DEBIAN-CVE-2012-3466

GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors...

Design/Logic Flaw

Virtual War aka VWar 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie...

CVE-2010-5067

Virtual War aka VWar 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie...

Session-timeout not being respected

As per the following KB I made changes that should have seen timeout reduced to 2 minutes. https://confluence.atlassian.com/pages/viewpage.action?pageId=126910597 in /confluence/WEB-INF/web.xml code 2 code I can't force Confluence to have a session timeout. This issue has been reproduced on first...

Session-timeout not being respected

As per the following KB I made changes that should have seen timeout reduced to 2 minutes. https://confluence.atlassian.com/pages/viewpage.action?pageId=126910597 in /confluence/WEB-INF/web.xml code 2 code I can't force Confluence to have a session timeout. This issue has been reproduced on first...

Session-timeout not being respected

As per the following KB I made changes that should have seen timeout reduced to 2 minutes. https://confluence.atlassian.com/pages/viewpage.action?pageId=126910597 in /confluence/WEB-INF/web.xml code 2 code I can't force Confluence to have a session timeout. This issue has been reproduced on first...

VSS Timeout when backing up Exchange VM

Article Applicability This article was initially created for Veeam Backup & Replication 6.1. While the article remains technically accurate regarding the behavior of Microsoft VSS and Veeam's interactions with VSS, the issue discussed rarely occurs thanks to the improvements made in Veeam Backup ...

DEBIAN-CVE-2012-3421

The pduread function in pdu.c in libpcp in Performance Co-Pilot PCP before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service pmcd hang by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."...

CVE-2012-3421

The pduread function in pdu.c in libpcp in Performance Co-Pilot PCP before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service pmcd hang by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."...

CVE-2012-3421

The pduread function in pdu.c in libpcp in Performance Co-Pilot PCP before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service pmcd hang by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."...

UBUNTU-CVE-2012-3421

The pduread function in pdu.c in libpcp in Performance Co-Pilot PCP before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service pmcd hang by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."...

http-slowloris-check NSE Script

Tests a web server for vulnerability to the Slowloris DoS attack without actually launching a DoS attack. Slowloris was described at Defcon 17 by RSnake see . This script opens two connections to the server, each without the final CRLF. After 10 seconds, second connection sends additional header...

llmnr-resolve NSE Script

Resolves a hostname by using the LLMNR Link-Local Multicast Name Resolution protocol. The script works by sending a LLMNR Standard Query containing the hostname to the 5355 UDP port on the 224.0.0.252 multicast address. It listens for any LLMNR responses that are sent to the local machine with a...

broadcast-igmp-discovery NSE Script

Discovers targets that have IGMP Multicast memberships and grabs interesting information. The scripts works by sending IGMP Membership Query message to the 224.0.0.1 All Hosts multicast address and listening for IGMP Membership Report messages. The script then extracts all the interesting...

OS X Gather Keychain Enumeration

This module presents a way to quickly go through the current user's keychains and collect data such as email accounts, servers, and other services. Please note: when using the GETPASS and GETPASSAUTOACCEPT option, the user may see an authentication alert flash briefly on their screen that gets...

Veeam ONE Monitor performance data collection times out

Challenge You are facing the following configuration issue: Veeam ONE Monitor performance graphs show the No Data Available message. Cause VeeamDCS.log file contains the following errors: ​Collecting thread has failed to initialize The operation has timed out and will be stopped Collecting thread...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

These new kernel packages contain fixes for the following security issues : - a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers CVE-2007-2242, Important. - a flaw in the nfnetlinklog...

Scientific Linux Security Update : openldap on SL5.x i386/x86_64

A flaw was found in the way OpenLDAP's slapd daemon handled malformed objectClasses LDAP attributes. A local or remote attacker could create an LDAP request which could cause a denial of service by crashing slapd. CVE-2007-5707 In addition, the following feature was added : - OpenLDAP client tool...

sip-call-spoof NSE Script

Spoofs a call to a SIP phone and detects the action taken by the target busy, declined, hung up, etc. This works by sending a fake sip invite request to the target phone and checking the responses. A response with status code 180 means that the phone is ringing. The script waits for the next...

Unable to collect files information from datastore in a timely manner due to high vCenter server load

Challenge Veeam ONE Reporter collects data from datastores using the SearchDatastoreSubFoldersTask tasks, which are pre-defined by vSphere. During that process, if a datastore becomes unavailable or experiences performance issues, Veeam ONE Reporter may be unable to complete data collection tasks...