Qualys scanners use the ssh-rsa algorithm for pubkey signing in its attempt of SSH login. Modern SSHD servers reject pubkey login with ssh-rsa, so Qualys is unable to scan up-to-date Linux e.g. Debian12 or RHEL9. Qualys does not check the list of pubkey signing algorithms accepted by SSHD servers, and therefore cannot notify about any insecure ones.
9cc12364accc88c8da5dc14fcda696933b5a5d17343558cadfdb7480fa60e6faThe Netgear CG3000v2 cable modem fails to validate an admin's old password prior to changing to a new one. It also appears to suffer from cross site request forgery issues.
60a9f0aaa0dd1bda3794476688930f7d44eef4e51d60f57a34808b39c96672ffUtempter allows for utmp manipulation that can deceive any software depending on it.
158ebf754dd7aea0420f62e882dc07d1115a71b7b038eba49a746eceb19da362Mathematica on Linux uses the /tmp/MathLink directory in insecure ways that can allow for account takeover. The problem was made worse by later versions as the addendum states. As of 02/08/2013, the author has noted that this problem is still present in version 9.0.1. As of 08/27/2014, the author has noted that this problem is still present in version 10.0.0 for the GUI interface.
7ededdbc15af7026dccd7b744315ba7216047ad69a2910c0587edbe99dab0843Oracle web server installations with fcgi-bin/echo suffer from a cross site scripting vulnerability.
876ccd422be21e22190e6a2ef52166aa0a13d89638cc8bd6d07d521630c33e6dOracle web server installations with fcgi-bin/echo suffer from a cross site scripting vulnerability.
c15f625d234b659b83eff0e0187bb1b65a44f4a7f1400da4d1ac668d47f8f949Mathematic7 on Linux suffers from a symlink attack vulnerability. Update for 2011-01-03 - Version 8 is also vulnerable.
ba1b34538e2340ce2f349c4b509a6cfecb9b3b2d190542148c53cc3ed5b20b2cDebian GNU/Linux symbolic link attack arbitrary file ownership proof of concept exploit.
01bb7b87168f7fc7ba6f2ba43602456a44d4690bdb889ce8106189f7ebf3740eFirefox version 2.0.0.10 appears to inherit the charset of a parent page.
724418cd6fb332b578ca7acd25889fd7dc4e96ce25b54811cc3f66a60a0db7d2It appears that /bin/ls has slipped into the linux-ftpd distribution for Debian as setgid 0. This could possibly be used to leverage root group access.
9a2c4c72d6921d08161dd1e56bc5e49f3512f537413ccb2c789a4aa74343f336Eudora 6.2.14 for Windows that was just released is still susceptible to an attachment spoofing vulnerability. Working exploit included.
40feffee7423a8d9403bc9b62c864111246e0808bd8068c7ab5f09b183a516b9Eudora for windows has a buffer overflow in versions 6.1, 6.0.3, and 5.2.1. Sample exploitation included.
e1c845825eb5408eef5c7fae221f1e6a0db42ab375456108da90f20b60b04384Eudora 6.1 still has attachment spoofing flaws along with a Nested MIME DoS vulnerability.
d3024ea6787aa72ecd301f863e452c672b83f691a325455dd8c7f5b291042e9aExploit that performs an attachment spoofing demo for Eudora versions 6.0.3 and below.
0c214a6830a6b38f208d91c88ccce9d0df221e499a4b82c10d438246c122aa6bRemote exploit for Eudora 6.0.1's (on Windows) LaunchProtect feature, which warns the user before running executable attachments. Unfortunately this only works in the attach folder; using spoofed attachments, executables stored elsewhere may run without warning.
b80328406863d0be504957a92ac97cabca2db4fc69884a48e398d8e55f0a64d3The Korn Shell (ksh) uses temp files in an insecure manner. Demonstration included.
46bf095b3af47f5a39cd2ce0d8c077e482095e3d43d2cc6b15980c73f2114313
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed