eap-info NSE Script

Enumerates the authentication methods offered by an EAP Extensible Authentication Protocol authenticator for a given identity or for the anonymous identity if no argument is passed. Script Arguments eap-info.identity Identity to use for the first step of the authentication methods if omitted...

nfs-utils security, bug fix, and enhancement update

1.0.9-60.0.1.el5 - Add support for resvport for unmonting orabug 13567018 1.0.9-60 - Updated idmapd.conf and idmapd.conf.man to reflect the static user name mapping 502707 - Fixed an umount regression introduced by bz 513094 bz 781931 1.0.9-59 - gss: turned of even more excessive syslogs bz 59309...

url-snarf NSE Script

Sniffs an interface for HTTP traffic and dumps any URLs, and their originating IP address. Script output differs from other script as URLs are written to stdout directly. There is also an option to log the results to file. The script can be limited in time by using the timeout argument or run unt...

Gitorious Remote Command Execution

Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products Gitorious 2.1.1 http://gitorious.org Vendor communication 2012-01-16 Asking vendor for PGP key 2012-01-17 Getting PGP key from vendor 2012-01-17 Sending vulnerability details to vendor 2012-01-19 Vendor...

Windows Manage Download and/or Execute

This module will download a file by importing urlmon via railgun. The user may also choose to execute the file with arguments via execstring. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

broadcast-ripng-discover NSE Script

Discovers hosts and routing information from devices running RIPng on the LAN by sending a broadcast RIPng Request command and collecting any responses. Script Arguments broadcast-ripng-discover.timeout sets the connection timeout default: 5s Example Usage nmap --script broadcast-ripng-discover...

Patch 3 Release Notes for Veeam Backup & Replication 6.0.0.153

More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge These are the issues resolved by the Patch 3 for Veeam Backup version 6.0.0.153. All patches are cumulative so each below fix is contained in this patch...

VSS Freeze Wait Timeout

Challenge A Backup or Replication tasks fails with the following errors: "VSSControl: Failed to prepare guest for freeze, wait timeout 900 sec." "VSSControl: Failed to freeze guest, wait timeout" Solution Possible Security Software Interference Anti-virus software may impede VSS operations. As an...

WordPress Zingiri 2.2.3 Code Execution

get; 41. ifremoveTrailingSlash$sessionAction-getFolder == getParentPath$POST'id' && sizeof$selectedDocuments 42. 43. if$key = arraysearchbasename$POST'id', $selectedDocuments !== false 44. 45. $selectedDocuments$key = $POST'value'; 46. $sessionAction-set$selectedDocuments; 47. 48. 49. echo...

rexec-brute NSE Script

Performs brute force password auditing against the classic UNIX rexec remote exec service. Script Arguments rexec-brute.timeout socket timeout for connecting to rexec default 10s passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library...

rlogin-brute NSE Script

Performs brute force password auditing against the classic UNIX rlogin remote login service. This script must be run in privileged mode on UNIX because it must bind to a low source port number. Script Arguments rlogin-brute.timeout socket timeout for connecting to rlogin default 10s passdb,...

broadcast-rip-discover NSE Script

Discovers hosts and routing information from devices running RIPv2 on the LAN. It does so by sending a RIPv2 Request command and collects the responses from all devices responding to the request. Script Arguments broadcast-rip-discover.timeout timespec defining how long to wait for a response...

DEBIAN-CVE-2011-4137

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

PYSEC-2011-2

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

PYSEC-2011-2

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

CVE-2011-4137

In Django, CVE-2011-4137 affects the URLField verify_exists check: before 1.2.7 and 1.3.x before 1.3.1, it uses libraries that access arbitrary URLs with no timeout, enabling DoS via slow, data-less, or large-response URLs. Root cause: lack of timeout handling in URL checks. Impact: remote denial...

The service discovery portion of the SPI frequently fails due to a timeout

Challenge Due to weak virtual infrastructure, the discovery process takes more time than the default timeout in the HP agent. Cause Performance related problems on VMware vCenter side. Solution Workaround is to adjust settings of the agent timeout by using the following commands: ovconfchg -ns...

Samsung Galaxy S II (AT&T) trusted pattern lock Security Bypassed

Samsung Galaxy S II AT&T trusted pattern lock Security Bypassed Major security flaw found in AT&T's upcoming Samsung Galaxy S II device. Guys at BGR noticed that the information on the upcoming AT&T version of the Samsung Galaxy S II isn't so safe behind a once trusted pattern lock, and that it c...

SureBackup: Error: Mount with leaseId already activated

Challenge A SureBackup job displays the error: Error: Mount with leaseId 'xxx-xxx-xxx-xxx-xxx-xxx' already activated. Cause Surebackup will fail with this message if certain operations time out. Veeam Backup & Replication implements timeouts for most operations to protect against hangs. However,...

lltd-discovery NSE Script

Uses the Microsoft LLTD protocol to discover hosts on a local network. For more information on the LLTD protocol please refer to Script Arguments lltd-discovery.interface string specifying which interface to do lltd discovery on. If not specified, all ethernet interfaces are tried...