Astra Linux - уязвимость в ntp

In the mstolfp.c file within NTP 4.2.8p15, there is a buffer overflow vulnerability when adding a decimal point. An adversary may be able to attack a client’s ntpq process, but they cannot attack the ntpd process...

MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems

China on Sunday accused the U.S. National Security Agency NSA of carrying out a "premeditated" cyber attack targeting the National Time Service Center NTSC, as it described the U.S. as a "hacker empire" and the "greatest source of chaos in cyberspace." The Ministry of State Security MSS, in a...

EUVD-2017-9765

Malware in sbrugna...

Malicious Package

Overview time-service-checker is a malicious package. This package contains malicious code intended to exfiltrate data, and its contents have been removed from the official package manager. Although it appears to be a time-related utility, its main function is to collect system information and se...

CVE-2023-35757

D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

Turla APT Plants Novel Backdoor In Wake of Afghan Unrest

The Turla advanced persistent threat APT group is back with a new backdoor used to infect systems in Afghanistan, Germany and the U.S., researchers have reported. On Tuesday, Cisco Talos researchers said that they’ve spotted infections they attributed to the Turla group aka Snake, Venomous Bear,...

UBUNTU-CVE-2020-13817

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service daemon exit or system time change by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path...

CVE-2017-18674

CVE-2017-18674 affects Samsung mobile devices running Android N (7.0); the Timaservice time service is susceptible to a kernel panic. The issue is associated with Samsung ID SVE-2017-8593, May 2017. CVSS indicates network attack vector with low privileges required and high availability impact. Th...

CVE-2019-14259

On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection missing input validation issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands ...

Command injection

On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection missing input validation issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands ...

CVE-2019-14259

On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection missing input validation issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands ...

Microsoft Windows: Enable Windows NTP Client

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winntpclient.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Enable Windows NTP Client Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free software;...

Updated mapserver packages fix CVE-2013-7262 and packaging issues

Updated mapserver packages fix security vulnerability: SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TI...

openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)

The NTP time service could be used for remote denial of service amplification attacks. This issue can be fixed by the administrator as we described in our security advisory SUSE-SA:2014:001 http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005. html and on...

SUSE-SU-2015:0259-3 Security update for ntp

The NTP time service could have been used for remote denial of service amplification attacks. This issue can be fixed by the administrator as we described in our security advisory SUSE-SA:2014:001 http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.html and on...

CVE-2013-7262

SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter...

CVE-2013-7262

SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter...

CVE-2013-7262

The vulnerability CVE-2013-7262 affects MapServer (MapServer before 6.4.1) in the msPostGISLayerSetTimeFilter function (mappostgis.c). When using a WMS-Time service, a crafted PostGIS TIME filter can lead to remote SQL command execution, exposing SQL injection risk with partial confidentiality/in...

CVE-2013-7262

SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter...