.1.4.4 Multiple Vulnerabilities

The remote host is running a version 8.1.4.x of IBM Rational License Key Server Administration and Reporting Tool RLKS that is prior to 8.1.4.4. It is, therefore, affected by multiple vulnerabilities : - The secure flag for session cookies is not properly set when in SSL mode. An attacker can...

SquirrelMail G/PGP Plugin deletekey() Command Injection Exploit

No description provided by source. !/usr/local/bin/ruby puts"http://backdoored.net\n" puts "SquirrelMail G/PG deletekey command injection exploit\n" puts "http://backdoored.net Visit Us\n" puts "Coded by Backdoored member. \n" puts "--------------------------------------------------\n" if ARGV0 =...