CVE-2013-0527

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation...

CVE-2013-0527

IBM Sterling Connect:Direct Browser (UI) is affected by CVE-2013-0527 for versions 1.4–1.4.0.10 and 1.5–1.5.0.1, where idle-session timeout leaves pages open, potentially exposing administrative-console information to nearby attackers. The IBM bulletin directs upgrading to the current release: 1....

imacs CMS 0.3.0 Shell Upload

?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : imacs CMS Unrestricted File Upload Exploit Date...

Fedora 17 : curl-7.24.0-9.fc17 (2013-7797)

switch SSL socket into non-blocking mode after handshake 960765 - prevent an artificial timeout event due to stale speed-check data 906031 - show proper host name on failed resolve 957173 fix cookie tailmatching to prevent cross-domain leakage CVE-2013-1944 Note that Tenable Network Security has...

Windows Manage Remote Point-to-Point Tunneling Protocol

This module initiates a PPTP connection to a remote machine VPN server. Once the tunnel is created we can use it to force the victim traffic to go through the server getting a man in the middle attack. Be sure to allow forwarding and masquerading on the VPN server mitm. This module requires...

Fedora 18 : curl-7.27.0-9.fc18 (2013-6766)

prevent an artificial timeout event due to stale speed-check data 906031 - show proper host name on failed resolve 957173 fix cookie tailmatching to prevent cross-domain leakage CVE-2013-1944 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Fedora 19 : curl-7.29.0-6.fc19 (2013-6780)

prevent an artificial timeout event due to stale speed-check data 906031 - show proper host name on failed resolve 957173 fix cookie tailmatching to prevent cross-domain leakage CVE-2013-1944 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Windows Gather Deleted Files Enumeration and Recovering

This module lists and attempts to recover deleted files from NTFS file systems. Use the FILES option to guide recovery. Leave this option empty to enumerate deleted files in the DRIVE. Set FILES to an extension e.g., "pdf" to recover deleted files with that extension, or set FILES to a comma...

Tips for DAG Exchange Backup and Replication in vSphere

vSphere Snapshot Improvements This article was initially written when vSphere 5 snapshot operations were known and expected to cause small amounts of I/O stun to a VM's guest OS. Improvements in the latter vSphere versions, including significant changes to snapshot operation methodology in vSpher...

DEBIAN-CVE-2012-6540

The doipvsgetctl function in net/netfilter/ipvs/ipvsctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IPVSSOGETTIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

CentOS 6 : squid (CESA-2013:0505)

Updated squid packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

UBUNTU-CVE-2012-6540

The doipvsgetctl function in net/netfilter/ipvs/ipvsctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IPVSSOGETTIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

CVE-2013-0931

EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration...

Design/Logic Flaw

EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration...

CVE-2013-0931

EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration...

Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20130221)

An input sanitization flaw was found in the modnegotiation Apache HTTP Server module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use this flaw to conduct cross-site scripting attacks against users visiting th...

Nmap NSE 6.01: ms-sql-info

Attempts to determine configuration and version information for Microsoft SQL Server instances. SQL Server credentials required: No will not benefit from 'mssql.username' & 'mssql.password'. Run criteria: Host script: Will always run. Port script: N/A NOTE: Unlike previous versions, this script...

squid security and bug fix update

7:3.1.10-16 - Resolves: 888198 - CVE-2012-5643: improved upstream patch 7:3.1.10-15 - Reverts: 861062 - Squid delays on FQDNs that don't contains AAAA record 7:3.1.10-14 - Resolves: 888198 - CVE-2012-5643: patch 7:3.1.10-13 - Resolves: 888198 - CVE-2012-5643: DoS excessive resource consumption...

httpd security, bug fix, and enhancement update

2.2.15-26.0.1.el6 - replace index.html with Oracle's index page oracleindex.html update vstring in specfile 2.2.15-26 - htcacheclean: exit with code 4 also for 'restart' action 805810 2.2.15-25 - htcacheclean: exit with code 4 if nonprivileged user runs initscript 805810 - rotatelogs: omit the...

RHEL 6 : squid (RHSA-2013:0505)

Updated squid packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...