USN-1716-1: gnome-screensaver vulnerability

It was discovered that gnome-screensaver did not start automatically after logging in. This may result in the screen not being automatically locked after the inactivity timeout is reached, permitting an attacker with physical access to gain access to an unlocked session...

Cisco ASA 5500 Series SSH Timeout DoS

The remote Cisco ASA is missing a security patch and may be affected by a denial of service vulnerability. Due to a flaw in the management of remote SSH sessions, multiple login sessions can cause the ASA to crash. A remote, authenticated attacker could exploit this to cause a denial of service. ...

PT-2013-1004

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 6.6 p1-r1 OpenSSH through 6.1 VMware vCenter Server affected versions not specified Check Point GAiA affected versions not specified Description The issue is related to a mechanism in OpenSSH that can cause a denial o...

CentOS Update for autofs CESA-2013:0132 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS 5 : autofs (CESA-2013:0132)

An updated autofs package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which giv...

Scientific Linux Security Update : autofs on SL5.x i386/x86_64 (20130108)

A bug fix included in SLBA-2012:0264 introduced a denial of service flaw in autofs. When using autofs with LDAP, a local user could use this flaw to crash autofs, preventing future mount requests from being processed until the autofs service was restarted. Note: This flaw did not impact existing...

REST session not terminated

panel This issue deals with how JIRA manages session requests to the REST/SOAP API. The related issue JRA-27050 deals with session management for web Crawlers. The related issue JRA-27047 deals with session management for stateless requests to the REST/SOAP API. panel h4. Expected behavior 1. On...

REST session not terminated

panel This issue deals with how JIRA manages session requests to the REST/SOAP API. The related issue JRA-27050 deals with session management for web Crawlers. The related issue JRA-27047 deals with session management for stateless requests to the REST/SOAP API. panel h4. Expected behavior 1. On...

RedHat Update for autofs RHSA-2013:0132-01

Check for the Version of autofs OpenVAS Vulnerability Test RedHat Update for autofs RHSA-2013:0132-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

autofs security update

CentOS Errata and Security Advisory CESA-2013:0132 An updated autofs package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common...

Low: Red Hat Security Advisory: autofs security, bug fix, and enhancement update

An updated autofs package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which giv...

conga: insecure handling of luci web interface sessions

It was discovered that luci stored usernames and passwords in session cookies. This issue prevented the session inactivity timeout feature from working correctly, and allowed attackers able to get access to a session cookie to obtain the victim's authentication credentials...

RHEL 5 : autofs (RHSA-2013:0132)

The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2013:0132 advisory. The autofs utility controls the operation of the automount daemon. The automount daemon automatically mounts and unmounts file systems. A bug fix...

Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability - Windows

Apache HTTP Server is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Tectia SSH USERAUTH Change Request Password Reset

This Metasploit module exploits a vulnerability in Tectia SSH server for Unix-based platforms. The bug is caused by a SSH2MSGUSERAUTHPASSWDCHANGEREQ request before password authentication, allowing any remote user to bypass the login routine, and then gain access as root. This file is part of the...

Digi RealPort Serial Server Port Scanner

Identify active ports on RealPort-enabled serial servers. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Digi RealPort Serial Server Port Scanner', 'Description' = 'Identify active ports on...

DEBIAN-CVE-2012-3466

GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors...

Design/Logic Flaw

Virtual War aka VWar 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie...

CVE-2010-5067

Virtual War aka VWar 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie...

Session-timeout not being respected

As per the following KB I made changes that should have seen timeout reduced to 2 minutes. https://confluence.atlassian.com/pages/viewpage.action?pageId=126910597 in /confluence/WEB-INF/web.xml code 2 code I can't force Confluence to have a session timeout. This issue has been reproduced on first...