Powered by Deep Web Technologies
Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


1

V-103: RSA Authentication Agent Lets Remote Users Bypass Authenticatio...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements March 4, 2013 - 12:27am Addthis PROBLEM: RSA Authentication Agent Lets Remote Users Bypass...

2

V-103: RSA Authentication Agent Lets Remote Users Bypass Authentication  

Broader source: Energy.gov (indexed) [DOE]

3: RSA Authentication Agent Lets Remote Users Bypass 3: RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements V-103: RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements March 4, 2013 - 12:27am Addthis PROBLEM: RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements PLATFORM: RSA Authentication Agent 7.1, 7.1.1 for Microsoft Windows ABSTRACT: A vulnerability was reported in RSA Authentication Agent. REFERENCE LINKS: RSA SecurCare SecurityTracker Alert ID: 1028230 CVE-2013-0931 IMPACT ASSESSMENT: Medium DISCUSSION: On systems configured for Quick PIN Unlock, the system will request a PIN instead of a full Passcode when the session is activated from an active screensaver after the Quick PIN Unlock timeout has expired. RSA Authentication Agent on Windows Vista, Windows 7, Windows 2008, and

3

T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated  

Broader source: Energy.gov (indexed) [DOE]

704: RSA enVision Lets Remote Users View Files and Remote 704: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password August 29, 2011 - 3:45am Addthis PROBLEM: Allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox. PLATFORM: RSA enVision Version(s): 3.x, 4.x ABSTRACT: RSA enVision lets remote users view files and remote authenticated users obtain password. reference LINKS: SecurityTracker Alert ID: 1025979 CVE-2011-2736 CVE-2011-2737 RSA enVision Product Security IMPACT ASSESSMENT: Medium Discussion: Two vulnerabilities were reported in RSA enVision. A remote user can view files on the target system. A remote authenticated user can obtain

4

T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated  

Broader source: Energy.gov (indexed) [DOE]

4: RSA enVision Lets Remote Users View Files and Remote 4: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password August 29, 2011 - 3:45am Addthis PROBLEM: Allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox. PLATFORM: RSA enVision Version(s): 3.x, 4.x ABSTRACT: RSA enVision lets remote users view files and remote authenticated users obtain password. reference LINKS: SecurityTracker Alert ID: 1025979 CVE-2011-2736 CVE-2011-2737 RSA enVision Product Security IMPACT ASSESSMENT: Medium Discussion: Two vulnerabilities were reported in RSA enVision. A remote user can view files on the target system. A remote authenticated user can obtain

5

U-112: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated  

Broader source: Energy.gov (indexed) [DOE]

2: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated 2: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated Privileges, Inject SQL Commands, and Spoof Certificates U-112: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated Privileges, Inject SQL Commands, and Spoof Certificates February 28, 2012 - 8:45am Addthis PROBLEM: A vulnerability was reported in PostgreSQL. PLATFORM: Version(s): prior to 8.3.18, 8.4.11, 9.0.7, 9.1.3 ABSTRACT: A remote authenticated user can gain elevated privileges. A remote authenticated user can inject SQL commands. A remote user can spoof connections in certain cases. reference LINKS: Vendor Advisory Security Tracker ID 1026744 CVE-2012-0866 IMPACT ASSESSMENT: Medium Discussion: For trigger functions marked SECURITY DEFINER, a remote authenticated user can execute a trigger function and gain elevated privileges CVE-2012-0866.

6

V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session  

Broader source: Energy.gov (indexed) [DOE]

5: Apache Tomcat FORM Authenticator Lets Remote Users Conduct 5: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks May 14, 2013 - 12:08am Addthis PROBLEM: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks PLATFORM: Tomcat 6.0.21 to 6.0.36, 7.0.0 to 7.0.32 ABSTRACT: A vulnerability was reported in Apache Tomcat. REFERENCE LINKS: Apache Tomcat SecurityTracker Alert ID: 1028534 CVE-2013-2067 IMPACT ASSESSMENT: High DISCUSSION: A remote user can repeatedly send a specially crafted request for a resource requiring authentication while the target user is completing the login form to cause the FORM authentication process to execute the remote user's request with the privileges of the target user.

7

U-130: JBoss Operations Network LDAP Authentication Bug Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

0: JBoss Operations Network LDAP Authentication Bug Lets Remote 0: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication U-130: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication March 21, 2012 - 7:00am Addthis PROBLEM: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication PLATFORM: JBoss Operations Network 2.x ABSTRACT: A vulnerability was reported in JBoss Operations Network. A remote user can login with an arbitrary password in certain cases. reference LINKS: SecurityTracker Alert ID: 1026826 Secunia Advisory SA48471 CVE-2012-1100 IMPACT ASSESSMENT: Medium Discussion: The vulnerability is caused due to an error within the Lightweight Directory Access Protocol (LDAP) authentication when handling invalid bind account credentials, which can be exploited to log-in to LDAP-based

8

U-266: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP  

Broader source: Energy.gov (indexed) [DOE]

6: Apache CXF Lets Remote Authenticated Users Execute 6: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions U-266: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions September 24, 2012 - 6:00am Addthis PROBLEM: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions PLATFORM: This vulnerability affects all released versions of Apache CXF. ABSTRACT: A vulnerability was reported in Apache CXF reference LINKS: SecurityTracker Alert ID: 1027554 Apache CXF Security Advisories Apache CXF Advisory - CVE-2012-3451 CVE-2012-3451 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Apache CXF. A remote authenticated user can execute unauthorized commands on the target web service. Impact: A remote authenticated user can execute potentially unauthorized actions on

9

U-266: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP  

Broader source: Energy.gov (indexed) [DOE]

6: Apache CXF Lets Remote Authenticated Users Execute 6: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions U-266: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions September 24, 2012 - 6:00am Addthis PROBLEM: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions PLATFORM: This vulnerability affects all released versions of Apache CXF. ABSTRACT: A vulnerability was reported in Apache CXF reference LINKS: SecurityTracker Alert ID: 1027554 Apache CXF Security Advisories Apache CXF Advisory - CVE-2012-3451 CVE-2012-3451 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Apache CXF. A remote authenticated user can execute unauthorized commands on the target web service. Impact: A remote authenticated user can execute potentially unauthorized actions on

10

U-061: RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain  

Broader source: Energy.gov (indexed) [DOE]

1: RSA Adaptive Authentication Bugs Let Remote Users Bypass 1: RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain Security Controls U-061: RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain Security Controls December 14, 2011 - 8:17am Addthis PROBLEM: RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain Security Controls. PLATFORM: 6.0.2.1 SP1 Patch 2 and SP1 Patch 3 6.0.2.1 SP2 and SP2 Patch 1 6.0.2.1 SP3 ABSTRACT: A remote user may be able to bypass certain security controls. reference LINKS: SecurityTracker Alert ID: 1026420 Security Focus: ESA-2011-036 IMPACT ASSESSMENT: Medium Discussion: Two vulnerabilities were reported in RSA Adaptive Authentication (On-Premise). A remote user may be able to bypass certain security controls. A remote user can send specially crafted data elements to affect the Device

11

T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without...  

Broader source: Energy.gov (indexed) [DOE]

LDAP Authentication Bug Lets Remote Users Bypass Authentication U-185: OpenLDAP May Ignore TLSCipherSuite Setting in Some Cases T-535: Oracle Critical Patch Update - January 2011...

12

V-223: RSA Authentication Agent for PAM Allows Remote Users to Make  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

3: RSA Authentication Agent for PAM Allows Remote Users to Make 3: RSA Authentication Agent for PAM Allows Remote Users to Make Unlimited Login Attempts V-223: RSA Authentication Agent for PAM Allows Remote Users to Make Unlimited Login Attempts August 21, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in RSA Authentication Agent for PAM PLATFORM: RSA Authentication Agent for PAM 7.0.2 and prior ABSTRACT: A remote user can make unlimited login attempts REFERENCE LINKS: Security Tracker Alert ID 1028930 CVE-2013-3271 IMPACT ASSESSMENT: Medium DISCUSSION: The system does not restrict the number of login attempts made via the agent IMPACT: System Access SOLUTION: Vendor has issued a fix Addthis Related Articles U-267: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability

13

V-127: Samba Bug Lets Remote Authenticated Users Modify Files | Department  

Broader source: Energy.gov (indexed) [DOE]

7: Samba Bug Lets Remote Authenticated Users Modify Files 7: Samba Bug Lets Remote Authenticated Users Modify Files V-127: Samba Bug Lets Remote Authenticated Users Modify Files April 5, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Samba. PLATFORM: The vulnerabilities are reported in version(s): 3.6.0 - 3.6.5 ABSTRACT: A remote authenticated user can modify files on the target share REFERENCE LINKS: SecurityTracker Alert ID: 1028389 Samba Security Announcement CVE-2013-0454 IMPACT ASSESSMENT: Medium DISCUSSION: A remote authenticated user can perform operations on the target CIFS export that are not permitted by the CIFS share access control settings. This may include writing to read-only shares. IMPACT: Modification of user information SOLUTION: Update to 3.6.6 and higher or apply the following patch Addthis

14

U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain  

Broader source: Energy.gov (indexed) [DOE]

84: Cisco Digital Media Manager Lets Remote Authenticated Users 84: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges January 19, 2012 - 9:00am Addthis PROBLEM: A remote authenticated user can gain elevated privileges on the target system. PLATFORM: Cisco Digital Media Manager: Version(s) 5.22 and prior, 5.2.3 ABSTRACT: The system does not properly validate unreferenced URLs. REFERENCE LINKS: Vendor Advisory SecurityTracker Alert ID: 1026541 CVE-2012-0329 IMPACT ASSESSMENT: medium Discussion: Cisco Show and Share is not directly affected by this vulnerability, but a user can exploit the Cisco Digital Media Manager to gain full access to Cisco Show and Share. Impact: A remote authenticated user can send a specially crafted URL via TCP port

15

U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain  

Broader source: Energy.gov (indexed) [DOE]

4: Cisco Digital Media Manager Lets Remote Authenticated Users 4: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges January 19, 2012 - 9:00am Addthis PROBLEM: A remote authenticated user can gain elevated privileges on the target system. PLATFORM: Cisco Digital Media Manager: Version(s) 5.22 and prior, 5.2.3 ABSTRACT: The system does not properly validate unreferenced URLs. REFERENCE LINKS: Vendor Advisory SecurityTracker Alert ID: 1026541 CVE-2012-0329 IMPACT ASSESSMENT: medium Discussion: Cisco Show and Share is not directly affected by this vulnerability, but a user can exploit the Cisco Digital Media Manager to gain full access to Cisco Show and Share. Impact: A remote authenticated user can send a specially crafted URL via TCP port

16

V-127: Samba Bug Lets Remote Authenticated Users Modify Files | Department  

Broader source: Energy.gov (indexed) [DOE]

7: Samba Bug Lets Remote Authenticated Users Modify Files 7: Samba Bug Lets Remote Authenticated Users Modify Files V-127: Samba Bug Lets Remote Authenticated Users Modify Files April 5, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Samba. PLATFORM: The vulnerabilities are reported in version(s): 3.6.0 - 3.6.5 ABSTRACT: A remote authenticated user can modify files on the target share REFERENCE LINKS: SecurityTracker Alert ID: 1028389 Samba Security Announcement CVE-2013-0454 IMPACT ASSESSMENT: Medium DISCUSSION: A remote authenticated user can perform operations on the target CIFS export that are not permitted by the CIFS share access control settings. This may include writing to read-only shares. IMPACT: Modification of user information SOLUTION: Update to 3.6.6 and higher or apply the following patch Addthis

17

V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated Users  

Broader source: Energy.gov (indexed) [DOE]

0: Apache VCL Input Validation Flaw Lets Remote Authenticated 0: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges May 7, 2013 - 12:01am Addthis PROBLEM: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges PLATFORM: Apache VCL Versions: 2.1, 2.2, 2.2.1, 2.3, 2.3.1 ABSTRACT: A vulnerability was reported in Apache VCL. REFERENCE LINKS: Apache Securelist SecurityTracker Alert ID: 1028515 CVE-2013-0267 IMPACT ASSESSMENT: Medium DISCUSSION: A remote authenticated administrative user with minimal administrative privileges (i.e., nodeAdmin, manageGroup, resourceGrant, or userGrant) can send specially crafted data via the web interface or XMLRPC API to gain additional administrative privileges.

18

T-608: HP Virtual Server Environment Lets Remote Authenticated Users Gain  

Broader source: Energy.gov (indexed) [DOE]

8: HP Virtual Server Environment Lets Remote Authenticated 8: HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges T-608: HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges April 22, 2011 - 7:47am Addthis PROBLEM: A vulnerability was reported in HP Virtual Server Environment. A remote authenticated user can obtain elevated privileges on the target system. PLATFORM: HP Virtual Server Environment prior to v6.3 ABSTRACT: A potential security vulnerability has been identified in HP Virtual Server Environment for Windows. The vulnerability could be exploited remotely to elevate privileges. reference LINKS: HP Document ID: c02749050 SecurityTracker Alert ID: 1025429 CVE-2011-1724 HP Insight Software media set 6.3 HP Technical Knowledge Base Discussion: System management and security procedures must be reviewed frequently to

19

U-061: RSA Adaptive Authentication Bugs Let Remote Users Bypass...  

Broader source: Energy.gov (indexed) [DOE]

Bugs Let Remote Users Bypass Certain Security Controls. PLATFORM: 6.0.2.1 SP1 Patch 2 and SP1 Patch 3 6.0.2.1 SP2 and SP2 Patch 1 6.0.2.1 SP3 ABSTRACT: A remote user may...

20

T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid  

Broader source: Energy.gov (indexed) [DOE]

5: OpenLDAP back-ndb Lets Remote Users Authenticate Without a 5: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password March 11, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in OpenLDAP. A remote user can authenticate without a valid password. PLATFORM: Open LDAP version(s) 2.4.12 - 2.2.24 ABSTRACT: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password. reference LINKS: SecurityTracker Alert ID:1025190 Secunia Advisory:SA43331 OpenLDAP Issue OpenLDAP Download CVE-2011-1025 IMPACT ASSESSMENT: Medium Discussion: A remote user with knowledge of the target distinguished name can provide an arbitrary password to successfully authenticate on systems using the NDB back-end. Impact: Some vulnerabilities have been reported in OpenLDAP, which can be exploited

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


21

U-254: Webmin Flaws Let Remote Authenticated Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

54: Webmin Flaws Let Remote Authenticated Users Execute 54: Webmin Flaws Let Remote Authenticated Users Execute Arbitrary Code and View Arbitrary Files U-254: Webmin Flaws Let Remote Authenticated Users Execute Arbitrary Code and View Arbitrary Files September 10, 2012 - 6:00am Addthis PROBLEM: Webmin Multiple Input Validation Vulnerabilities PLATFORM: The vulnerabilities are reported in version 1.580. Other versions may also be affected. ABSTRACT: An authenticated attacker may be able to execute arbitrary commands. reference LINKS: Webmin Security Alerts Bugtraq ID: 55446 Secunia Advisory SA50512 SecurityTracker Alert ID: 1027507 US CERT Vulnerability Note VU#788478 CVE-2012-2981 CVE-2012-2982 CVE-2012-2983 IMPACT ASSESSMENT: Medium Discussion: Multiple vulnerabilities have been reported in Webmin, which can be exploited by malicious users to compromise a vulnerable system and by

22

V-077: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication |  

Broader source: Energy.gov (indexed) [DOE]

7: Barracuda SSL VPN Bug Lets Remote Users Bypass 7: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication V-077: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication January 25, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Barracuda SSL VPN. PLATFORM: The vulnerability has been verified to exist in Barracuda SSL VPN version 2.2.2.203 ABSTRACT: A remote user can gain administrative access to the target system. REFERENCE LINKS: SecurityTracker Alert ID: 1028039 Barracuda Networks Advisory IMPACT ASSESSMENT: High DISCUSSION: A remote user can set a specially crafted Java system property (via 'setSysProp.jsp') to bypass access restrictions and gain access to the API functionality. This can be exploited to download configuration files, download database dumps, shutdown the system, and set new administrative

23

U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication and  

Broader source: Energy.gov (indexed) [DOE]

44: McAfee Email Gateway Lets Remote Users Bypass Authentication 44: McAfee Email Gateway Lets Remote Users Bypass Authentication and Conduct Cross-Site Scripting and Directory Traversal Attacks U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication and Conduct Cross-Site Scripting and Directory Traversal Attacks August 27, 2012 - 7:00am Addthis PROBLEM: McAfee Email Gateway Lets Remote Users Bypass Authentication and Conduct Cross-Site Scripting and Directory Traversal Attacks PLATFORM: McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 (MEG 6.7.x is NOT affected.) McAfee Email and Web Security (EWS) 5.6 Patch 3 and earlier McAfee Email and Web Security (EWS) 5.5 Patch 6 and earlier ABSTRACT: Several vulnerabilities were reported in McAfee Email Gateway. reference LINKS: McAfee Security Bulletin ID: SB10026 SecurityTracker Alert ID: 1027444

24

U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication and  

Broader source: Energy.gov (indexed) [DOE]

4: McAfee Email Gateway Lets Remote Users Bypass Authentication 4: McAfee Email Gateway Lets Remote Users Bypass Authentication and Conduct Cross-Site Scripting and Directory Traversal Attacks U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication and Conduct Cross-Site Scripting and Directory Traversal Attacks August 27, 2012 - 7:00am Addthis PROBLEM: McAfee Email Gateway Lets Remote Users Bypass Authentication and Conduct Cross-Site Scripting and Directory Traversal Attacks PLATFORM: McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 (MEG 6.7.x is NOT affected.) McAfee Email and Web Security (EWS) 5.6 Patch 3 and earlier McAfee Email and Web Security (EWS) 5.5 Patch 6 and earlier ABSTRACT: Several vulnerabilities were reported in McAfee Email Gateway. reference LINKS: McAfee Security Bulletin ID: SB10026 SecurityTracker Alert ID: 1027444

25

V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated...  

Broader source: Energy.gov (indexed) [DOE]

or userGrant) can send specially crafted data via the web interface or XMLRPC API to gain additional administrative privileges. IMPACT: A remote authenticated user can...

26

V-220: Juniper Security Threat Response Manager Lets Remote Authenticated  

Broader source: Energy.gov (indexed) [DOE]

0: Juniper Security Threat Response Manager Lets Remote 0: Juniper Security Threat Response Manager Lets Remote Authenticated Users Execute Arbitrary Commands V-220: Juniper Security Threat Response Manager Lets Remote Authenticated Users Execute Arbitrary Commands August 17, 2013 - 4:01am Addthis PROBLEM: A remote authenticated user can execute arbitrary commands on the target system. PLATFORM: 2010.0, 2012.0, 2012.1, 2013.1 ABSTRACT: A vulnerability was reported in Juniper Security Threat Response Manager (STRM) REFERENCE LINKS: SecurityTracker Alert ID: 1028921 CVE-2013-2970 IMPACT ASSESSMENT: High DISCUSSION: A remote authenticated user can inject commands to execute arbitrary operating system commands with the privileges of the target web service. This can be exploited to gain shell access on the target device.

27

T-696: RSA Adaptive Authentication Has Unspecified Remote Authenticated  

Broader source: Energy.gov (indexed) [DOE]

6: RSA Adaptive Authentication Has Unspecified Remote 6: RSA Adaptive Authentication Has Unspecified Remote Authenticated Session Re-use Flaw T-696: RSA Adaptive Authentication Has Unspecified Remote Authenticated Session Re-use Flaw August 18, 2011 - 3:09pm Addthis PROBLEM: A vulnerability was reported in RSA Adaptive Authentication. PLATFORM: 6.0.2.1 SP1 Patch 2 and SP1 Patch 3, 6.0.2.1 SP2 and SP2 Patch 1, 6.0.2.1 SP3 ABSTRACT: An issue with Adaptive Authentication (On-Premise) was discovered which in certain circumstances might affect the out-of-the-box available authentication methods. In certain circumstances, when authentication information is compromised, and with the knowledge of additional session information, the authentication information might be reused within an active session. reference LINKS: Security Tracker: 1025956

28

User Authentication Policy | Argonne Leadership Computing Facility  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Eureka / Gadzooks Eureka / Gadzooks Policies Pullback Policy ALCF Acknowledgment Policy Account Sponsorship & Retention Policy Accounts Policy Data Policy INCITE Quarterly Report Policy Job Scheduling Policy on BG/P Job Scheduling Policy on BG/Q Refund Policy Software Policy User Authentication Policy Documentation Feedback Please provide feedback to help guide us as we continue to build documentation for our new computing resource. [Feedback Form] User Authentication Policy Users of the Argonne production systems are required to use a CRYPTOCard one time password, multifactor authentication system. This document explains the policies users must follow regarding CRYPTOCard tokens for accessing the Argonne resources. MultiFactor Authentication "Authentication systems are frequently described by the authentication

29

V-166: HP-UX Directory Server Discloses Passwords to Remote Authenticated  

Broader source: Energy.gov (indexed) [DOE]

6: HP-UX Directory Server Discloses Passwords to Remote 6: HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users V-166: HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users May 29, 2013 - 12:32am Addthis PROBLEM: HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users PLATFORM: Directory Server B.08.10.04 ABSTRACT: Two vulnerabilities were reported in HP-UX Directory Server. REFERENCE LINKS: HP Document ID: c03772083 SecurityTracker Alert ID: 1028593 CVE-2012-2678 CVE-2012-2746 IMPACT ASSESSMENT: High DISCUSSION: A local user can access the plaintext password in certain cases [CVE-2012-2678]. A remote authenticated user can can view the password for a target LDAP user when audit logging is enabled by reading the audit log [CVE-2012-2678].

30

U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code V-071: Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users...

31

T-606: Sun Java System Access Manager Lets Remote Users Partially Modify  

Broader source: Energy.gov (indexed) [DOE]

06: Sun Java System Access Manager Lets Remote Users Partially 06: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data T-606: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data April 20, 2011 - 3:58am Addthis PROBLEM: Two vulnerabilities were reported in Sun Java System Access Manager. A remote authenticated user can partially access data on the target system. A remote user can partially modify data on the target system. PLATFORM: Sun Java versions 7.1, 8.0 ABSTRACT: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data. reference LINKS: SecurityTracker Alert ID: 1025408 CVE-2011-0844 CVE-2011-0847 Oracle Critical Patch Update Advisory

32

T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let...  

Broader source: Energy.gov (indexed) [DOE]

8: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct...

33

U-240: Apple Remote Desktop Encryption Failure Lets Remote Users...  

Broader source: Energy.gov (indexed) [DOE]

0: Apple Remote Desktop Encryption Failure Lets Remote Users Obtain Potentially Sensitive Information U-240: Apple Remote Desktop Encryption Failure Lets Remote Users Obtain...

34

V-031: IBM WebSphere DataPower XC10 Appliance Bugs Let Remote Authenticated  

Broader source: Energy.gov (indexed) [DOE]

1: IBM WebSphere DataPower XC10 Appliance Bugs Let Remote 1: IBM WebSphere DataPower XC10 Appliance Bugs Let Remote Authenticated Users Gain Elevated Privileges and Remote Users Deny Service V-031: IBM WebSphere DataPower XC10 Appliance Bugs Let Remote Authenticated Users Gain Elevated Privileges and Remote Users Deny Service November 22, 2012 - 3:00am Addthis PROBLEM: IBM WebSphere DataPower XC10 Appliance Bugs Let Remote Authenticated Users Gain Elevated Privileges and Remote Users Deny Service PLATFORM: Version(s): XC10 2.0.0.0 - 2.0.0.3, 2.1.0.0 - 2.1.0.2 ABSTRACT: Several vulnerabilities were reported in IBM WebSphere DataPower. REFERENCE LINKS: IBM Security Bulletin SecurityTracker Alert ID: 1027798 CVE-2012-5758 CVE-2012-5759 CVE-2012-5756 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities were reported in IBM WebSphere DataPower. A remote

35

T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass  

Broader source: Energy.gov (indexed) [DOE]

7: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users 7: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information August 31, 2011 - 12:00pm Addthis PROBLEM: A vulnerability was reported in Apache Tomcat. A remote user can bypass authentication or obtain potentially sensitive information. PLATFORM: Apache Tomcat 5.5.0 to 5.5.33, 6.0.0 to 6.0.33, 7.0.0 to 7.0.20 ABSTRACT: Apache Tomcat AJP protocol processing bug lets remote users bypass authentication or obtain information. reference LINKS: SecurityTracker Alert ID: 1025993 CVE-2011-3190 (under review) Apache Tomcat Security Updates IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Apache Tomcat. A remote user can bypass

36

U-211: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated  

Broader source: Energy.gov (indexed) [DOE]

11: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote 11: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories U-211: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories July 12, 2012 - 7:00am Addthis PROBLEM: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories PLATFORM: EMC Celerra Network Server versions 6.0.36.4 through 6.0.60.2 EMC VNX versions 7.0.12.0 through 7.0.53.1 EMC VNXe 2.0 (including SP1, SP2, and SP3) EMC VNXe MR1 (including SP1, SP2, SP3, and SP3.1) EMC VNXe MR2 (including SP0.1) ABSTRACT: A vulnerability was reported in EMC Celerra/VNX/VNXe. A remote authenticated user can access files and directories on the target file system. reference LINKS: The Vendor's Advisory

37

Challenges and architectural approaches for authenticating mobile users  

Science Journals Connector (OSTI)

This paper casts an architectural eye at existing work on security and privacy in mobile computing. Specifically, it focuses on authentication as it leads up to access control from two points of view: servicer providers granting access to users, and ... Keywords: access control, anonymity, authentication, mobile computing, trust, ubiquitous computing, user mobility

Joo Pedro Sousa

2008-05-01T23:59:59.000Z

38

T-696: RSA Adaptive Authentication Has Unspecified Remote Authenticate...  

Broader source: Energy.gov (indexed) [DOE]

A vulnerability was reported in RSA Adaptive Authentication. PLATFORM: 6.0.2.1 SP1 Patch 2 and SP1 Patch 3, 6.0.2.1 SP2 and SP2 Patch 1, 6.0.2.1 SP3 ABSTRACT: An issue with...

39

T-606: Sun Java System Access Manager Lets Remote Users Partially...  

Broader source: Energy.gov (indexed) [DOE]

LINKS: SecurityTracker Alert ID: 1025408 CVE-2011-0844 CVE-2011-0847 Oracle Critical Patch Update Advisory IMPACT ASSESSMENT: Medium Discussion: A remote authenticated user can...

40

U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users  

Broader source: Energy.gov (indexed) [DOE]

9: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain 9: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication May 1, 2012 - 7:00am Addthis PROBLEM: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication PLATFORM: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6) ABSTRACT: A vulnerability was reported in Red Hat Enterprise MRG Messaging. A remote user can access cluster messages and view the internal configuration. reference LINKS: SecurityTracker Alert ID: 1026990 CVE-2011-3620 Red Hat advisory IMPACT ASSESSMENT: High Discussion: Qpid may accept arbitrary passwords and SASL mechanims. A remote user on the local private interconnect network with knowledge of a valid cluster

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


41

U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass  

Broader source: Energy.gov (indexed) [DOE]

7: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass 7: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative Access U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative Access August 29, 2012 - 6:00am Addthis PROBLEM: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative Access PLATFORM: EMC Cloud Tiering Appliance (CTA) 7.4 and prior EMC Cloud Tiering Appliance Virtual Edition (CTA/VE) 7.4 and prior EMC Cloud Tiering Appliance (CTA) 9.0 and prior EMC Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and prior ABSTRACT: A vulnerability was reported in EMC Cloud Tiering Appliance. reference LINKS: SecurityTracker Alert ID: 1027448 Bugtraq ID: 55250 EMC.com CVE-2012-2285 IMPACT ASSESSMENT:

42

U-201: HP System Management Homepage Bugs Let Remote Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

1: HP System Management Homepage Bugs Let Remote Users Deny 1: HP System Management Homepage Bugs Let Remote Users Deny Service U-201: HP System Management Homepage Bugs Let Remote Users Deny Service June 28, 2012 - 7:00am Addthis PROBLEM: A vulnerability was reported in HP System Management Homepage. PLATFORM: Version(s): prior to 7.1.1 ABSTRACT: The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Reference links: Original Advisory Security Tracker ID 1027209 CVE-2012-2012, CVE-2012-2013, CVE-2012-2014 CVE-2012-2015, CVE-2012-2016 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP System Management Homepage. A remote authenticated user can gain elevated privileges. A remote authenticated

43

V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and  

Broader source: Energy.gov (indexed) [DOE]

6: Cisco Wireless LAN Controller Bugs Let Remote Users Deny 6: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code January 24, 2013 - 6:00am Addthis PROBLEM: Several vulnerabilities were reported in Cisco Wireless LAN Controller. PLATFORM: The vulnerabilities are reported in: Cisco 2000 Series WLC Cisco 2100 Series WLC Cisco 2500 Series WLC Cisco 4100 Series WLC Cisco 4400 Series WLC Cisco 5500 Series WLC Cisco 7500 Series WLC Cisco 8500 Series WLC Cisco 500 Series Wireless Express Mobility Controllers Cisco Wireless Services Module (Cisco WiSM) Cisco Wireless Services Module version 2 (Cisco WiSM version 2)

44

V-183: Cisco TelePresence TC and TE Bugs Let Remote Users Deny Service and  

Broader source: Energy.gov (indexed) [DOE]

3: Cisco TelePresence TC and TE Bugs Let Remote Users Deny 3: Cisco TelePresence TC and TE Bugs Let Remote Users Deny Service and Remote Adjacent Authenticated Users Gain Root Shell Access V-183: Cisco TelePresence TC and TE Bugs Let Remote Users Deny Service and Remote Adjacent Authenticated Users Gain Root Shell Access June 21, 2013 - 6:00am Addthis PROBLEM: Three vulnerabilities were reported in Cisco TelePresence TC and TE PLATFORM: The following product models are affected by the vulnerabilities: Cisco TelePresence MX Series Cisco TelePresence System EX Series Cisco TelePresence Integrator C Series Cisco TelePresence Profiles Series running Cisco TelePresence Quick Set Series Cisco IP Video Phone E20 ABSTRACT: Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an

45

U-031: Microsoft Active Directory CRL Validation Flaw Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

1: Microsoft Active Directory CRL Validation Flaw Lets Remote 1: Microsoft Active Directory CRL Validation Flaw Lets Remote Users Bypass Authentication U-031: Microsoft Active Directory CRL Validation Flaw Lets Remote Users Bypass Authentication November 9, 2011 - 8:30am Addthis PROBLEM: Microsoft Active Directory CRL Validation Flaw Lets Remote Users Bypass Authentication. PLATFORM: Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Active Directory Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows 7 for 32-bit Systems Windows 7 for 32-bit Systems Service Pack 1

46

U-231: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

31: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service 31: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service U-231: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service August 9, 2012 - 7:00am Addthis PROBLEM: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service PLATFORM: Version(s): ASA 5500 Series; 8.2 - 8.4 ABSTRACT: Two vulnerabilities were reported in Cisco ASA. A remote or remote authenticated user can cause denial of service conditions. reference LINKS: Release Notes for the Cisco ASA 5500 Series, 8.4(x) SecurityTracker Alert ID: 1027355 CVE-2012-2472 CVE-2012-2474 IMPACT ASSESSMENT: Medium Discussion: Two vulnerabilities were reported in Cisco ASA. 1. On systems with SIP inspection enabled, a remote user can send specially crafted SIP traffic to cause the target device to create many identical

47

U-088: Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

8: Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary 8: Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary Code U-088: Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary Code January 25, 2012 - 6:00am Addthis PROBLEM: A remote user can execute arbitrary code on the target system. PLATFORM: Version(s): 12.5 SP3; pcAnywhere Solutions 7.1 GA, SP 1, and SP 2 ABSTRACT: Two vulnerabilities were reported in Symantec pcAnywhere. A remote user can execute arbitrary code on the target system. A local user can obtain elevated privileges on the target system. reference LINKS: Symantec Advisory Secunia Advisory SecurityTracker Alert ID:102576 IMPACT ASSESSMENT: Medium Discussion: A remote user can send specially crafted data to TCP port 5631 to trigger a but in the validation of authentication data and execute arbitrary code.

48

V-040: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints |  

Broader source: Energy.gov (indexed) [DOE]

0: Apache Tomcat Bug Lets Remote Users Bypass Security 0: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints V-040: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints December 5, 2012 - 1:00am Addthis PROBLEM: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints PLATFORM: Version(s): 6.0.0 - 6.0.35, 7.0.0 - 7.0.29 ABSTRACT: A vulnerability was reported in Apache Tomcat. REFERENCE LINKS: Apache Tomcat Red Hat Bugzilla - Bug 883634 SecurityTracker Alert ID: 1027833 CVE-2012-3546 IMPACT ASSESSMENT: High DISCUSSION: When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending /j_security_check to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to

49

U-217: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site  

Broader source: Energy.gov (indexed) [DOE]

7: Red Hat Certificate System Bugs Let Remote Users Conduct 7: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site Scripting and Denial of Service Attacks U-217: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site Scripting and Denial of Service Attacks July 20, 2012 - 7:00am Addthis PROBLEM: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site Scripting and Denial of Service Attacks PLATFORM: Red Hat Certificate System v8 ABSTRACT: Two vulnerabilities were reported in Red Hat Certificate System. A remote user can conduct cross-site scripting attacks. A remote authenticated user can revoke the CA certificate. reference LINKS: Advisory: RHSA-2012:1103-1 SecurityTracker Alert ID: 1027284 CVE-2012-2662 CVE-2012-3367 IMPACT ASSESSMENT: Medium Discussion: The Agent and End Entity pages do not properly filter HTML code from

50

U-026: Cisco Small Business SRP500 Series Bug Lets Remote Users Inject  

Broader source: Energy.gov (indexed) [DOE]

6: Cisco Small Business SRP500 Series Bug Lets Remote Users 6: Cisco Small Business SRP500 Series Bug Lets Remote Users Inject Commands U-026: Cisco Small Business SRP500 Series Bug Lets Remote Users Inject Commands November 3, 2011 - 8:15am Addthis PROBLEM: Cisco Small Business SRP500 Series Bug Lets Remote Users Inject Commands. PLATFORM: The following models are affected when running firmware prior to version 1.1.24: Cisco SRP521W Cisco SRP526W Cisco SRP527W The following models are affected when running firmware prior to version 1.2.1: Cisco SRP541W Cisco SRP546W Cisco SRP547W ABSTRACT: A remote user can create a URL that, when loaded by the target authenticated administrative user, will execute arbitrary commands on the target system. reference LINKS: Advisory ID: cisco-sa-20111102-srp500 SecurityTracker Alert ID: 1026266

51

V-195: RSA Authentication Manager Lets Local Users View the Administrative  

Broader source: Energy.gov (indexed) [DOE]

95: RSA Authentication Manager Lets Local Users View the 95: RSA Authentication Manager Lets Local Users View the Administrative Account Password V-195: RSA Authentication Manager Lets Local Users View the Administrative Account Password July 9, 2013 - 12:51am Addthis PROBLEM: RSA Authentication Manager Lets Local Users View the Administrative Account Password PLATFORM: RSA Authentication Manager 7.1, 8.0 ABSTRACT: A vulnerability was reported in RSA Authentication Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1028742 CVE-2013-3273 RSA IMPACT ASSESSMENT: Medium DISCUSSION: When the RSA Authentication Manager Software Development Kit (SDK) is used to develop a custom application that connects with RSA Authentication Manager and the trace logging is set to verbose, the administrative account password used by the custom application is written in clear text to trace

52

V-063: Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain  

Broader source: Energy.gov (indexed) [DOE]

3: Adobe ColdFusion Bugs Let Remote Users Gain Access and 3: Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain Information V-063: Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain Information January 7, 2013 - 1:00am Addthis PROBLEM: Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain Information PLATFORM: ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX ABSTRACT: Adobe has identified three vulnerabilities affecting ColdFusion for Windows, Macintosh and UNIX REFERENCE LINKS: Adobe Security Bulletin APSA13-01 SecurityTracker Alert ID: 1027938 CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 IMPACT ASSESSMENT: High DISCUSSION: A remote user can bypass authentication and take control of the target system [CVE-2013-0625]. Systems with password protection disabled or with no password set are affected.

53

V-202: Cisco Video Surveillance Manager Bugs Let Remote Users...  

Broader source: Energy.gov (indexed) [DOE]

2: Cisco Video Surveillance Manager Bugs Let Remote Users Obtain Potentially Sensitive Information V-202: Cisco Video Surveillance Manager Bugs Let Remote Users Obtain Potentially...

54

U-047: Siemens Automation License Manager Bugs Let Remote Users...  

Broader source: Energy.gov (indexed) [DOE]

7: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code U-047: Siemens Automation License Manager Bugs Let Remote Users Deny Service or...

55

V-212: Samba smbd CPU Processing Loop Lets Remote Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

2: Samba smbd CPU Processing Loop Lets Remote Users Deny 2: Samba smbd CPU Processing Loop Lets Remote Users Deny Service V-212: Samba smbd CPU Processing Loop Lets Remote Users Deny Service August 6, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Samba PLATFORM: Samba 3.0.x - 4.0.7 ABSTRACT: All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection REFERENCE LINKS: Secunia Advisory SA54436 Samba Security Release CVE-2013-4124 IMPACT ASSESSMENT: Medium DISCUSSION: A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated if guest connections are allowed. This

56

V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |  

Broader source: Energy.gov (indexed) [DOE]

V-057: eXtplorer "ext_find_user()" Authentication Bypass V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis December 28 2012 - 6:00am PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA51636 eXtplorer 2.1.3 Security Release IMPACT ASSESSMENT: Medium DISCUSSION: eXtplorer was notified of a problem within the authentication system of eXtplorer Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 that have been found to be vulnerable to an authentication bypass bug.

57

T-573: Windows Remote Desktop Client DLL Loading Error Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

3: Windows Remote Desktop Client DLL Loading Error Lets Remote 3: Windows Remote Desktop Client DLL Loading Error Lets Remote Users Execute Arbitrary Code T-573: Windows Remote Desktop Client DLL Loading Error Lets Remote Users Execute Arbitrary Code March 9, 2011 - 3:05pm Addthis PROBLEM: Vulnerability in Remote Desktop Client Could Allow Remote Code Execution. PLATFORM: Remote Desktop Connection Client Version(s): 5.2, 6.0, 6.1, 7.0 ABSTRACT: A vulnerability was reported in Windows Remote Desktop Client. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: Microsoft Security Bulletin MS11-017 SecurityTracker Alert ID:1025172 CVE-2011-0029 IMPACT ASSESSMENT: Moderate Discussion: A remote user can create a specially crafted DLL file on a remote share (e.g., WebDAV, SMB share). When the target user opens a valid Remote

58

U-240: Apple Remote Desktop Encryption Failure Lets Remote Users Obtain  

Broader source: Energy.gov (indexed) [DOE]

0: Apple Remote Desktop Encryption Failure Lets Remote Users 0: Apple Remote Desktop Encryption Failure Lets Remote Users Obtain Potentially Sensitive Information U-240: Apple Remote Desktop Encryption Failure Lets Remote Users Obtain Potentially Sensitive Information August 21, 2012 - 7:00am Addthis PROBLEM: Apple Remote Desktop Encryption Failure Lets Remote Users Obtain Potentially Sensitive Information PLATFORM: Apple Remote Desktop after 3.5.1 and prior to 3.6.1 ABSTRACT: A remote user can monitor potentially sensitive information. reference LINKS: Apple.com Apple Article: HT5433 SecurityTracker Alert ID: 1027420 CVE-2012-0681 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Apple Remote Desktop. When a user connects to a third-party VNC server with the 'Encrypt all network data' setting enabled, network data is not encrypted. A remote user monitoring the

59

U-036: Apple iOS Bugs Let Remote Users Execute Arbitrary Code | Department  

Broader source: Energy.gov (indexed) [DOE]

6: Apple iOS Bugs Let Remote Users Execute Arbitrary Code 6: Apple iOS Bugs Let Remote Users Execute Arbitrary Code U-036: Apple iOS Bugs Let Remote Users Execute Arbitrary Code November 15, 2011 - 8:00am Addthis PROBLEM: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Obtain Information and Let Local Users Bypass Authentication. PLATFORM: iOS 3.0 through 5.0 for iPhone 3GS iPhone 4 and iPhone 4S iOS 3.1 through 5.0 for iPod touch (3rd generation) and later iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2 ABSTRACT: A remote user can create content that, when loaded by the target user, will execute arbitrary code on or obtain potentially sensitive information from the target user's system. reference LINKS: Apple Security Article: HT5052 Apple Product Security SecurityTracker Alert ID: 1026311 IMPACT ASSESSMENT:

60

T-692: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated  

Broader source: Energy.gov (indexed) [DOE]

2: VMware vFabric tc Server Lets Remote Users Login Using 2: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords T-692: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords August 12, 2011 - 3:47pm Addthis PROBLEM: A vulnerability was reported in VMware vFabric tc Server. A remote user can login using an obfuscated version of their password. PLATFORM: Version(s): vFabric tc Server 2.0.0.RELEASE to 2.0.5.SR01, 2.1.0.RELEASE to 2.1.1.SR01 ABSTRACT: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords. reference LINKS: SecurityTracker Alert ID: 1025923 VMware VFabric Download CVE-2011-0527 IMPACT ASSESSMENT: Medium Discussion: If the system stores passwords used for JMX authentication in an obfuscated form, a remote user can use the password in obfuscated form (or in plain

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


61

V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |  

Broader source: Energy.gov (indexed) [DOE]

7: eXtplorer "ext_find_user()" Authentication Bypass 7: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA51636 eXtplorer 2.1.3 Security Release IMPACT ASSESSMENT: Medium DISCUSSION: eXtplorer was notified of a problem within the authentication system of eXtplorer Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 that have been found to be vulnerable to an authentication bypass bug. IMPACT: An error within the "ext_find_user()" function in users.php can be

62

U-024: IBM Lotus Sametime Configuration Servlet Lets Remote Users Obtain  

Broader source: Energy.gov (indexed) [DOE]

024: IBM Lotus Sametime Configuration Servlet Lets Remote Users 024: IBM Lotus Sametime Configuration Servlet Lets Remote Users Obtain Configuration Data U-024: IBM Lotus Sametime Configuration Servlet Lets Remote Users Obtain Configuration Data November 1, 2011 - 8:15am Addthis PROBLEM: IBM Lotus Sametime Configuration Servlet Lets Remote Users Obtain Configuration Data. PLATFORM: All Sametime Platforms : 7.0, 7.5, 7.5.1, 7.5.1.1, 7.5.1.2, 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.1.1, 8.5.2 ABSTRACT: A remote user can obtain configuration information. reference lINKS: IBM Sametime Security Bulletin SecurityTracker Alert ID: 1026255 CVE-2011-1370 IMPACT ASSESSMENT: Medium Discussion: The Sametime server contains a configuration servlet that is accessed by several Sametime server processes. By default, this servlet does not require authentication, which could potentially allow an unauthorized user

63

V-231: Cisco Identity Services Engine Discloses Authentication Credentials  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

1: Cisco Identity Services Engine Discloses Authentication 1: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users V-231: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users August 30, 2013 - 3:01am Addthis PROBLEM: A vulnerability was reported in Cisco Identity Services Engine. A remote user can obtain authentication credentials. PLATFORM: Cisco Identity Services Engine (ISE) 1.x ABSTRACT: A vulnerability was reported in Cisco Identity Services Engine REFERENCE LINKS: SecurityTracker Alert ID: 1028965 CVE-2013-3471 IMPACT ASSESSMENT: Meduim DISCUSSION: A vulnerability was reported in Cisco Identity Services Engine. A remote user can obtain authentication credentials.The system stores the username and password of an authenticated user within hidden HTML form fields. A

64

T-635: Cisco AnyConnect Secure Mobility Client Lets Remote Users...  

Broader source: Energy.gov (indexed) [DOE]

Client Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges T-635: Cisco AnyConnect Secure Mobility Client Lets Remote Users Execute Arbitrary Code...

65

U-161: Citrix Provisioning Services Unspecified Flaw Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

1: Citrix Provisioning Services Unspecified Flaw Lets Remote 1: Citrix Provisioning Services Unspecified Flaw Lets Remote Users Execute Arbitrary Code U-161: Citrix Provisioning Services Unspecified Flaw Lets Remote Users Execute Arbitrary Code May 3, 2012 - 7:00am Addthis PROBLEM: Citrix Provisioning Services Unspecified Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: 6.1 and prior ABSTRACT: A vulnerability was reported in Citrix Provisioning Services. A remote user can execute arbitrary code on the target system. reference LINKS: SecurityTracker Alert ID: 1027004 Secunia Advisory SA48971 Citrix advisory IMPACT ASSESSMENT: Medium Discussion: A remote user can send a specially crafted packet to trigger an unspecified flaw and execute arbitrary code on the target system. The code will run with the privileges of the target service.

66

V-015: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Local Users  

Broader source: Energy.gov (indexed) [DOE]

5: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, 5: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Local Users Bypass the Screen Lock, and Applications Obtain Kernel Address Information V-015: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Local Users Bypass the Screen Lock, and Applications Obtain Kernel Address Information November 2, 2012 - 6:00am Addthis PROBLEM: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Local Users Bypass the Screen Lock, and Applications Obtain Kernel Address Information PLATFORM: Apple iOS prior to 6.0.1 ABSTRACT: Three vulnerabilities were reported in Apple iOS. REFERENCE LINKS: Apple Article: HT5567 SecurityTracker Alert ID: 1027716 Bugtraq ID: 56363 CVE-2012-3748 CVE-2012-3749 CVE-2012-3750 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted HTML that, when loaded by the

67

SECURING UNFAMILAR SYSTEM ENTRY POINTS AGAINST FAULTY USER AUTHENTICATION VIA  

E-Print Network [OSTI]

of electromagnetic interference produced by these circuits. Furthermore, this paper outlines a novel approach to user the electromagnetic interference produced by the keyboard device, making it considerably harder to isolate

Thornton, Mitchell

68

T-727:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users...  

Office of Environmental Management (EM)

727:Microsoft Windows SSLTLS Protocol Flaw Lets Remote Users Decryption Sessions T-727:Microsoft Windows SSLTLS Protocol Flaw Lets Remote Users Decryption Sessions September 27,...

69

T-673: Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary...  

Broader source: Energy.gov (indexed) [DOE]

Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks T-673: Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct...

70

U-163: PHP Command Parameter Bug Lets Remote Users Obtain Potentially...  

Broader source: Energy.gov (indexed) [DOE]

63: PHP Command Parameter Bug Lets Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code U-163: PHP Command Parameter Bug Lets Remote Users Obtain...

71

U-075: Apache Struts Bug Lets Remote Users Overwrite Files and...  

Broader source: Energy.gov (indexed) [DOE]

Flaw Lets Remote Users Execute Arbitrary Commands V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code U-058: Apache Struts Conversion Error...

72

V-027: Adobe InDesign Server SOAP Interface Lets Remote Users...  

Broader source: Energy.gov (indexed) [DOE]

Code U-131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute Arbitrary Code U-166: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute...

73

U-268: Oracle Database Authentication Protocol Discloses Session Key  

Broader source: Energy.gov (indexed) [DOE]

8: Oracle Database Authentication Protocol Discloses Session 8: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users U-268: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users September 26, 2012 - 6:00am Addthis PROBLEM: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users PLATFORM: Oracle Database 11g Releases 1 and 2 ABSTRACT: A vulnerability was reported in Oracle Database. reference LINKS: Darkreading Threatpost Arstechnica Oracle Security Alerts SecurityTracker Alert ID: 1027558 CVE-2012-3137 IMPACT ASSESSMENT: Medium Discussion: The authentication protocol in Oracle Database 11g 1 and 2 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to

74

U-268: Oracle Database Authentication Protocol Discloses Session Key  

Broader source: Energy.gov (indexed) [DOE]

8: Oracle Database Authentication Protocol Discloses Session 8: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users U-268: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users September 26, 2012 - 6:00am Addthis PROBLEM: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users PLATFORM: Oracle Database 11g Releases 1 and 2 ABSTRACT: A vulnerability was reported in Oracle Database. reference LINKS: Darkreading Threatpost Arstechnica Oracle Security Alerts SecurityTracker Alert ID: 1027558 CVE-2012-3137 IMPACT ASSESSMENT: Medium Discussion: The authentication protocol in Oracle Database 11g 1 and 2 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to

75

A Primary User Authentication System for Mobile Cognitive Radio Networks  

E-Print Network [OSTI]

portion of the licensed spectrum to establish network commu- nications. Essential to the co Cognitive radio technology is expected to increase the spectrum utilization by allowing opportunistic use of the idle portion of the licensed spectrum by Secondary (unlincensed) Users (SUs) [1], [9], [15], [17

Lazos, Loukas

76

U-264: Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users  

Broader source: Energy.gov (indexed) [DOE]

4: Apple OS X Lets Remote Users Execute Arbitrary Code and 4: Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges U-264: Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges September 20, 2012 - 6:00am Addthis U-264: Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges September 20, 2012 - 6:00am PROBLEM: Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges PLATFORM: Apple OS X ABSTRACT: Several vulnerabilities were reported in Apple OS X. reference LINKS: Apple Security Article: HT5501 SecurityTracker Alert ID: 1027551 CVE-2012-0650 CVE-2012-3716 CVE-2012-3718 CVE-2012-3719 CVE-2012-3720 CVE-2012-3721 CVE-2012-3722 CVE-2012-3723 IMPACT ASSESSMENT: Medium Discussion: If the DirectoryService Proxy is used, a remote user can trigger a buffer

77

U-264: Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users  

Broader source: Energy.gov (indexed) [DOE]

4: Apple OS X Lets Remote Users Execute Arbitrary Code and 4: Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges U-264: Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges September 20, 2012 - 6:00am Addthis U-264: Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges September 20, 2012 - 6:00am PROBLEM: Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges PLATFORM: Apple OS X ABSTRACT: Several vulnerabilities were reported in Apple OS X. reference LINKS: Apple Security Article: HT5501 SecurityTracker Alert ID: 1027551 CVE-2012-0650 CVE-2012-3716 CVE-2012-3718 CVE-2012-3719 CVE-2012-3720 CVE-2012-3721 CVE-2012-3722 CVE-2012-3723 IMPACT ASSESSMENT: Medium Discussion: If the DirectoryService Proxy is used, a remote user can trigger a buffer

78

Enhancing security of electronic health records through grid-based user authentication scheme  

Science Journals Connector (OSTI)

Medical research and electronic health record (EHR) maintenance involves large databases that are geographically distributed which calls naturally for a grid computing environment. Huge data in medical image analysis, storage and genome processing demand large medical data storage and computing power. Data sharing, software specialisation and data processing which occur in a heterogeneous way tend to make use of the grid computing environment for the medical field. The security solution for authentication in the existing grid environment is non-scalable. This major drawback can hinder the growth of the user community in the medical field. A simple user authentication scheme is proposed, which enhances the security of the overall system but takes less time for execution and lesser communication cost.

G. Jaspher Willsie Kathrine; E. Kirubakaran; Elijah Blessing Rajsingh

2014-01-01T23:59:59.000Z

79

U-223: Bugzilla May Disclose Confidential Information to Remote Users |  

Broader source: Energy.gov (indexed) [DOE]

3: Bugzilla May Disclose Confidential Information to Remote 3: Bugzilla May Disclose Confidential Information to Remote Users U-223: Bugzilla May Disclose Confidential Information to Remote Users July 30, 2012 - 7:00am Addthis PROBLEM: Bugzilla May Disclose Confidential Information to Remote Users PLATFORM: Version(s): 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to 4.2.1, 4.3.1 ABSTRACT: Two vulnerabilities were reported in Bugzilla. reference LINKS: The Vendor's Advisory Security Advisories CVE-2012-1969 CVE-2012-1968 SecurityTracker Alert ID: 1027320 Bug 777586 IMPACT ASSESSMENT: High Discussion: Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: In HTML bugmails, an improper validation of the permissions of the addressee can lead to confidential information about bugs and attachments

80

T-541: Citrix Provisioning Services Unspecified Flaw Let's Remote Users  

Broader source: Energy.gov (indexed) [DOE]

41: Citrix Provisioning Services Unspecified Flaw Let's Remote 41: Citrix Provisioning Services Unspecified Flaw Let's Remote Users Execute Arbitrary Code T-541: Citrix Provisioning Services Unspecified Flaw Let's Remote Users Execute Arbitrary Code January 24, 2011 - 5:34pm Addthis PROBLEM: Citrix Provisioning Services Unspecified Flaw Let's Remote Users Execute Arbitrary Code PLATFORM: * Provisioning Services 5.1 * Provisioning Services 5.6 ABSTRACT: A vulnerability has been identified in Citrix Provisioning Services that could result in arbitrary code execution. This vulnerability can be triggered by an attacker sending a specially crafted packet to the Provisioning Services server. This vulnerability is present in all supported versions of Citrix Provisioning Services up to and including version 5.6. reference LINKS:

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


81

U-223: Bugzilla May Disclose Confidential Information to Remote Users |  

Broader source: Energy.gov (indexed) [DOE]

3: Bugzilla May Disclose Confidential Information to Remote 3: Bugzilla May Disclose Confidential Information to Remote Users U-223: Bugzilla May Disclose Confidential Information to Remote Users July 30, 2012 - 7:00am Addthis PROBLEM: Bugzilla May Disclose Confidential Information to Remote Users PLATFORM: Version(s): 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to 4.2.1, 4.3.1 ABSTRACT: Two vulnerabilities were reported in Bugzilla. reference LINKS: The Vendor's Advisory Security Advisories CVE-2012-1969 CVE-2012-1968 SecurityTracker Alert ID: 1027320 Bug 777586 IMPACT ASSESSMENT: High Discussion: Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: In HTML bugmails, an improper validation of the permissions of the addressee can lead to confidential information about bugs and attachments

82

U-004:Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov [DOE]

A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

83

U-267: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA®  

Broader source: Energy.gov (indexed) [DOE]

7: RSA® Authentication Agent 7.1 for Microsoft Windows® and 7: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability U-267: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability September 25, 2012 - 6:00am Addthis PROBLEM: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability PLATFORM: Product: RSA Authentication Agent for Microsoft Windows version 7.1 Platforms: Windows XP and Windows 2003 Product: RSA Authentication Client 3.5 Platforms: Windows XP and Windows 2003 ABSTRACT: RSA Authentication Agent Lets Remote Authenticated Users Bypass an Authentication Step reference LINKS: SecurityTracker Alert ID: 1027559 Bugtraq ID: 55662

84

U-051: Skype Discloses IP Addresses to Remote Users | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

51: Skype Discloses IP Addresses to Remote Users 51: Skype Discloses IP Addresses to Remote Users U-051: Skype Discloses IP Addresses to Remote Users December 5, 2011 - 7:00am Addthis PROBLEM: A remote user can determine the IP address of a Skype user. PLATFORM: Skype application ABSTRACT: Skype Discloses IP Addresses to Remote Users reference LINKS: SecurityTracker Alert ID: 1026370 Forbes: Skype Flaw IMPACT ASSESSMENT: High Discussion: A remote user can initiate a Skype call to a target user to determine the target user's IP address and then terminate the call before the target user's Skype application has indicated an incoming call. The remote user does not need to be on the target user's contact list. Armed with an IP address, hackers can uncover specific information about victims, including who they chat with, what they download while online, and

85

U-041: Google Chrome Out-of-Bounds Write Error Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

1: Google Chrome Out-of-Bounds Write Error Lets Remote Users 1: Google Chrome Out-of-Bounds Write Error Lets Remote Users Execute Arbitrary Code U-041: Google Chrome Out-of-Bounds Write Error Lets Remote Users Execute Arbitrary Code November 18, 2011 - 9:00am Addthis PROBLEM: Google Chrome Out-of-Bounds Write Error Lets Remote Users Execute Arbitrary Code. PLATFORM: Version(s) prior to 15.0.874.121 ABSTRACT: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Stable Channel Update CVE-2011-3900 SecurityTracker Alert ID: 1026338 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user,

86

T-673: Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code,  

Broader source: Energy.gov (indexed) [DOE]

3: Apple Safari Multiple Flaws Let Remote Users Execute 3: Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks T-673: Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks July 21, 2011 - 1:27am Addthis PROBLEM: Multiple vulnerabilities were reported in Apple Safari. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks. A remote user can obtain potentially sensitive information. A remote user can bypass a certificate validation control. PLATFORM: Safari 5.1 and Safari 5.0.6 Products Affected: Safari 5 (Mac OS X 10.6), Safari 5 (Mac OS X 10.5), Product Security, Safari 5.1 (OS X Lion) ABSTRACT: Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code,

87

U-258: Adobe Flash Player Flaw Lets Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

8: Adobe Flash Player Flaw Lets Remote Users Execute Arbitrary 8: Adobe Flash Player Flaw Lets Remote Users Execute Arbitrary Code U-258: Adobe Flash Player Flaw Lets Remote Users Execute Arbitrary Code September 12, 2012 - 1:07pm Addthis PROBLEM: Adobe Flash Player Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: 11.3.300.270 and prior (Windows, OS X); 11.2.202.236 and prior (Linux); 11.3.300.270 and prior (Chrome) ABSTRACT: A remote user can cause arbitrary code to be executed on the target user's system. Reference LINKS: CVE-2012-1535 AdobeSecurity/bulletins SecurityTracker IMPACT ASSESSMENT: High Discussion: Vulnerability was reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted file that, when loaded by the target user,

88

U-080: Linux Kernel XFS Heap Overflow May Let Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

80: Linux Kernel XFS Heap Overflow May Let Remote Users Execute 80: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code U-080: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code January 12, 2012 - 9:00am Addthis PROBLEM: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code PLATFORM: Linux ABSTRACT: A vulnerability was reported in the Linux Kernel. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: Linux Kernel Update SecurityTracker Alert ID: 1026512 CVE-2012-0038 Red Hat Bugzilla Bug 773280 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a filesystem that, when mounted by the target user, will execute arbitrary code on the target user's system. Impact: A remote user can create a specially crafted filesystem that, when mounted

89

U-076: OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and  

Broader source: Energy.gov (indexed) [DOE]

76: OpenSSL Bugs Let Remote Users Deny Service, Obtain 76: OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code U-076: OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code January 6, 2012 - 8:15am Addthis PROBLEM: OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code PLATFORM: OpenSSL prior to 0.9.8s; 1.x prior to 1.0.0f ABSTRACT: A remote user may be able to execute arbitrary code on the target system. reference LINKS: SecurityTracker Alert ID: 1026485 OpenSSL Security Advisory IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in OpenSSL. A remote user can cause denial of service conditions. A remote user can obtain sensitive information. A remote user may be able to execute arbitrary code on the

90

U-075: Apache Struts Bug Lets Remote Users Overwrite Files and Execute  

Broader source: Energy.gov (indexed) [DOE]

075: Apache Struts Bug Lets Remote Users Overwrite Files and 075: Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code U-075: Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code January 5, 2012 - 8:15am Addthis PROBLEM: Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code PLATFORM: Version(s): 2.1.0 - 2.3.1 ABSTRACT: A remote user can execute arbitrary Java code on the target system. reference LINKS: SecurityTracker Alert ID: 1026484 Secunia Advisory SA47393 Bugtraq ID: 51257 Apache Struts 2 Documentation S2-008 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Apache Struts. A remote user can execute arbitrary Java code on the target system. A remote user can overwrite arbitrary files on the target system. A remote user can send specially

91

T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

36: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls...

92

T-579: BlackBerry Device Software Bug in WebKit Lets Remote Users...  

Broader source: Energy.gov (indexed) [DOE]

79: BlackBerry Device Software Bug in WebKit Lets Remote Users Execute Code T-579: BlackBerry Device Software Bug in WebKit Lets Remote Users Execute Code March 15, 2011 - 5:05pm...

93

T-648: Avaya IP Office Manager TFTP Server Lets Remote Users...  

Broader source: Energy.gov (indexed) [DOE]

48: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the Directory T-648: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the Directory June 16, 2011 -...

94

T-568: Mozilla Firefox Bugs Let Remote Users Conduct Cross-Site...  

Broader source: Energy.gov (indexed) [DOE]

Let Remote Users Conduct Cross-Site Request Forgery Attacks and Execute Arbitrary Code T-568: Mozilla Firefox Bugs Let Remote Users Conduct Cross-Site Request Forgery Attacks...

95

T-692: VMware vFabric tc Server Lets Remote Users Login Using...  

Broader source: Energy.gov (indexed) [DOE]

2: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords T-692: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords August 12, 2011 -...

96

U-201: HP System Management Homepage Bugs Let Remote Users Deny...  

Broader source: Energy.gov (indexed) [DOE]

01: HP System Management Homepage Bugs Let Remote Users Deny Service U-201: HP System Management Homepage Bugs Let Remote Users Deny Service June 28, 2012 - 7:00am Addthis PROBLEM:...

97

V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute...  

Broader source: Energy.gov (indexed) [DOE]

2: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code April 25, 2013 - 12:14am...

98

U-048: HP LaserJet Printers Unspecified Flaw Lets Remote Users...  

Broader source: Energy.gov (indexed) [DOE]

AutoStart Buffer Overflows Let Remote Users Execute Arbitrary Code U-047: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code U-052:...

99

V-104: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code...  

Broader source: Energy.gov (indexed) [DOE]

Code V-104: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code March 5, 2013 - 12:53am Addthis PROBLEM: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code...

100

U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof...  

Broader source: Energy.gov (indexed) [DOE]

39: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses August 20,...

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


101

V-015: Apple iOS Bugs Let Remote Users Execute Arbitrary Code...  

Broader source: Energy.gov (indexed) [DOE]

5: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Local Users Bypass the Screen Lock, and Applications Obtain Kernel Address Information V-015: Apple iOS Bugs Let Remote...

102

T-684: Apple QuickTime Buffer Overflows Let Remote Users Execute...  

Broader source: Energy.gov (indexed) [DOE]

84: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary Code T-684: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary Code August 4, 2011 - 3:33pm...

103

U-184: Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

U-184: Mozilla Firefox Multiple Bugs Let Remote Users Execute U-184: Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code U-184: Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code June 6, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities were reported in Mozilla Firefox. PLATFORM: Version(s): prior to 13.0 ABSTRACT: A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks. A remote user can obtain potentially sensitive information. Reference Links: Security Tracker ID 1027120 CVE-2012-0441,CVE-2012-1937 Vendor URL IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2012-1937 , CVE-2012-1938, CVE-2012-1939 ].

104

V-184: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking  

Broader source: Energy.gov (indexed) [DOE]

4: Google Chrome Flash Plug-in Lets Remote Users Conduct 4: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks V-184: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks June 24, 2013 - 12:56am Addthis PROBLEM: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks PLATFORM: Google Chrome prior to 27.0.1453.116 ABSTRACT: A vulnerability was reported in Google Chrome. REFERENCE LINKS: Stable Channel Update SecurityTracker Alert ID: 1028694 CVE-2013-2866 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create specially crafted Flash content that, when loaded by the target user, will display the Flash settings in a transparent manner, which may allow the remote user to cause the target user to modify their Flash settings. This may allow the remote user to obtain potentially

105

U-118: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and  

Broader source: Energy.gov (indexed) [DOE]

18: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary 18: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information U-118: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information March 6, 2012 - 7:00am Addthis PROBLEM: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information PLATFORM: Adobe Flash Player 10.x, Adobe Flash Player 11.x ABSTRACT: Two vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain potentially information. reference LINKS: Secunia Advisory SA48281 CVE-2012-0769 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will trigger a memory corruption error in Matrix3D and execute

106

U-153: EMC Data Protection Advisor Server and Collector Bugs Let Remote Users Deny Service  

Broader source: Energy.gov [DOE]

Two vulnerabilities were reported in EMC Data Protection Advisor. A remote user can cause denial of service conditions.

107

V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

3: Apple Safari Bugs Let Remote Users Execute Arbitrary Code 3: Apple Safari Bugs Let Remote Users Execute Arbitrary Code V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code March 18, 2013 - 1:53am Addthis PROBLEM: Apple Safari Bugs Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 6.0.3 ABSTRACT: Two vulnerabilities were reported in Apple Safari. REFERENCE LINKS: Apple security update, Article: HT1222 SecurityTracker Alert ID: 1028292 CVE-2013-0960 CVE-2013-0961 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. IMPACT: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

108

V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

3: Apple Safari Bugs Let Remote Users Execute Arbitrary Code 3: Apple Safari Bugs Let Remote Users Execute Arbitrary Code V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code March 18, 2013 - 1:53am Addthis PROBLEM: Apple Safari Bugs Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 6.0.3 ABSTRACT: Two vulnerabilities were reported in Apple Safari. REFERENCE LINKS: Apple security update, Article: HT1222 SecurityTracker Alert ID: 1028292 CVE-2013-0960 CVE-2013-0961 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. IMPACT: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

109

U-168: EMC Documentum Information Rights Management Server Bugs Let Remote  

Broader source: Energy.gov (indexed) [DOE]

168: EMC Documentum Information Rights Management Server Bugs Let 168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service U-168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service May 14, 2012 - 7:00am Addthis PROBLEM: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service PLATFORM: Information Rights Management Server 4.x, 5.x ABSTRACT: Two vulnerabilities were reported in EMC Documentum Information Rights Management Server. A remote authenticated user can cause denial of service conditions. Reference links: SecurityTracker Alert ID: 1027058 CVE-2012-2276 CVE-2012-2277 IMPACT ASSESSMENT: High Discussion: A remote authenticated user can send specially crafted data to trigger a NULL pointer dereference and cause the target service to crash. A remote

110

U-055: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

5: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary 5: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code U-055: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code December 8, 2011 - 8:30am Addthis PROBLEM: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code . PLATFORM: Adobe Flash Player 11.1.102.55 on Windows and Mac OS X and prior versions ABSTRACT: Two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead were reported in Adobe Flash Player. reference LINKS: Secunia Advisory: SA47161 SecurityTracker Alert ID: 1026392 CVE-2011-4693 CVE-2011-4694 IMPACT ASSESSMENT: High Discussion: A remote or local user can obtain potentially sensitive information. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted SWF file that, when

111

U-213: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

U-213: Google Chrome Multiple Flaws Let Remote Users Execute U-213: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-213: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code July 16, 2012 - 7:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 20.0.1132.57 ABSTRACT: Several vulnerabilities were reported in Google Chrome. reference LINKS: Stable Channel Update SecurityTracker Alert ID: 1027249 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

112

U-133: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

33: Google Chrome Multiple Flaws Let Remote Users Execute 33: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-133: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code March 26, 2012 - 3:35am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Google Chrome prior to 17.0.963.83 ABSTRACT: Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: SecurityTracker Alert ID: 1026841 CVE-2011-3049 Secunia Advisory SA48512 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. A use-after-free may occur

113

U-143: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

3: Google Chrome Multiple Flaws Let Remote Users Execute 3: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-143: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code April 9, 2012 - 7:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 18.0.1025.151 ABSTRACT: Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: SecurityTracker Alert ID: 1026892 CVE-2011-3066 Secunia Advisory SA48732 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. An out-of-bounds memory

114

T-683:Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

83:Google Chrome Multiple Flaws Let Remote Users Execute 83:Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code T-683:Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code August 3, 2011 - 3:45pm Addthis PROBLEM: Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Google Chrome prior to 13.0.782.107 ABSTRACT: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code. reference LINKS: Google Chrome advisory Update Chromium Security SecurityTracker Alert ID: 1025882 CVE-2011-2819 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

115

U-136: Adobe Flash Player Lets Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

136: Adobe Flash Player Lets Remote Users Execute Arbitrary Code 136: Adobe Flash Player Lets Remote Users Execute Arbitrary Code U-136: Adobe Flash Player Lets Remote Users Execute Arbitrary Code March 29, 2012 - 7:00am Addthis PROBLEM: Adobe Flash Player Lets Remote Users Execute Arbitrary Code PLATFORM: 11.1.102.63 and prior versions ABSTRACT: Two vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system. rEFERENCE LINKS: SecurityTracker Alert ID: 1026859 CVE-2012-0772 Security update available for Adobe Flash Player IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted Flash content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. A memory corruption

116

U-213: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

3: Google Chrome Multiple Flaws Let Remote Users Execute 3: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-213: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code July 16, 2012 - 7:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 20.0.1132.57 ABSTRACT: Several vulnerabilities were reported in Google Chrome. reference LINKS: Stable Channel Update SecurityTracker Alert ID: 1027249 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

117

U-170: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

70: Apple QuickTime Multiple Flaws Let Remote Users Execute 70: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code U-170: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code May 16, 2012 - 7:00am Addthis PROBLEM: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: prior to 7.7.2 ABSTRACT: Multiple vulnerabilities were reported in Apple QuickTime. A remote user can cause arbitrary code to be executed on the target user's system. Reference LINKS: SecurityTracker Alert ID: 1027065 CVE-2012-0265 CVE-2012-0663 CVE-2012-0664 CVE-2012-0665 CVE-2012-0666 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. Only Windows-based systems

118

T-652: Mozilla Thunderbird Bugs Let Remote Users Obtain Cookies and Execute  

Broader source: Energy.gov (indexed) [DOE]

2: Mozilla Thunderbird Bugs Let Remote Users Obtain Cookies and 2: Mozilla Thunderbird Bugs Let Remote Users Obtain Cookies and Execute Arbitrary Code T-652: Mozilla Thunderbird Bugs Let Remote Users Obtain Cookies and Execute Arbitrary Code June 22, 2011 - 2:55pm Addthis PROBLEM: Multiple vulnerabilities were reported in Mozilla Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain cookies from another domain in certain cases. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2011-2364, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376]. The code will run with the privileges of the target user. PLATFORM: Mozilla Thunderbird prior to 3.1.11

119

U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service  

Broader source: Energy.gov (indexed) [DOE]

07: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny 07: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service February 21, 2012 - 6:00am Addthis PROBLEM: A vulnerability was reported in Cisco NX-OS. A remote user can cause denial of service conditions. PLATFORM: Nexus 1000v, 5000, and 7000 Series Switches ABSTRACT: A remote user can send a specially crafted IP packet to cause the target device to reload. reference LINKS: Cisco Advisory SecurityTracker Alert ID:1026692 CVE-2012-0352 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Cisco NX-OS. A remote user can cause denial of service conditions. A remote user can send a specially crafted IP packet to cause the target device to reload. The vulnerability occurs when the device attepts to obtain Layer 4 (e.g.,

120

U-048: HP LaserJet Printers Unspecified Flaw Lets Remote Users Update  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

8: HP LaserJet Printers Unspecified Flaw Lets Remote Users 8: HP LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code U-048: HP LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code November 30, 2011 - 8:15am Addthis PROBLEM: HP LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code . PLATFORM: HP LaserJet Printers manufactured prior to 2009 ABSTRACT A remote user can upgrade the printer's firmware with arbitrary code. reference LINKS: SecurityTracker Alert ID:1026357 HP Security for Imaging and Printing HP Clarifies on Printer Security IMPACT ASSESSMENT: Low Discussion: A vulnerability was reported in some HP LaserJet Printers. A remote user can update the firmware with arbitrary code. A remote user can send a specially crafted print job or specially crafted data to the

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


121

U-163: PHP Command Parameter Bug Lets Remote Users Obtain Potentially  

Broader source: Energy.gov (indexed) [DOE]

3: PHP Command Parameter Bug Lets Remote Users Obtain 3: PHP Command Parameter Bug Lets Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code U-163: PHP Command Parameter Bug Lets Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code May 7, 2012 - 7:00am Addthis PROBLEM: PHP Command Parameter Bug Lets Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code PLATFORM: Prior to 5.3.12 and 5.4.2 ABSTRACT: A vulnerability was reported in PHP. A remote user can obtain potentially sensitive information. A remote user can execute arbitrary code on the target system. reference LINKS: SecurityTracker Alert ID: 1027022 CVE-2012-1823 CVE-2012-2311 IMPACT ASSESSMENT: High Discussion: A remote user can submit a specially crafted request containing a command

122

T-708:Pidgin Bugs Let Remote Users Deny Service and Potentially Execute  

Broader source: Energy.gov (indexed) [DOE]

T-708:Pidgin Bugs Let Remote Users Deny Service and Potentially T-708:Pidgin Bugs Let Remote Users Deny Service and Potentially Execute Arbitrary Code T-708:Pidgin Bugs Let Remote Users Deny Service and Potentially Execute Arbitrary Code September 1, 2011 - 12:00pm Addthis PROBLEM: gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message. PLATFORM: Pidgin before 2.10.0 on Windows ABSTRACT: Pidgin bugs let remote users deny service and potentially execute arbitrary code. reference LINKS: CVE-2011-3185 CVE-2011-2943 CVE-2011-3184 SecurityTracker Alert ID: 1025961 Pidgin Security Advisories IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in Pidgin. A remote user can cause denial of service conditions. A remote user can cause arbitrary code to be

123

U-047: Siemens Automation License Manager Bugs Let Remote Users Deny  

Broader source: Energy.gov (indexed) [DOE]

7: Siemens Automation License Manager Bugs Let Remote Users 7: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code U-047: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code November 29, 2011 - 9:00am Addthis PROBLEM: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code. PLATFORM: Siemens Automation License Manager 500.0.122.1 ABSTRACT: Several vulnerabilities were reported in Siemens Automation License Manager. reference LINKS: SecurityTracker Alert ID: 1026354 Bugtraq Siemens Advisory Services IMPACT ASSESSMENT: Medium Discussion: A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. A remote user can send specially crafted *_licensekey commands to trigger a

124

V-006: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and  

Broader source: Energy.gov (indexed) [DOE]

6: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary 6: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service V-006: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service October 19, 2012 - 6:00am Addthis PROBLEM: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service PLATFORM: CA ARCserve Backup for Windows r12.5, r15, r16 ABSTRACT: Two vulnerabilities were reported in CA ARCserve Backup. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. REFERENCE LINKS: SecurityTracker Alert ID: 1027683 CA Technologies Support CVE-2012-2971 CVE-2012-2972 IMPACT ASSESSMENT: High DISCUSSION: A remote user can send specially crafted RPC requests to execute arbitrary code on the target system [CVE-2012-2971]. The code will run with the

125

V-225: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny  

Broader source: Energy.gov (indexed) [DOE]

5: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users 5: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny Service V-225: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny Service August 23, 2013 - 1:26am Addthis PROBLEM: A vulnerability was reported in McAfee Email Gateway. A remote user can cause denial of service conditions. PLATFORM: McAfee Email Gateway (MEG) 7.5 ABSTRACT: A remote user can cause the SMTP proxy to stop responding. REFERENCE LINKS: SecurityTracker Alert ID: 1028941 GENERIC-MAP-NOMATCH IMPACT ASSESSMENT: High DISCUSSION: A vulnerability was reported in McAfee Email Gateway. A remote user can cause denial of service conditions.A remote user can send a specially crafted e-mail to cause the ws_inv-smtp process to enter an infinite loop and cause the target SMTP proxy to stop responding.

