RedHat Update for ccid RHSA-2013:1323-01

Check for the Version of ccid OpenVAS Vulnerability Test RedHat Update for ccid RHSA-2013:1323-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Low: Red Hat Security Advisory: sssd security and bug fix update

Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

Input validation

The protocol-inspection feature on Cisco Adaptive Security Appliances ASA devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service connection-table exhaustion via crafted requests that use an inspected protocol, aka Bug ID CSCuh13899...

PT-2013-4414 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: The issue is related to the protocol-inspection feature on Cisco Adaptive Security Appliances ASA devices, which does not properly implement the idle...

CVE-2013-4958

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation...

CVE-2013-4958

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation...

Design/Logic Flaw

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation...

CVE-2013-4958

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation...

CVE-2013-4958

Puppet Enterprise prior to version 3.0.1 is affected by CVE-2013-4958 due to not using a session timeout. This enables a local attacker with an unattended workstation to escalate privileges. The issue is described across multiple advisories (Red Hat, SUSE, Ubuntu, Debian, CVE lists) with the same...

CVE-2013-4958

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation...

net-snmp: snmpd crashes/hangs when AgentX subagent times-out

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service crash or infinite loop, CPU consumption, and hang by causing the AgentX subagent to timeout...

Fedora 18 : gksu-polkit-0.0.3-8.gitf8ce834c.fc18 (2013-13616)

Recreate tarball from proper sources; previous package was shipping an unknown code tarball. - Add proper patching for CVE-2012-5617/CVE-2013-4161, the previous fix was creating a patch file and not patching the code. - Use proper bus name in service file to fix service timeout. Note that Tenable...

CVE-2013-3568 - Linksys CSRF + Root Command Injection

Hi list, I would like to inform you that the latest available Linksys WRT110 firmware is prone to root shell command injection via cross-site request forgery. This vulnerability is the result of the web interface's failure to sanitize ping targets as well as a lack of csrf tokens. Linksys/Belkin...

Oracle Linux 5 : Important: / kernel (ELSA-2007-0376)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0376 advisory. 2.6.18-8.1.6.0.1.el5 -Fix bonding primary=ethX so it picks correct network Bert Barbe IT 101532 ORA 5136660 -Add entropy module option to e1000 John...

CVE-2013-0527

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation...

Design/Logic Flaw

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation...

CVE-2013-0527

IBM Sterling Connect:Direct Browser (UI) is affected by CVE-2013-0527 for versions 1.4–1.4.0.10 and 1.5–1.5.0.1, where idle-session timeout leaves pages open, potentially exposing administrative-console information to nearby attackers. The IBM bulletin directs upgrading to the current release: 1....

CVE-2013-0527

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation...

imacs CMS 0.3.0 Shell Upload

?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : imacs CMS Unrestricted File Upload Exploit Date...

Fedora 17 : curl-7.24.0-9.fc17 (2013-7797)

switch SSL socket into non-blocking mode after handshake 960765 - prevent an artificial timeout event due to stale speed-check data 906031 - show proper host name on failed resolve 957173 fix cookie tailmatching to prevent cross-domain leakage CVE-2013-1944 Note that Tenable Network Security has...