CVE-2014-4048

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...

CVE-2014-4048

CVE-2014-4048 affects the Asterisk Open Source PJSIP Channel Driver up to version 12.3.0. An attacker (remote, potentially after bypassing authentication per AST-2014-008) can terminate a subscription before it completes, triggering a SIP transaction timeout and causing a deadlock in the thread s...

CVE-2014-4048

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...

Asterisk PJSIP Channel Driver Multiple DoS Vulnerabilities (AST-2014-005 / AST-2014-008)

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following denial of service vulnerabilities in the PJSIP channel driver : - A flaw exists in the publish / subscribe framework when an attempt to unsubscribe is made when...

RelateIQ: SSRF (Portscan) via Register Function (Custom Server)

Hi, the custom server option during registration allows performing portscans or "Server Side Request Forgery" from "relateiq" systems to external and potential internal systems. the following is a sample request used excluding cookies: POST /app/GWT.rpc HTTP/1.1 Host: app.relateiq.com User-Agent:...

rubygem-openshift-origin-node: cron.daily/cron.weekly denial of service

Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly...

Unable to retrieve next block transmission command when backing up to tape from a Linux repository

Challenge When backing up to tape from a Linux repository, the following error may appear: Unable to retrieve next block transmission command. Number of already processed blocks: number of blocks. The log file contains the following information: cli| WARN|Tape Default EOM Warning 2147483648!...

Asus RT Password Disclosure Vulnerability

ASUS RT series of routers disclose administrative credentials. This is true for the RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U models. In mid February, I wrote that a substantial portion of ASUS wireless routers would fail to update their...

EMC VPLEX GeoSynchrony会话超时验证安全限制绕过漏洞

Bugtraq ID:66516 CVE ID:CVE-2014-0633 EMC VPLEX GeoSynchrony是虚拟机数据存储软件。 VPLEX GeoSynchrony存在VPLEX GUI会话超时验证漏洞，远程攻击者可以利用漏洞绕过安全限制，获取敏感信息。 0 EMC VPLEX GeoSynchrony 4.0-5.2.1 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://www.emc.com/products-solutions/index.htm...

CVE-2014-0633

The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation...

Design/Logic Flaw

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user...

ESA-2014-016: EMC VPLEX Multiple Vulnerabilities

ESA-2014-016.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities EMC Identifier: ESA-2014-016 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS scores Affected products: All versions from...

CVE-2013-7347

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user...

CVE-2013-7347

CVE-2013-7347 affects Luci in Red Hat Conga, where user session timeout is not properly enforced. This could allow an attacker to gain access to an active session by reading the __ac session cookie. The issue is split from CVE-2012-3359, which covers base64-encoded storage of user credentials in ...

CVE-2014-0633

The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation...

CVE-2014-0633

EMC VPLEX GeoSynchrony GUI has a session-timeout validation flaw in versions 4.x and 5.x prior to 5.3, which could allow remote attackers to execute arbitrary code by leveraging an unattended workstation. The issue affects VPLEX GeoSynchrony 4.0–5.2.1, with EMC recommending upgrading to version 5...

net-snmp: snmpd crashes/hangs when AgentX subagent times-out

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service crash or infinite loop, CPU consumption, and hang by causing the AgentX subagent to timeout...

Fedora 19 : mingw-gnutls-3.1.22-1.fc19 (2014-3493)

Version 3.1.22 released 2014-03-03 - libgnutls: Corrected certificate verification issue GNUTLS-SA-2014-2 - libgnutls: Corrected issue in gnutlspcertlistimportx509raw when provided with invalid data. Reported by Dmitriy Anisimkov. - libgnutls: Corrected timeout issue in subsequent to the first DT...

Fedora 20 : mingw-gnutls-3.1.22-1.fc20 (2014-3454)

Version 3.1.22 released 2014-03-03 - libgnutls: Corrected certificate verification issue GNUTLS-SA-2014-2 - libgnutls: Corrected issue in gnutlspcertlistimportx509raw when provided with invalid data. Reported by Dmitriy Anisimkov. - libgnutls: Corrected timeout issue in subsequent to the first DT...

Apache Commons FileUpload and Apache Tomcat - Denial of Service

CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service Author: Oren Hafif, Trustwave SpiderLabs Research This is a Proof of Concept code that was created for the sole purpose of assisting system administrators in evaluating whether their applications are vulnerable to this...