126

U-072:Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service  

Broader source: Energy.gov (indexed) [DOE]

72:Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny 72:Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service U-072:Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service December 30, 2011 - 9:15am Addthis PROBLEM: Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service PLATFORM: apache Tomcat 5.5.34, 6.0.34, 7.0.22; and prior versions aBSTRACT: A remote user can cause performance to degrade on the target server. reference LINKS: Apache Tomcat Security Alert SecurityTracker Alert ID: 1026477 nruns Advisory SA-2011.004 Secunia Advisory SA47411 CVE-2011-4084 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Apache Tomcat. A remote user can cause denial of service conditions. A remote user can send specially crafted POST request values to trigger hash collisions and cause significant performance

127

V-006: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and  

Broader source: Energy.gov (indexed) [DOE]

6: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary 6: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service V-006: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service October 19, 2012 - 6:00am Addthis PROBLEM: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service PLATFORM: CA ARCserve Backup for Windows r12.5, r15, r16 ABSTRACT: Two vulnerabilities were reported in CA ARCserve Backup. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. REFERENCE LINKS: SecurityTracker Alert ID: 1027683 CA Technologies Support CVE-2012-2971 CVE-2012-2972 IMPACT ASSESSMENT: High DISCUSSION: A remote user can send specially crafted RPC requests to execute arbitrary code on the target system [CVE-2012-2971]. The code will run with the

128

U-071:HP Database Archiving Software Bugs Let Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

1:HP Database Archiving Software Bugs Let Remote Users Execute 1:HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code U-071:HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code December 29, 2011 - 8:15am Addthis PROBLEM: HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code PLATFORM: HP Database Archiving Software v6.31 ABSTRACT: A remote user can execute arbitrary code on the target system. reference LINKS: HP Database Document ID: c03128302 SecurityTracker Alert ID: 1026467 CVE-2011-4163 CVE-2011-4164 CVE-2011-4165 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in HP Database Archiving Software. A remote user can execute arbitrary code on the target system. Impact: A remote user can execute arbitrary code on the target system. Solution:

129

U-005: Apache mod_proxy Pattern Matching Bug Lets Remote Users Access  

Broader source: Energy.gov (indexed) [DOE]

5: Apache mod_proxy Pattern Matching Bug Lets Remote Users 5: Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers U-005: Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers October 6, 2011 - 9:30am Addthis PROBLEM: Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers. PLATFORM: Apache HTTP Server 1.3.x, 2.2.21 and prior versions ABSTRACT: A remote user can access internal servers. reference LINKS: The Apache HTTP Server Project SecurityTracker Alert ID: 1026144 CVE-2011-3368 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Apache mod_proxy. A remote user can access internal servers. When this system is configured in reverse proxy mode and uses the RewriteRule or ProxyPassMatch directives with a pattern match, a remote user can send a specially crafted request to access internal

130

U-071:HP Database Archiving Software Bugs Let Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

1:HP Database Archiving Software Bugs Let Remote Users Execute 1:HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code U-071:HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code December 29, 2011 - 8:15am Addthis PROBLEM: HP Database Archiving Software Bugs Let Remote Users Execute Arbitrary Code PLATFORM: HP Database Archiving Software v6.31 ABSTRACT: A remote user can execute arbitrary code on the target system. reference LINKS: HP Database Document ID: c03128302 SecurityTracker Alert ID: 1026467 CVE-2011-4163 CVE-2011-4164 CVE-2011-4165 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in HP Database Archiving Software. A remote user can execute arbitrary code on the target system. Impact: A remote user can execute arbitrary code on the target system. Solution:

131

U-131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users 131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute Arbitrary Code U-131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute Arbitrary Code March 22, 2012 - 3:47am Addthis PROBLEM: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users Execute Arbitrary Code PLATFORM: Adobe Photoshop CS5 12.x ABSTRACT: Successful exploitation may allow execution of arbitrary code reference LINKS: SecurityTracker Alert ID: 1026831 Secunia Advisory: SA48457 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Adobe Photoshop. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted TIFF file that, when loaded by the target user, will trigger a heap overflow and execute arbitrary code on the target

132

V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

2: Oracle Java Reflection API Flaw Lets Remote Users Execute 2: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code April 25, 2013 - 12:14am Addthis PROBLEM: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Version(s): 7 Update 21; possibly other versions (1.7.0_21-b11) Java Server JRE is also affected. ABSTRACT: A vulnerability was reported in Oracle Java. REFERENCE LINKS: SecurityTracker Alert ID: 1028466 Oracle IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create a specially crafted Java application that, when loaded and approved by the target user, will trigger a flaw in the Reflection API to bypass the security sandbox. IMPACT: A remote user can create a Java file that, when loaded by the target user,

133

T-691: Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

1: Adobe Flash Player Multiple Flaws Let Remote Users Execute 1: Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary Code T-691: Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary Code August 11, 2011 - 3:00pm Addthis PROBLEM: Multiple vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Version(s): 10.3.181.36 and prior; 10.3.185.25 and prior for Android. ABSTRACT: Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary Code. reference LINKS: Security Bulletin: APSB11-21 SecurityTracker Alert ID: 1025907 CVE-2011-2425 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted Flash content that, when loaded by the target user, will execute arbitrary code on the target system. The

134

U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

60: Google Chrome Multiple Flaws Let Remote Users Execute 60: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code May 2, 2012 - 7:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Prior to 18.0.1025.168 ABSTRACT: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system reference LINKS: SecurityTracker Alert ID: 1027001 CVE-2011-3078 CVE-2011-3079 CVE-2011-3080 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will trigger a use-after-free, validation error, or race condition and execute arbitrary code on the target system. The code will

135

V-109: Google Chrome WebKit Type Confusion Error Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

09: Google Chrome WebKit Type Confusion Error Lets Remote Users 09: Google Chrome WebKit Type Confusion Error Lets Remote Users Execute Arbitrary Code V-109: Google Chrome WebKit Type Confusion Error Lets Remote Users Execute Arbitrary Code March 12, 2013 - 12:11am Addthis PROBLEM: Google Chrome WebKit Type Confusion Error Lets Remote Users Execute Arbitrary Code PLATFORM: Google Chrome prior to 25.0.1364.160 ABSTRACT: A vulnerability was reported in Google Chrome. REFERENCE LINKS: Stable Channel Update SecurityTracker Alert ID: 1028266 CVE-2013-0912 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a type confusion error in WebKit and execute arbitrary code on the target system. The code will run with the privileges

136

U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

0: Google Chrome Multiple Flaws Let Remote Users Execute 0: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code May 2, 2012 - 7:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Prior to 18.0.1025.168 ABSTRACT: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system reference LINKS: SecurityTracker Alert ID: 1027001 CVE-2011-3078 CVE-2011-3079 CVE-2011-3080 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will trigger a use-after-free, validation error, or race condition and execute arbitrary code on the target system. The code will

137

U-077: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

7: Google Chrome Multiple Flaws Let Remote Users Execute 7: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-077: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code January 9, 2012 - 9:15am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 16.0.912.75 ABSTRACT: A remote user may be able to execute arbitrary code on the target system. reference LINKS: Google Chrome Releases Chromium Security SecurityTracker Alert ID:1026487 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. Specially crafted animation frames can trigger a use-after-free memory

138

U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain  

Broader source: Energy.gov (indexed) [DOE]

0:HP Onboard Administrator Unspecified Flaw Lets Remote Users 0:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access October 13, 2011 - 8:15am Addthis PROBLEM: HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access PLATFORM: Onboard Administrator (OA) 3.21 through 3.31 ABSTRACT: A remote user can gain access to the target system reference LINKS: HP Support document ID: c03048779 SecurityTracker Alert ID: 1026158 CVE-2011-3155 IMPACT ASSESSMENT: Medium Discussion: A potential security vulnerability has been identified with HP Onboard Administrator (OA). The vulnerability could be exploited remotely to gain unauthorized access. Impact: A remote user can gain access to the target system. Solution: Onboard Administrator (OA) v3.32 is available.

139

V-035: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

5: Google Chrome Multiple Flaws Let Remote Users Execute 5: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code V-035: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code November 28, 2012 - 1:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 23.0.1271.91 ABSTRACT: Several vulnerabilities were reported in Google Chrome. REFERENCE LINKS: Release updates from the Chrome team SecurityTracker Alert ID: 1027815 Secunia Advisory SA51437 CVE-2012-5130 CVE-2012-5131 CVE-2012-5132 CVE-2012-5133 CVE-2012-5134 CVE-2012-5135 CVE-2012-5136 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted content that, when loaded by the

140

U-079: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

79: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute 79: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code U-079: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code January 11, 2012 - 8:00am Addthis PROBLEM: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code. PLATFORM: Adobe Acrobat/Reader Version(s): 9.x prior to 9.5, 10.x prior to 10.1.2 ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: SecurityTracker Alert ID: 1026496 Adobe Security Bulletin APSB12-01 CVE-2011-2462, CVE-2011-4369, CVE-2011-4370, CVE-2011-4371, CVE-2011-4372, CVE-2011-4373. IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in Adobe Acrobat/Reader. A remote

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


141

U-166: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users  

Broader source: Energy.gov (indexed) [DOE]

6: Adobe Shockwave Player Memory Corruption Flaws Let Remote 6: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code U-166: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code May 10, 2012 - 7:00am Addthis PROBLEM: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code PLATFORM: 11.6.4.634 and prior ABSTRACT: Multiple vulnerabilities were reported in Adobe Shockwave Player. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: SecurityTracker Alert ID: 1027037 CVE-2012-2029 CVE-2012-2030 CVE-2012-2031 CVE-2012-2032 CVE-2012-2033 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted Shockwave content that, when loaded by the target user, will trigger a memory corruption error and

142

U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source  

Broader source: Energy.gov (indexed) [DOE]

39: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS 39: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses August 20, 2012 - 7:00am Addthis PROBLEM: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses PLATFORM: Version(s): 6 beta 4 and prior versions ABSTRACT: A remote user can spoof SMS source addresses. Reference LINKS: SecurityTracker Alert ID: 1027410 Apple.com PCMag.com The original advisory IMPACT ASSESSMENT: Medum Discussion: A vulnerability was reported in Apple iPhone. A remote user can send an SMS message with a specially crafted User Data Header (UDH) value that specifies an alternate reply address. The recipient's iPhone will display the reply address as the source of the SMS.

143

V-035: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

5: Google Chrome Multiple Flaws Let Remote Users Execute 5: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code V-035: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code November 28, 2012 - 1:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 23.0.1271.91 ABSTRACT: Several vulnerabilities were reported in Google Chrome. REFERENCE LINKS: Release updates from the Chrome team SecurityTracker Alert ID: 1027815 Secunia Advisory SA51437 CVE-2012-5130 CVE-2012-5131 CVE-2012-5132 CVE-2012-5133 CVE-2012-5134 CVE-2012-5135 CVE-2012-5136 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted content that, when loaded by the

144

U-074: Microsoft .NET Bugs Let Remote Users Execute Arbitrary Commands,  

Broader source: Energy.gov (indexed) [DOE]

4: Microsoft .NET Bugs Let Remote Users Execute Arbitrary 4: Microsoft .NET Bugs Let Remote Users Execute Arbitrary Commands, Access User Accounts, and Redirect Users U-074: Microsoft .NET Bugs Let Remote Users Execute Arbitrary Commands, Access User Accounts, and Redirect Users January 4, 2012 - 8:00am Addthis PROBLEM: Microsoft .NET Bugs Let Remote Users Execute Arbitrary Commands, Access User Accounts, and Redirect Users . PLATFORM: Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2

145

V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

10: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary 10: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code March 13, 2013 - 12:04am Addthis PROBLEM: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): 1.6.602.171 and prior for Windows/Mac; other versions on other platforms ABSTRACT: Several vulnerabilities were reported in Adobe Flash Player. REFERENCE LINKS: Adobe Vulnerability identifier: APSB13-09 SecurityTracker Alert ID: 1028277 CVE-2013-0646 CVE-2013-0650 CVE-2013-1371 CVE-2013-1375 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

146

V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

7: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code 7: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code January 11, 2013 - 12:01am Addthis PROBLEM: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Oracle Java Runtime Environment (JRE) 1.7 in Java 7 Update 10 and earlier ABSTRACT: A vulnerability was reported in Oracle Java. REFERENCE LINKS: Seclist.org Vulnerability Note VU#625617 SecurityTracker Alert ID: 1027972 Malware.dontneedcoffee.com CVE-2013-0422 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted Java content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. This vulnerability is being actively exploited.

147

T-654: Apple QuickTime Multiple Bugs Let Remote Users Execute Arbitrary |  

Broader source: Energy.gov (indexed) [DOE]

4: Apple QuickTime Multiple Bugs Let Remote Users Execute 4: Apple QuickTime Multiple Bugs Let Remote Users Execute Arbitrary T-654: Apple QuickTime Multiple Bugs Let Remote Users Execute Arbitrary June 24, 2011 - 4:39am Addthis PROBLEM: A vulnerability was reported in QuickTime. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Version(s): prior to QuickTime 7.6.8 ABSTRACT: A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. reference LINKS: SecurityTracker Alert ID: 1025705 Apple Security Article: HT4339 Apple Security Article: HT4723 Apple Security Article: HT1222 CVE-2011-0213 Secunia Advisory: SA45054 IMPACT ASSESSMENT High Discussion:

148

V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

7: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code 7: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code January 11, 2013 - 12:01am Addthis PROBLEM: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Oracle Java Runtime Environment (JRE) 1.7 in Java 7 Update 10 and earlier ABSTRACT: A vulnerability was reported in Oracle Java. REFERENCE LINKS: Seclist.org Vulnerability Note VU#625617 SecurityTracker Alert ID: 1027972 Malware.dontneedcoffee.com CVE-2013-0422 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted Java content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. This vulnerability is being actively exploited.

149

V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

0: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary 0: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code March 13, 2013 - 12:04am Addthis PROBLEM: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): 1.6.602.171 and prior for Windows/Mac; other versions on other platforms ABSTRACT: Several vulnerabilities were reported in Adobe Flash Player. REFERENCE LINKS: Adobe Vulnerability identifier: APSB13-09 SecurityTracker Alert ID: 1028277 CVE-2013-0646 CVE-2013-0650 CVE-2013-1371 CVE-2013-1375 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

150

U-121: Apple iOS Bugs Let Remote Users Execute Arbitrary Code...  

Broader source: Energy.gov (indexed) [DOE]

21: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information U-121: Apple iOS Bugs Let Remote...

151

T-624: Novell eDirectory LDAP-SSL Memory Allocation Error Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

4: Novell eDirectory LDAP-SSL Memory Allocation Error Lets 4: Novell eDirectory LDAP-SSL Memory Allocation Error Lets Remote Users Deny Service T-624: Novell eDirectory LDAP-SSL Memory Allocation Error Lets Remote Users Deny Service May 17, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in Novell eDirectory. A remote user can cause denial of service conditions. A remote user can send specially crafted data to cause the target service to crash. On Netware-based systems, the system may crash. PLATFORM: Red Hat Enterprise, SuSE,AIX, HP/UX, Solaris, Windows 2000, 2003 ABSTRACT: A remote user can cause denial of service conditions. reference LINKS: Novell eDirectory - LDAP-SSL SECURELIST.ORG SecurityFocus BugTrackID: 47858 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Novell eDirectory. A remote user can cause

152

V-027: Adobe InDesign Server SOAP Interface Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

7: Adobe InDesign Server SOAP Interface Lets Remote Users 7: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands V-027: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands November 19, 2012 - 2:30am Addthis PROBLEM: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands PLATFORM: CS5.5 7.5.0.142; possibly other versions ABSTRACT: Adobe InDesign Server "RunScript" SOAP Message Command Execution Vulnerability REFERENCE LINKS: Secunia Advisory SA48572 SecurityTracker Alert ID: 1027783 Adobe IMPACT ASSESSMENT: Medium DISCUSSION: A vulnerability was reported in Adobe InDesign Server. A remote user can execute arbitrary commands on the target system. A remote user can send a specially crafted "RunScript" SOAP message to

153

U-110: Samba Bug Lets Remote Users Execute Arbitrary Code | Department of  

Broader source: Energy.gov (indexed) [DOE]

0: Samba Bug Lets Remote Users Execute Arbitrary Code 0: Samba Bug Lets Remote Users Execute Arbitrary Code U-110: Samba Bug Lets Remote Users Execute Arbitrary Code February 24, 2012 - 7:30am Addthis PROBLEM: A vulnerability was reported in Samba. PLATFORM: Version(s): prior to 3.4.0 ABSTRACT: A remote user can send specially crafted data to the smbd service to trigger a flaw in chain_reply() and construct_reply() and execute arbitrary code on the target system. reference LINKS: Vendor Advisory Security Tracker ID 1026739 CVE-2012-0870 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Samba. A remote user can execute arbitrary code on the target system. A remote user can send specially crafted data to the smbd service to trigger a flaw in chain_reply() and construct_reply() and execute arbitrary code on the target system. The code will run with the

154

U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users |  

Broader source: Energy.gov (indexed) [DOE]

5: HP IBRIX X9000 Storage Discloses Information to Remote Users 5: HP IBRIX X9000 Storage Discloses Information to Remote Users U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users October 5, 2012 - 6:00am Addthis PROBLEM: HP IBRIX X9000 Storage Discloses Information to Remote Users PLATFORM: Version(s): IBRIX X9000; 6.1.196, 6.1.210, 6.1.228, 6.1.243, 6.1.247, 6.1.249, 6.1.251 ABSTRACT: A potential security vulnerability has been identified with HP IBRIX X9000 Storage. The vulnerability could be remotely exploited to allow disclosure of information. reference LINKS: HP Security Bulletin: c03510876 SecurityTracker Alert ID: 1027590 CVE-2012-3266 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a specially crafted JLS-compressed image file that, when loaded by the target user, will trigger a heap overflow in the

155

U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

4: Apache Traffic Server Host Header Processing Flaw Lets 4: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service March 27, 2012 - 7:00am Addthis PROBLEM: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service PLATFORM: Versions prior to 3.0.4 and 3.1.3 ABSTRACT: A vulnerability was reported in Apache Traffic Server. A remote user can cause denial of service conditions. reference LINKS: SecurityTracker Alert ID: 1026847 CVE-2012-0256 Secunia Advisory SA48509 IMPACT ASSESSMENT: High Discussion: A remote user can send a request with a specially crafted 'Host' header value to trigger a heap allocation error and cause the target service to crash. Impact: A remote user can cause the target service to crash.

156

U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

34: Apache Traffic Server Host Header Processing Flaw Lets 34: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service March 27, 2012 - 7:00am Addthis PROBLEM: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service PLATFORM: Versions prior to 3.0.4 and 3.1.3 ABSTRACT: A vulnerability was reported in Apache Traffic Server. A remote user can cause denial of service conditions. reference LINKS: SecurityTracker Alert ID: 1026847 CVE-2012-0256 Secunia Advisory SA48509 IMPACT ASSESSMENT: High Discussion: A remote user can send a request with a specially crafted 'Host' header value to trigger a heap allocation error and cause the target service to crash. Impact: A remote user can cause the target service to crash.

157

V-030: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

30: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny 30: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service V-030: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service November 21, 2012 - 3:00am Addthis PROBLEM: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service PLATFORM: ColdFusion 10 Update 1 and above for Windows ABSTRACT: Adobe ColdFusion Denial of Service Vulnerability REFERENCE LINKS: Adobe Vulnerability identifier: APSB12-25 SecurityTracker Alert ID: 1027787 Secunia Advisory SA51335 CVE-2012-5674 IMPACT ASSESSMENT: High DISCUSSION: A vulnerability was reported in Adobe ColdFusion. A remote user can cause denial of service conditions. A remote user can send specially crafted data to cause unspecified denial of service conditions on the target ColdFusion service on Windows Internet

158

V-027: Adobe InDesign Server SOAP Interface Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

27: Adobe InDesign Server SOAP Interface Lets Remote Users 27: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands V-027: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands November 19, 2012 - 2:30am Addthis PROBLEM: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands PLATFORM: CS5.5 7.5.0.142; possibly other versions ABSTRACT: Adobe InDesign Server "RunScript" SOAP Message Command Execution Vulnerability REFERENCE LINKS: Secunia Advisory SA48572 SecurityTracker Alert ID: 1027783 Adobe IMPACT ASSESSMENT: Medium DISCUSSION: A vulnerability was reported in Adobe InDesign Server. A remote user can execute arbitrary commands on the target system. A remote user can send a specially crafted "RunScript" SOAP message to

159

U-025: HP OpenView Network Node Manager Bugs Let Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

U-025: HP OpenView Network Node Manager Bugs Let Remote Users U-025: HP OpenView Network Node Manager Bugs Let Remote Users Execute Arbitrary Code U-025: HP OpenView Network Node Manager Bugs Let Remote Users Execute Arbitrary Code November 2, 2011 - 8:00am Addthis PROBLEM: HP OpenView Network Node Manager Bugs Let Remote Users Execute Arbitrary Code. PLATFORM: HP OpenView Network Node Manager (OV NNM) v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows ABSTRACT: A remote user can execute arbitrary code on the target system. reference LINKS: HP Support Center Document ID: c03054052 SecurityTracker Alert ID: 1026260 CVE-2011-1365 CVE-2011-1366 CVE-2011-1367 IMPACT ASSESSMENT: Medium Discussion: Several vulnerabilities were reported in HP OpenView Network Node Manager. A remote user can execute arbitrary code on the target system.

160

U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users |  

Broader source: Energy.gov (indexed) [DOE]

5: HP IBRIX X9000 Storage Discloses Information to Remote Users 5: HP IBRIX X9000 Storage Discloses Information to Remote Users U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users October 5, 2012 - 6:00am Addthis PROBLEM: HP IBRIX X9000 Storage Discloses Information to Remote Users PLATFORM: Version(s): IBRIX X9000; 6.1.196, 6.1.210, 6.1.228, 6.1.243, 6.1.247, 6.1.249, 6.1.251 ABSTRACT: A potential security vulnerability has been identified with HP IBRIX X9000 Storage. The vulnerability could be remotely exploited to allow disclosure of information. reference LINKS: HP Security Bulletin: c03510876 SecurityTracker Alert ID: 1027590 CVE-2012-3266 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a specially crafted JLS-compressed image file that, when loaded by the target user, will trigger a heap overflow in the

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


161

V-147: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets |  

Broader source: Energy.gov (indexed) [DOE]

7: IBM Lotus Notes Mail Client Lets Remote Users Execute Java 7: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets V-147: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets May 2, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in IBM Lotus Notes PLATFORM: IBM Notes 8.0.x, 8.5.x, 9.0 ABSTRACT: A remote user can cause Java applets to be executed on the target user's system REFERENCE LINKS: Security Tracker Alert ID 1028504 IBM Security Bulletin 1633819 CVE-2013-0127 CVE-2013-0538 IMPACT ASSESSMENT: Medium DISCUSSION: The mail client does not filter 'applet' and 'javascript' tags in HTML-based email messages. A remote user can send a specially crafted email message that, when loaded by the target user, will execute arbitrary Java code on the target system. The code will run with the privileges of the

162

V-147: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets |  

Broader source: Energy.gov (indexed) [DOE]

7: IBM Lotus Notes Mail Client Lets Remote Users Execute Java 7: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets V-147: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets May 2, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in IBM Lotus Notes PLATFORM: IBM Notes 8.0.x, 8.5.x, 9.0 ABSTRACT: A remote user can cause Java applets to be executed on the target user's system REFERENCE LINKS: Security Tracker Alert ID 1028504 IBM Security Bulletin 1633819 CVE-2013-0127 CVE-2013-0538 IMPACT ASSESSMENT: Medium DISCUSSION: The mail client does not filter 'applet' and 'javascript' tags in HTML-based email messages. A remote user can send a specially crafted email message that, when loaded by the target user, will execute arbitrary Java code on the target system. The code will run with the privileges of the

163

U-277: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

7: Google Chrome Multiple Flaws Let Remote Users Execute 7: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code U-277: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code October 9, 2012 - 6:00am Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 22.0.1229.92 ABSTRACT: Several vulnerabilities were reported in Google Chrome. reference LINKS: SecurityTracker Alert ID: 1027617 Stable Channel Update CVE-2012-2900 CVE-2012-5108 CVE-2012-5109 CVE-2012-5110 CVE-2012-5111 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. A crash may occur in Skia text rendering [CVE-2012-2900].

164

T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov (indexed) [DOE]

74: Google Chrome Multiple Flaws Let Remote Users Execute 74: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code March 10, 2011 - 3:05pm Addthis PROBLEM: Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass the pop-up blocker. PLATFORM: Google Chrome prior to 10.0.648.127 ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system. reference LINKS: Secunia Advisory: SA43683 Google Chrome Support Chrome Stable Release SecurityTracker Alert ID:1025181

165

T-545: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

45: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets 45: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code T-545: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code January 28, 2011 - 7:21am Addthis PROBLEM: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code. PLATFORM: RealPlayer 14.0.1 and prior versions ABSTRACT: A vulnerability was reported in RealPlayer. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: Security Tracker Alert CVE-2010-4393 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a specially crafted AVI file that, when loaded by the target user, will trigger a heap corruption error in 'vidplin.dll' and execute arbitrary code on the target system. The code will run with the

166

T-723:Adobe Flash Player Multiple Bugs Let Remote Users Obtain...  

Broader source: Energy.gov (indexed) [DOE]

Obtain Information, Conduct Cross-Site Scripting Attacks, and Execute Arbitrary Code T-723:Adobe Flash Player Multiple Bugs Let Remote Users Obtain Information, Conduct...

167

U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users...  

Energy Savers [EERE]

Netcool Reporter Support and Downloads . Addthis Related Articles U-047: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code U-048:...

168

U-096: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny...  

Broader source: Energy.gov (indexed) [DOE]

Impact: A remote user can cause the target system to crash. Solution: IBM has issued a patch available via ftp at "aix.software.ibm.comaixefixessecuritylargesendfix.tar" The...

169

U-131: Adobe Photoshop TIFF Image Heap Overflow Lets Remote Users...  

Broader source: Energy.gov (indexed) [DOE]

time of this entry. Addthis Related Articles U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities U-080: Linux Kernel XFS Heap Overflow May Let Remote Users...

170

U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic...  

Energy Savers [EERE]

hijack a user's session, and potentially compromise an application using the library. A remote user with the ability to conduct a man-in-the-middle attack can decrypt...

171

T-708:Pidgin Bugs Let Remote Users Deny Service and Potentially...  

Broader source: Energy.gov (indexed) [DOE]

A remote user can send specially crafted HTTP 100 responses to trigger a memory access error in the MSN protocol plugin and cause the target user's client to crash....

172

V-055: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny  

Broader source: Energy.gov (indexed) [DOE]

5: Firefly Media Server Null Pointer Dereference Lets Remote 5: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service V-055: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service December 26, 2012 - 9:00am Addthis PROBLEM: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service PLATFORM: Version(s): 1.0.0.1359 and prior ABSTRACT: A vulnerability was reported in Firefly Media Server REFERENCE LINKS: SecurityTracker Alert ID: 1027917 HTB Advisory ID: HTB23129 CVE-2012-5875 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send specially crafted data to trigger a null pointer dereference and cause the target service to crash. IMPACT: A remote user can cause denial of service conditions. SOLUTION: No solution was available at the time of this entry. Addthis

173

U-140: HP-UX Unspecified Flaw in DCE Lets Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

U-140: HP-UX Unspecified Flaw in DCE Lets Remote Users Execute U-140: HP-UX Unspecified Flaw in DCE Lets Remote Users Execute Arbitrary Code U-140: HP-UX Unspecified Flaw in DCE Lets Remote Users Execute Arbitrary Code April 4, 2012 - 7:15am Addthis PROBLEM: A vulnerability was reported in HP-UX PLATFORM: Version(s): 11.11, 11.23; running DCE ABSTRACT: A remote user can execute arbitrary code on the target system. A remote user can send specially crafted data to execute arbitrary code on the target system. The code will run with the privileges of the target service. Reference LINKS: Vendor Advisory Security Tracker ID 1026885 CVE-2012-0131 IMPACT ASSESSMENT: High Discussion: A potential security vulnerability has been identified in HP-UX running DCE. The vulnerability could be exploited remotely to create a Denial of Service (DoS).

174

V-203: HP LoadRunner Multiple Bugs Let Remote Users Deny Service and  

Broader source: Energy.gov (indexed) [DOE]

3: HP LoadRunner Multiple Bugs Let Remote Users Deny Service 3: HP LoadRunner Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code V-203: HP LoadRunner Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code July 26, 2013 - 3:31am Addthis PROBLEM: A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. PLATFORM: HP LoadRunner prior to 11.52 ABSTRACT: Multiple vulnerabilities were reported in HP LoadRunner. REFERENCE LINKS: Security Tracker Alert ID: 1028833 CVE-2013-2368 CVE-2013-2369 CVE-2013-2370 CVE-2013-4797 CVE-2013-4798 CVE-2013-4799 CVE-2013-4800 CVE-2013-4801 IMPACT ASSESSMENT: Medium DISCUSSION: Potential security vulnerabilities have been identified with HP LoadRunner. The vulnerabilities could be remotely exploited to allow execution of code

175

U-155: WebCalendar Access Control and File Inclusion Bugs Let Remote Users  

Broader source: Energy.gov (indexed) [DOE]

5: WebCalendar Access Control and File Inclusion Bugs Let 5: WebCalendar Access Control and File Inclusion Bugs Let Remote Users Potentially Execute Arbitrary Code U-155: WebCalendar Access Control and File Inclusion Bugs Let Remote Users Potentially Execute Arbitrary Code April 25, 2012 - 7:00am Addthis PROBLEM: WebCalendar Access Control and File Inclusion Bugs Let Remote Users Potentially Execute Arbitrary Code PLATFORM: 1.2.4 and prior versions ABSTRACT: Two vulnerabilities were reported in WebCalendar. A remote user may be able to execute arbitrary PHP code on the target system. reference links: SecurityTracker Alert ID: 1026966 CVE-2012-1495 CVE-2012-1496 IMPACT ASSESSMENT: Medium Discussion: A remote user can access '/install/index.php' to potentially modify '/includes/settings/' with arbitrary values or PHP code. A remote

176

U-095: HP Data Protector Media Operations Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

5: HP Data Protector Media Operations Lets Remote Users Execute 5: HP Data Protector Media Operations Lets Remote Users Execute Arbitrary Code U-095: HP Data Protector Media Operations Lets Remote Users Execute Arbitrary Code February 3, 2012 - 1:33am Addthis PROBLEM: HP Data Protector Media Operations Lets Remote Users Execute Arbitrary Code PLATFORM: Windows (2003, XP, 2008), HP Data Protector Media Operations version 6.11 and earlier ABSTRACT: Remote execution of arbitrary code reference LINKS: SecurityTracker Alert ID: 1026626 HP Support Center Document ID: c03179046 CVE-2011-4791 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in HP Data Protector Media Operations. A remote user can execute arbitrary code on the target system. Information on CVSS is documented in HP Customer Notice: HPSN-2008-002. Impact:

177

U-208: HP Operations Agent Bugs Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

208: HP Operations Agent Bugs Let Remote Users Execute Arbitrary 208: HP Operations Agent Bugs Let Remote Users Execute Arbitrary Code U-208: HP Operations Agent Bugs Let Remote Users Execute Arbitrary Code July 10, 2012 - 7:00am Addthis PROBLEM: HP Operations Agent Bugs Let Remote Users Execute Arbitrary Code PLATFORM: HP Operations Agent for AIX, HP-UX, Linux, Solaris, and Windows prior to v11.03.12. ABSTRACT: Two vulnerabilities were reported in HP Operations Agent. A remote user can execute arbitrary code on the target system reference LINKS: The Vendor's Advisory SecurityTracker Alert ID: 1027225 CVE-2012-2019 CVE-2012-2020 IMPACT ASSESSMENT: High Discussion: Potential security vulnerabilities have been identified with HP Operations Agent for AIX, HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in the execution of arbitrary code.

178

T-538: HP OpenView Storage Data Protector Bug Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

T-538: HP OpenView Storage Data Protector Bug Lets Remote Users T-538: HP OpenView Storage Data Protector Bug Lets Remote Users Execute Arbitrary Code T-538: HP OpenView Storage Data Protector Bug Lets Remote Users Execute Arbitrary Code January 20, 2011 - 6:39am Addthis PROBLEM: HP OpenView Storage Data Protector Bug Lets Remote Users Execute Arbitrary Code. PLATFORM: HP OpenView Storage Data Protector v6.11 ABSTRACT: A vulnerability was reported in HP OpenView Storage Data Protector. A remote user can execute arbitrary code on the target system. reference LINKS: HP Security Bulletin SecurityTracker Alert ID: 1024983 CVE-2011-0273 IMPACT ASSESSMENT: High Discussion: A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code.

179

U-142: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain  

Broader source: Energy.gov (indexed) [DOE]

42: HP Onboard Administrator Bugs Let Remote Users Gain Access, 42: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks U-142: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks April 6, 2012 - 7:00am Addthis PROBLEM: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks PLATFORM: HP Onboard Administrator (OA) up to and including v3.32 ABSTRACT: A remote user can obtain potentially sensitive information. reference LINKS: HP Support Document ID: c03263573 SecurityTracker Alert ID: 1026889 CVE-2012-0128, CVE-2012-0129, CVE-2012-0130 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in HP Onboard Administrator. A remote

180

U-137: HP Performance Manager Unspecified Bug Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

7: HP Performance Manager Unspecified Bug Lets Remote Users 7: HP Performance Manager Unspecified Bug Lets Remote Users Execute Arbitrary Codes U-137: HP Performance Manager Unspecified Bug Lets Remote Users Execute Arbitrary Codes March 30, 2012 - 9:15am Addthis PROBLEM: HP Performance Manager Unspecified Bug Lets Remote Users Execute Arbitrary Codes PLATFORM: HP-UX B.11.31 HP-UX B.11.23 ABSTRACT: A remote user can execute arbitrary code on the target system. REFERENCE LINKS: HP Support Document ID: c03255321 SecurityTracker Alert ID: 1026869 CVE-2012-0127 IMPACT ASSESSMENT: High Discussion: A potential security vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute arbitrary code and to create a Denial of Service (DoS).

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


181

U-142: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain  

Broader source: Energy.gov (indexed) [DOE]

2: HP Onboard Administrator Bugs Let Remote Users Gain Access, 2: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks U-142: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks April 6, 2012 - 7:00am Addthis PROBLEM: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks PLATFORM: HP Onboard Administrator (OA) up to and including v3.32 ABSTRACT: A remote user can obtain potentially sensitive information. reference LINKS: HP Support Document ID: c03263573 SecurityTracker Alert ID: 1026889 CVE-2012-0128, CVE-2012-0129, CVE-2012-0130 IMPACT ASSESSMENT: High Discussion: Several vulnerabilities were reported in HP Onboard Administrator. A remote

182

V-055: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny  

Broader source: Energy.gov (indexed) [DOE]

5: Firefly Media Server Null Pointer Dereference Lets Remote 5: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service V-055: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service December 26, 2012 - 9:00am Addthis PROBLEM: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service PLATFORM: Version(s): 1.0.0.1359 and prior ABSTRACT: A vulnerability was reported in Firefly Media Server REFERENCE LINKS: SecurityTracker Alert ID: 1027917 HTB Advisory ID: HTB23129 CVE-2012-5875 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send specially crafted data to trigger a null pointer dereference and cause the target service to crash. IMPACT: A remote user can cause denial of service conditions. SOLUTION: No solution was available at the time of this entry. Addthis

183

T-650: Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

650: Microsoft Word Unspecified Flaw Lets Remote Users Execute 650: Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary Code T-650: Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary Code June 20, 2011 - 3:35pm Addthis PROBLEM: A vulnerability was reported in Microsoft Word. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Office XP; possibly other versions ABSTRACT: Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary Code. reference LINKS: Secunia Advisory: SA44923 SecurityTracker Alert ID: 1025675 Bugtraq ID: 48261 TSL ID: TSL20110614-02 PRL: 2011-07 IMPACT ASSESSMENT: High Discussion: A code execution vulnerability has been reported in Microsoft Office Word. The vulnerability is due to memory corruption when parsing a specially crafted Word file.

184

V-037: Wireshark Multiple Bugs Let Remote Users Deny Service | Department  

Broader source: Energy.gov (indexed) [DOE]

7: Wireshark Multiple Bugs Let Remote Users Deny Service 7: Wireshark Multiple Bugs Let Remote Users Deny Service V-037: Wireshark Multiple Bugs Let Remote Users Deny Service November 30, 2012 - 3:30am Addthis PROBLEM: Wireshark Multiple Bugs Let Remote Users Deny Service PLATFORM: Version(s): prior to 1.6.12, 1.8.4 ABSTRACT: Several vulnerabilities were reported in Wireshark. REFERENCE LINKS: Wireshark Security Advisories Secunia Advisory SA51422 Seclists SecurityTracker Alert ID: 1027822 CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 IMPACT ASSESSMENT: Medium DISCUSSION: Several vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions. A user can obtain potentially sensitive information.

185

V-171: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and  

Broader source: Energy.gov (indexed) [DOE]

1: Apple Safari Bugs Let Remote Users Execute Arbitrary Code 1: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks V-171: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks June 5, 2013 - 1:05am Addthis PROBLEM: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks PLATFORM: Apple Safari prior to 6.0.5 ABSTRACT: Several vulnerabilities were reported in Apple Safari. REFERENCE LINKS: Apple Article: HT5785 SecurityTracker Alert ID: 1028627 CVE-2013-0926 CVE-2013-1009 CVE-2013-1012 CVE-2013-1013 CVE-2013-1023 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary

186

T-648: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the  

Broader source: Energy.gov (indexed) [DOE]

48: Avaya IP Office Manager TFTP Server Lets Remote Users 48: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the Directory T-648: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the Directory June 16, 2011 - 3:45pm Addthis PROBLEM: A vulnerability was reported in Avaya IP Office Manager. A remote user can view files on the target system. PLATFORM: Versions 5.0.x - 6.1.x ABSTRACT: The software does not properly validate user-supplied input. A remote user can supply a specially crafted request to view files on target system running the IP Office Manager software. reference LINKS: ASA-2011-156 SecurityTracker Alert ID: 1025664 Secunia Advisory: SA43884 Avaya Support IMPACT ASSESSMENT: Medium Discussion: Avaya IP Office Manager is an application for viewing and editing an IP Office system's configuration. It can be used to securely connect to and

187

T-684: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

4: Apple QuickTime Buffer Overflows Let Remote Users Execute 4: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary Code T-684: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary Code August 4, 2011 - 3:33pm Addthis PROBLEM: Multiple vulnerabilities were reported in QuickTime. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: Apple Quick Time prior to 7.7 ABSTRACT: Apple QuickTime Buffer Overflows Let Remote Users Execute Arbitrary Code. reference LINKS: Apple security updates SecurityTracker Alert ID: 1025884 Mac OS X: Updating your software Support Downloads QuickTime 7.7 IMPACT ASSESSMENT: High Discussion: A specially crafted PICT file can trigger a buffer overflow [CVE-2011-0245]. Mac OS X version 10.7 is not affected. A specially crafted GIF image can trigger a heap overflow [CVE-2011-0246].

188

V-202: Cisco Video Surveillance Manager Bugs Let Remote Users Obtain  

Broader source: Energy.gov (indexed) [DOE]

2: Cisco Video Surveillance Manager Bugs Let Remote Users 2: Cisco Video Surveillance Manager Bugs Let Remote Users Obtain Potentially Sensitive Information V-202: Cisco Video Surveillance Manager Bugs Let Remote Users Obtain Potentially Sensitive Information July 25, 2013 - 2:52am Addthis PROBLEM: A remote user can obtain potentially sensitive information and modify some configuration settings. A remote user can exploit this to create, modify, and remove camera feeds, archives, logs, and users. PLATFORM: Cisco Video Surveillance Manager 7.1, 7.5 ABSTRACT: Two vulnerabilities were reported in Cisco Video Surveillance Manager REFERENCE LINKS: Security Tracker Alert ID: 1028827 CVE-2013-3429 CVE-2013-3430 CVE-2013-3431 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is due to an access control error that occurred. The

189

U-262: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

2: Microsoft Internet Explorer Flaw Lets Remote Users Execute 2: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code U-262: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code September 18, 2012 - 6:00am Addthis PROBLEM: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Internet Explorer 6, 7, 8, 9 ABSTRACT: A vulnerability was reported in Microsoft Internet Explorer. reference LINKS: Bugtraq ID: 55562 Security Database KB2757760 Microsoft Security Advisory (2757760) SecurityTracker Alert ID: 1027538 IMPACT ASSESSMENT: High Discussion: A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the

190

V-095: Oracle Java Flaws Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

5: Oracle Java Flaws Let Remote Users Execute Arbitrary Code 5: Oracle Java Flaws Let Remote Users Execute Arbitrary Code V-095: Oracle Java Flaws Let Remote Users Execute Arbitrary Code February 20, 2013 - 12:38am Addthis PROBLEM: Oracle Java Flaws Let Remote Users Execute Arbitrary Code PLATFORM: JDK and JRE 7 Update 13 and earlier JDK and JRE 6 Update 39 and earlier JDK and JRE 5.0 Update 39 and earlier SDK and JRE 1.4.2_41 and earlier ABSTRACT: Several vulnerabilities were reported in Oracle Java. REFERENCE LINKS: Updated Release of the February 2013 Oracle Java SE Critical Patch Update SecurityTracker Alert ID: 1028155 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486 CVE-2013-1487 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create a specially crafted Java Web Start application or Java applet that, when loaded by the target user, will execute arbitrary

191

U-089:Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

9:Apache Struts ParameterInterceptor() Flaw Lets Remote Users 9:Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands U-089:Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands January 26, 2012 - 6:45am Addthis PROBLEM: Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands PLATFORM: Struts 2.0.0 - Struts 2.3.1.1 ABSTRACT: A remote user can execute arbitrary code on the target system. reference LINKS: CVE-2011-3923 SecurityTracker Alert ID: 1026575 Apache Struts 2 Documentation S2-009 blog.o0o.nu IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Apache Struts. The vulnerability allows a malicious user to bypass all the protections (regex pattern, deny method invocation) built into the ParametersInterceptor, thus being able to inject

192

T-635: Cisco AnyConnect Secure Mobility Client Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

5: Cisco AnyConnect Secure Mobility Client Lets Remote Users 5: Cisco AnyConnect Secure Mobility Client Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges T-635: Cisco AnyConnect Secure Mobility Client Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges June 2, 2011 - 4:38pm Addthis PROBLEM: The Cisco AnyConnect Secure Mobility Client is the Cisco next-generation VPN client, which provides remote users with secure IPsec (IKEv2) or SSL Virtual Private Network (VPN) connections to Cisco 5500 Series Adaptive Security Appliances (ASA) and devices that are running Cisco IOS Software. PLATFORM: Cisco AnyConnect Secure Mobility Client Platform & Affected Versions ABSTRACT: Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a

193

V-149: Microsoft Internet Explorer Object Access Bug Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

9: Microsoft Internet Explorer Object Access Bug Lets Remote 9: Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code V-149: Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code May 6, 2013 - 12:07am Addthis PROBLEM: Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code PLATFORM: Internet Explorer 8 ABSTRACT: A vulnerability was reported in Microsoft Internet Explorer. REFERENCE LINKS: SecurityTracker Alert ID: 1028514 Microsoft Security Advisory (2847140) CVE-2013-1347 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create specially crafted HTML that, when loaded by the target user, will access and object that has been deleted or not properly allocated and execute arbitrary code on the target system. The code will run with the privileges of the target user.

194

V-066: Adobe Acrobat/Reader Multiple Flaws Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

6: Adobe Acrobat/Reader Multiple Flaws Lets Remote Users 6: Adobe Acrobat/Reader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges V-066: Adobe Acrobat/Reader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges January 10, 2013 - 2:00am Addthis PROBLEM: Adobe Acrobat/Reader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges PLATFORM: *Adobe Reader XI (11.0.0) for Windows and Macintosh *Adobe Reader X (10.1.4) and earlier 10.x versions for Windows and Macintosh *Adobe Reader 9.5.2 and earlier 9.x versions for Windows and Macintosh *Adobe Reader 9.5.1 and earlier 9.x versions for Linux *Adobe Acrobat XI (11.0.0) for Windows and Macintosh *Adobe Acrobat X (10.1.4) and earlier 10.x versions for Windows and

195

V-066: Adobe Acrobat/Reader Multiple Flaws Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

66: Adobe Acrobat/Reader Multiple Flaws Lets Remote Users 66: Adobe Acrobat/Reader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges V-066: Adobe Acrobat/Reader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges January 10, 2013 - 2:00am Addthis PROBLEM: Adobe Acrobat/Reader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges PLATFORM: *Adobe Reader XI (11.0.0) for Windows and Macintosh *Adobe Reader X (10.1.4) and earlier 10.x versions for Windows and Macintosh *Adobe Reader 9.5.2 and earlier 9.x versions for Windows and Macintosh *Adobe Reader 9.5.1 and earlier 9.x versions for Linux *Adobe Acrobat XI (11.0.0) for Windows and Macintosh *Adobe Acrobat X (10.1.4) and earlier 10.x versions for Windows and

196

V-195: RSA Authentication Manager Lets Local Users View the Administra...  

Broader source: Energy.gov (indexed) [DOE]

can view the administrative account password SOLUTION: The vendor has issued a fix (Patch 26 (P26) for RSA Authentication Manager 7.1 Service Pack 4 (SP4) and Appliance 3.0...

197

U-176: Wireshark Multiple Bugs Let Remote Users Deny Service | Department  

Broader source: Energy.gov (indexed) [DOE]

U-176: Wireshark Multiple Bugs Let Remote Users Deny Service U-176: Wireshark Multiple Bugs Let Remote Users Deny Service U-176: Wireshark Multiple Bugs Let Remote Users Deny Service May 24, 2012 - 7:00am Addthis PROBLEM: Wireshark Multiple Bugs Let Remote Users Deny Service PLATFORM: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7 ABSTRACT: Several vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions. Reference Links: SecurityTracker Alert ID: 1027094 CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 IMPACT ASSESSMENT: Medium Discussion: A remote user can send specially crafted ANSI MAP, ASF, BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 data to cause Wireshark to hang or enter an infinite loop. A remote user can cause the DIAMETER dissector to crash. A remote user can trigger a memory error on SPARC or Itanium processors and

198

U-037: Linux Kernel NFSv4 ACL Attribute Processing Error Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

7: Linux Kernel NFSv4 ACL Attribute Processing Error Lets 7: Linux Kernel NFSv4 ACL Attribute Processing Error Lets Remote Users Execute Arbitrary Code U-037: Linux Kernel NFSv4 ACL Attribute Processing Error Lets Remote Users Execute Arbitrary Code November 16, 2011 - 7:43am Addthis PROBLEM: Linux Kernel NFSv4 ACL Attribute Processing Error Lets Remote Users Execute Arbitrary Code. PLATFORM: Kernel version 2.6.x ABSTRACT: A remote server can cause the target connected client to crash. reference LINKS: The Linux Kernel Archives CVE-2011-4131 SecurityTracker Alert ID: 1026324 Linux Kernel [PATCH 1/1] NFSv4 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in the Linux Kernel. A remote user can cause denial of service conditions. Impact: A remote server can return specially crafted data to the connected target

199

U-119: Blackberry PlayBook Unspecified WebKit Bug Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

9: Blackberry PlayBook Unspecified WebKit Bug Lets Remote Users 9: Blackberry PlayBook Unspecified WebKit Bug Lets Remote Users Execute Arbitrary Code U-119: Blackberry PlayBook Unspecified WebKit Bug Lets Remote Users Execute Arbitrary Code March 7, 2012 - 7:00am Addthis PROBLEM: Blackberry PlayBook Unspecified WebKit Bug Lets Remote Users Execute Arbitrary Code PLATFORM: BlackBerry 6, BlackBerry 7, BlackBerry 7.1, and BlackBerry PlayBook tablet software ABSTRACT: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: SecurityTracker Alert ID: 1026769 BlackBerry Security Notice Article ID: KB30152 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Blackberry PlayBook. A remote user can cause arbitrary code to be executed on the target user's system. A remote

200

U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

4: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote 4: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code December 19, 2011 - 9:15am Addthis PROBLEM: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code. PLATFORM: Adobe Acrobat Reader Version(s): 10.1.1 and prior versions ABSTRACT: A vulnerability was reported in Adobe Acrobat/Reader, this vulnerability is being actively exploited against Windows-based systems. reference LINKS: SecurityTracker Alert ID: 1026432 APSB11-30 CVE-2011-4369 JC3-CIRC Tech Bulletin U-054 APSA11-04 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the PRC

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


201

U-091: cURL Lets Remote Users Decrypt SSL/TLS Traffic | Department of  

Broader source: Energy.gov (indexed) [DOE]

91: cURL Lets Remote Users Decrypt SSL/TLS Traffic 91: cURL Lets Remote Users Decrypt SSL/TLS Traffic U-091: cURL Lets Remote Users Decrypt SSL/TLS Traffic January 30, 2012 - 6:45am Addthis PROBLEM: A vulnerability was reported in cURL. PLATFORM: Linux (Any), UNIX (Any), Windows (Any) : Version(s): 7.10.6 through 7.23.1 ABSTRACT: A remote user can decrypt SSL/TLS sessions in certain cases. reference LINKS: CVE-2011-3389 SecurityTracker Alert ID: 1026587 Vendor Advisory IMPACT ASSESSMENT: Moderate Discussion: A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL/TLS sessions. The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows

202

V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain  

Broader source: Energy.gov (indexed) [DOE]

8: HP Service Manager Unspecified Flaw Lets Remote Users Gain 8: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access August 15, 2013 - 1:30am Addthis PROBLEM: A potential security vulnerability has been identified with HP Service Manager. The vulnerability could be exploited to allow remote unauthenticated access and elevation of privilege. PLATFORM: HP Service Manager v9.31, v9.30, v9.21, v7.11, v6.2.8 ABSTRACT: The vulnerabilities are reported in versions 9.31 and prior. REFERENCE LINKS: SecurityTracker Alert ID: 1028912 CVE-2013-4808 IMPACT ASSESSMENT: High DISCUSSION: A vulnerability was reported in HP Service Manager. A remote user can gain unauthorized access on the target system. IMPACT: User access via network

203

V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain  

Broader source: Energy.gov (indexed) [DOE]

8: HP Service Manager Unspecified Flaw Lets Remote Users Gain 8: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access August 15, 2013 - 1:30am Addthis PROBLEM: A potential security vulnerability has been identified with HP Service Manager. The vulnerability could be exploited to allow remote unauthenticated access and elevation of privilege. PLATFORM: HP Service Manager v9.31, v9.30, v9.21, v7.11, v6.2.8 ABSTRACT: The vulnerabilities are reported in versions 9.31 and prior. REFERENCE LINKS: SecurityTracker Alert ID: 1028912 CVE-2013-4808 IMPACT ASSESSMENT: High DISCUSSION: A vulnerability was reported in HP Service Manager. A remote user can gain unauthorized access on the target system. IMPACT: User access via network

204

U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially  

Broader source: Energy.gov (indexed) [DOE]

53: Linux kexec Bugs Let Local and Remote Users Obtain 53: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information December 7, 2011 - 7:30am Addthis PROBLEM: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information . PLATFORM: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Workstation (v. 6) ABSTRACT: Several vulnerabilities were reported in Linux kexec. A remote or local user can obtain potentially sensitive information. reference LINKS: Red Hat Security Advisory: RHSA-2011:1532-3 SecurityTracker Alert ID: 1026375 IMPACT ASSESSMENT: Medium Discussion: Kdump uses the SSH "StrictHostKeyChecking=no" option when dumping to SSH

205

U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

9: Cisco Firewall Services Module Bugs Let Remote Users Execute 9: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service October 11, 2012 - 6:00am Addthis PROBLEM: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service PLATFORM: Version(s): prior to 4.1(9) ABSTRACT: Several vulnerabilities were reported in Cisco Firewall Services Module. reference LINKS: Cisco Advisory ID: cisco-sa-20121010-fwsm SecurityTracker Alert ID: 1027640 CVE-2012-4661 CVE-2012-4662 CVE-2012-4663 IMPACT ASSESSMENT: High Discussion: A remote user can send specially crafted DCERPC data through the target device to trigger a stack overflow in the DCERPC inspection engine and execute arbitrary code on the target device or cause the target device to

206

U-203: HP Photosmart Bug Lets Remote Users Deny Service | Department of  

Broader source: Energy.gov (indexed) [DOE]

03: HP Photosmart Bug Lets Remote Users Deny Service 03: HP Photosmart Bug Lets Remote Users Deny Service U-203: HP Photosmart Bug Lets Remote Users Deny Service July 2, 2012 - 8:00am Addthis PROBLEM: HP Photosmart Bug Lets Remote Users Deny Service PLATFORM: HP Photosmart Wireless e-All-in-One Printer series - B110 HP Photosmart e-All-in-One Printer series - D110 HP Photosmart Plus e-All-in-One Printer series - B210 HP Photosmart eStation All-in-One Printer series - C510 HP Photosmart Ink Advantage e-All-in-One Printer series - K510 HP Photosmart Premium Fax e-All-in-One Printer series - C410 ABSTRACT: A vulnerability was reported in HP Photosmart. A remote user can cause denial of service conditions. Reference LINKS: The Vendor's Advisory SecurityTracker Alert ID: 1027213 CVE-2012-2017 IMPACT ASSESSMENT: High Discussion:

207

V-010: 3Com, HP, and H3C Switches SNMP Configuration Lets Remote Users Take  

Broader source: Energy.gov (indexed) [DOE]

10: 3Com, HP, and H3C Switches SNMP Configuration Lets Remote 10: 3Com, HP, and H3C Switches SNMP Configuration Lets Remote Users Take Administrative Actions V-010: 3Com, HP, and H3C Switches SNMP Configuration Lets Remote Users Take Administrative Actions October 25, 2012 - 6:00am Addthis PROBLEM: 3Com, HP, and H3C Switches SNMP Configuration Lets Remote Users Take Administrative Actions PLATFORM: 3COM, and H3C Routers & Switches Specific products and model numbers is provided in the vendor's advisory. ABSTRACT: A vulnerability was reported in 3Com, HP, and H3C Switches. REFERENCE LINKS: HP Support document ID: c03515685 SecurityTracker Alert ID: 1027694 CVE-2012-3268 IMPACT ASSESSMENT: High DISCUSSION: A remote user with knowledge of the SNMP public community string can access potentially sensitive data (e.g., user names, passwords) in the

208

U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

4: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote 4: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code December 19, 2011 - 9:15am Addthis PROBLEM: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code. PLATFORM: Adobe Acrobat Reader Version(s): 10.1.1 and prior versions ABSTRACT: A vulnerability was reported in Adobe Acrobat/Reader, this vulnerability is being actively exploited against Windows-based systems. reference LINKS: SecurityTracker Alert ID: 1026432 APSB11-30 CVE-2011-4369 JC3-CIRC Tech Bulletin U-054 APSA11-04 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the PRC

209

U-219: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject  

Broader source: Energy.gov (indexed) [DOE]

19: Symantec Web Gateway Input Validation Flaws Lets Remote 19: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords U-219: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords July 24, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords PLATFORM: Symantec Web Gateway 5.0.x.x ABSTRACT: Several vulnerabilities were reported in Symantec Web Gateway. REFERENCE LINKS: Security Advisories Relating to Symantec Products SecurityTracker Alert ID: 1027289 Bugtraq ID: 54424 Bugtraq ID: 54425 Bugtraq ID: 54426 Bugtraq ID: 54427 Bugtraq ID: 54429 Bugtraq ID: 54430

210

V-002: EMC NetWorker Module for Microsoft Applications Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

2: EMC NetWorker Module for Microsoft Applications Lets Remote 2: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords V-002: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords October 15, 2012 - 6:00am Addthis PROBLEM: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords PLATFORM: EMC NetWorker Module for Microsoft Applications 2.2.1, 2.3 prior to build 122, 2.4 prior to build 375 ABSTRACT: EMC NetWorker Module for Microsoft Applications Two Vulnerabilities REFERENCE LINKS: EMC Identifier: ESA-2012-025 Secunia Advisory SA50957 SecurityTracker Alert ID: 1027647 CVE-2012-2284 CVE-2012-2290 IMPACT ASSESSMENT: Medium DISCUSSION:

211

U-219: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject  

Broader source: Energy.gov (indexed) [DOE]

19: Symantec Web Gateway Input Validation Flaws Lets Remote 19: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords U-219: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords July 24, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords PLATFORM: Symantec Web Gateway 5.0.x.x ABSTRACT: Several vulnerabilities were reported in Symantec Web Gateway. REFERENCE LINKS: Security Advisories Relating to Symantec Products SecurityTracker Alert ID: 1027289 Bugtraq ID: 54424 Bugtraq ID: 54425 Bugtraq ID: 54426 Bugtraq ID: 54427 Bugtraq ID: 54429 Bugtraq ID: 54430

212

V-002: EMC NetWorker Module for Microsoft Applications Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

2: EMC NetWorker Module for Microsoft Applications Lets Remote 2: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords V-002: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords October 15, 2012 - 6:00am Addthis PROBLEM: EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords PLATFORM: EMC NetWorker Module for Microsoft Applications 2.2.1, 2.3 prior to build 122, 2.4 prior to build 375 ABSTRACT: EMC NetWorker Module for Microsoft Applications Two Vulnerabilities REFERENCE LINKS: EMC Identifier: ESA-2012-025 Secunia Advisory SA50957 SecurityTracker Alert ID: 1027647 CVE-2012-2284 CVE-2012-2290 IMPACT ASSESSMENT: Medium DISCUSSION:

213

U-165: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof  

Broader source: Energy.gov (indexed) [DOE]

5: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and 5: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs U-165: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs May 9, 2012 - 7:00am Addthis PROBLEM: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs PLATFORM: prior to 5.1.1; iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 ABSTRACT: Two vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can spoof the address bar URL. reference LINKS: SecurityTracker Alert ID: 1027028 CVE-2012-0672 CVE-2012-0674 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a specially crafted file that, when loaded by the

214

U-165: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof  

Broader source: Energy.gov (indexed) [DOE]

5: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and 5: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs U-165: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs May 9, 2012 - 7:00am Addthis PROBLEM: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs PLATFORM: prior to 5.1.1; iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 ABSTRACT: Two vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can spoof the address bar URL. reference LINKS: SecurityTracker Alert ID: 1027028 CVE-2012-0672 CVE-2012-0674 IMPACT ASSESSMENT: Medium Discussion: A remote user can create a specially crafted file that, when loaded by the

215

U-177: Lotus Quickr for Domino ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code  

Broader source: Energy.gov [DOE]

A vulnerability was reported in Lotus Quickr for Domino. A remote user can cause arbitrary code to be executed on the target user's system.

216

U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

57: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny 57: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service September 12, 2012 - 6:00am Addthis PROBLEM: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service PLATFORM: ColdFusion 10, 9.0.2, 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX ABSTRACT: Adobe ColdFusion is prone to a remote denial-of-service vulnerability. reference LINKS: Adobe Security bulletins and advisories Adobe Vulnerability identifier: APSB12-21 SecurityTracker Alert ID: 1027516 Bugtraq ID: 55499 CVE-2012-2048 IMPACT ASSESSMENT: Medium Discussion: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This update resolves a vulnerability which

217

U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

7: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny 7: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service September 12, 2012 - 6:00am Addthis PROBLEM: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service PLATFORM: ColdFusion 10, 9.0.2, 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX ABSTRACT: Adobe ColdFusion is prone to a remote denial-of-service vulnerability. reference LINKS: Adobe Security bulletins and advisories Adobe Vulnerability identifier: APSB12-21 SecurityTracker Alert ID: 1027516 Bugtraq ID: 55499 CVE-2012-2048 IMPACT ASSESSMENT: Medium Discussion: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This update resolves a vulnerability which

218

U-096: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

6: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny 6: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service U-096: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service February 6, 2012 - 7:00am Addthis PROBLEM: Vulnerability in AIX TCP stack PLATFORM: Version(s): 5.3, 6.1, 7.1 ABSTRACT: A remote user can send a series of specially crafted TCP packets to trigger a kernel panic on the target system. reference LINKS: SecurityTracker Alert ID: 1026640 IBM Security Advisory CVE-2012-0194 IMPACT ASSESSMENT: Medium Discussion: AIX could allow a remote attacker to cause a denial of service, caused by an error when the TCP large send offload option is enabled on a network interface. By sending a specially-crafted sequence of packets, an attacker could exploit this vulnerability to cause a kernel panic.

219

U-220: Google Android DNS Resolver Randomization Flaw Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

0: Google Android DNS Resolver Randomization Flaw Lets Remote 0: Google Android DNS Resolver Randomization Flaw Lets Remote Users Poison the DNS Cache U-220: Google Android DNS Resolver Randomization Flaw Lets Remote Users Poison the DNS Cache July 25, 2012 - 7:00am Addthis PROBLEM: Google Android DNS Resolver Randomization Flaw Lets Remote Users Poison the DNS Cache PLATFORM: Version(s): 4.0.4 and prior versions ABSTRACT: A remote user can poison the DNS cache. reference LINKS: IBM Application Security Research Group SecurityTracker Alert ID: 1027291 Bugtraq ID: 523624 CVE-2012-2808 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Google Android. The res_randomid() function, which bases a return value on the process ID and the current time, is called twice in quick succession. As a result, the effective

220

T-719:Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny  

Broader source: Energy.gov (indexed) [DOE]

9:Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users 9:Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service T-719:Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service September 16, 2011 - 11:30am Addthis PROBLEM: Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service PLATFORM: Apache version(s) prior to 2.2.21 ABSTRACT: A remote user can cause the backend server to remain in an error state until the retry timeout expires. reference LINKS: SecurityTracker Alert ID: 1026054 Apache Releases CVE-2011-3348 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Apache mod_proxy_ajp. A remote user can cause denial of service conditions. When mod_proxy_ajp is used together with mod_proxy_balancer, a remote user can send specially crafted HTTP requests to place the backend server in an error state until the retry

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


221

V-140: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting  

Broader source: Energy.gov (indexed) [DOE]

0: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site 0: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information V-140: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information April 23, 2013 - 12:26am Addthis PROBLEM: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information PLATFORM: Apache ActiveMQ versions prior to 5.8.0 ABSTRACT: Several vulnerabilities were reported in Apache ActiveMQ. REFERENCE LINKS: Apache ActiveMQ SecurityTracker Alert ID: 1028457 CVE-2012-6092 CVE-2012-6551 CVE-2013-3060 IMPACT ASSESSMENT: High DISCUSSION: Several web demos do not properly filter HTML code from user-supplied input

222

V-140: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting  

Broader source: Energy.gov (indexed) [DOE]

0: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site 0: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information V-140: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information April 23, 2013 - 12:26am Addthis PROBLEM: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information PLATFORM: Apache ActiveMQ versions prior to 5.8.0 ABSTRACT: Several vulnerabilities were reported in Apache ActiveMQ. REFERENCE LINKS: Apache ActiveMQ SecurityTracker Alert ID: 1028457 CVE-2012-6092 CVE-2012-6551 CVE-2013-3060 IMPACT ASSESSMENT: High DISCUSSION: Several web demos do not properly filter HTML code from user-supplied input

223

V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

9: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let 9: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code December 18, 2012 - 1:30am Addthis PROBLEM: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code PLATFORM: Windows RealPlayer 15.0.6.14 and prior. ABSTRACT: Two vulnerabilities were reported in RealPlayer. REFERENCE LINKS: RealPlayer Security Vulnerabilities Secunia Advisory SA51589 SecurityTracker Alert ID: 1027893 CVE-2012-5690 CVE-2012-5691 IMPACT ASSESSMENT: Medium DISCUSSION: Two vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. A remote user can create a specially crafted RealAudio file that, when

224

U-233: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

3: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote 3: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote Authenticated Users Gain Elevated Privileges U-233: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote Authenticated Users Gain Elevated Privileges August 13, 2012 - 7:00am Addthis PROBLEM: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote Authenticated Users Gain Elevated Privileges PLATFORM: Oracle Database Server versions 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 ABSTRACT: A remote authenticated user with 'Create Table' privileges can gain 'SYS' privileges on the target system. Reference LINKS: Oracle Security Alert Oracle Security Alert - CVE-2012-3132 Risk Matrices SecurityTracker Alert ID: 1027367 CVE-2012-3132 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Oracle Database. This vulnerability is not

225

T-727:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption  

Broader source: Energy.gov (indexed) [DOE]

7:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users 7:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions T-727:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions September 27, 2011 - 8:00am Addthis PROBLEM: Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions. PLATFORM: Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack

226

U-121: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct  

Broader source: Energy.gov (indexed) [DOE]

21: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, 21: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information U-121: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information March 9, 2012 - 7:00am Addthis PROBLEM: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information PLATFORM: Apple iOS Version(s): prior to 5.1 ABSTRACT: Multiple vulnerabilities were reported in Apple iOS. reference LINKS: SecurityTracker Alert ID: 1026774 Apple Security Updates About the security content of iOS 5.1 Software Update CVE-2012-0641, CVE-2012-0642, CVE-2012-0643, CVE-2011-3453, CVE-2012-0644,

227

T-723:Adobe Flash Player Multiple Bugs Let Remote Users Obtain Information,  

Broader source: Energy.gov (indexed) [DOE]

3:Adobe Flash Player Multiple Bugs Let Remote Users Obtain 3:Adobe Flash Player Multiple Bugs Let Remote Users Obtain Information, Conduct Cross-Site Scripting Attacks, and Execute Arbitrary Code T-723:Adobe Flash Player Multiple Bugs Let Remote Users Obtain Information, Conduct Cross-Site Scripting Attacks, and Execute Arbitrary Code September 22, 2011 - 8:00am Addthis PROBLEM: Adobe Flash Player Multiple Bugs Let Remote Users Obtain Information, Conduct Cross-Site Scripting Attacks, and Execute Arbitrary Code. PLATFORM: Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris. Adobe Flash Player 10.3.186.6 and earlier versions for Android. ABSTRACT: An attacker can exploit this issue by enticing an unsuspecting victim into visiting a malicious website. reference LINKS: Adobe Security Bulletin

228

T-727:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption  

Broader source: Energy.gov (indexed) [DOE]

7:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users 7:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions T-727:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions September 27, 2011 - 8:00am Addthis PROBLEM: Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions. PLATFORM: Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack

229

V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service | Department  

Broader source: Energy.gov (indexed) [DOE]

5: Cisco ASA Multiple Bugs Let Remote Users Deny Service 5: Cisco ASA Multiple Bugs Let Remote Users Deny Service V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service April 16, 2013 - 12:21am Addthis PROBLEM: Cisco ASA Multiple Bugs Let Remote Users Deny Service PLATFORM: Cisco ASA Software for Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, and Cisco ASA 1000V Cloud Firewall are affected by multiple vulnerabilities. Affected versions of Cisco ASA Software will vary depending on the specific vulnerability. ABSTRACT: Several vulnerabilities were reported in Cisco ASA. REFERENCE LINKS: Cisco Security Advisory Secunia Advisory SA52989 SecurityTracker Alert ID: 1028415 CVE-2013-1149 CVE-2013-1150 CVE-2013-1151 CVE-2013-1152

230

V-065: Adobe Flash Player Buffer Overflow Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

5: Adobe Flash Player Buffer Overflow Lets Remote Users Execute 5: Adobe Flash Player Buffer Overflow Lets Remote Users Execute Arbitrary Code V-065: Adobe Flash Player Buffer Overflow Lets Remote Users Execute Arbitrary Code January 9, 2013 - 12:10am Addthis PROBLEM: Adobe Flash Player Buffer Overflow Lets Remote Users Execute Arbitrary Code PLATFORM: Adobe Flash Player 11.5.502.135 and earlier versions for Windows Adobe Flash Player 11.5.502.136 and earlier versions for Macintosh Adobe Flash Player 11.2.202.258 and earlier versions for Linux Adobe Flash Player 11.1.115.34 and earlier versions for Android 4.x Adobe Flash Player 11.1.111.29 and earlier versions for Android 3.x and 2.x. ABSTRACT: Security updates available for Adobe Flash Player REFERENCE LINKS: Adobe Security Bulletin APSB13-01 SecurityTracker Alert ID: 1027950

231

V-046: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

46: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary 46: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code V-046: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code December 13, 2012 - 3:30am Addthis PROBLEM: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): 11.5.502.110 and prior for Windows/Mac; 11.2.202.251 and prior for Linux ABSTRACT: Several vulnerabilities were reported in Adobe Flash Player. REFERENCE LINKS: Adobe Vulnerability identifier: APSB12-27 SecurityTracker Alert ID: 1027854 Secunia Advisory SA51560 RHSA-2012:1569-1 CVE-2012-5676 CVE-2012-5677 CVE-2012-5678 IMPACT ASSESSMENT: High DISCUSSION: A buffer overflow can trigger code execution [CVE-2012-5676]. An integer overflow can trigger code execution [CVE-2012-5677]. A memory corruption flaw can trigger code execution [CVE-2012-5678].

232

V-091: Adobe Acrobat/Reader Bug Lets Remote Users Execute Arbitrary Code |  

Broader source: Energy.gov (indexed) [DOE]

1: Adobe Acrobat/Reader Bug Lets Remote Users Execute Arbitrary 1: Adobe Acrobat/Reader Bug Lets Remote Users Execute Arbitrary Code V-091: Adobe Acrobat/Reader Bug Lets Remote Users Execute Arbitrary Code February 14, 2013 - 12:22am Addthis PROBLEM: Adobe Acrobat/Reader Bug Lets Remote Users Execute Arbitrary Code PLATFORM: Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh ABSTRACT: Adobe has identified critical vulnerabilities in Adobe Reader and Acrobat REFERENCE LINKS: Adobe Reader and Acrobat Vulnerability Report

233

V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

6: Adobe Flash Player Memory Corruption Flaw Lets Remote Users 6: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code June 12, 2013 - 12:15am Addthis PROBLEM: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code PLATFORM: Adobe Flash Player 11.7.700.202 and earlier versions for Windows Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh Adobe Flash Player 11.2.202.285 and earlier versions for Linux Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x Adobe AIR 3.7.0.1860 and earlier versions for Windows and Macintosh Adobe AIR 3.7.0.1860 and earlier versions for Android

234

U-222: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the  

Broader source: Energy.gov (indexed) [DOE]

2: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, 2: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information U-222: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information July 27, 2012 - 7:00am Addthis PROBLEM: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information PLATFORM: Version(s):Apple Safari prior to 6.0 ABSTRACT: Multiple vulnerabilities were reported in Apple Safari. reference LINKS: The Vendor's Advisory Bugtraq ID: 54683 SecurityTracker Alert ID: 1027307 IMPACT ASSESSMENT:

235

T-647: PHP File Upload Bug May Let Remote Users Overwrite Files on the  

Broader source: Energy.gov (indexed) [DOE]

7: PHP File Upload Bug May Let Remote Users Overwrite Files on 7: PHP File Upload Bug May Let Remote Users Overwrite Files on the Target System T-647: PHP File Upload Bug May Let Remote Users Overwrite Files on the Target System June 15, 2011 - 3:45pm Addthis PROBLEM: A vulnerability was reported in PHP. A remote user may be able to overwrite files on the target system. PLATFORM: PHP prior to 5.3.7 ABSTRACT: PHP is prone to a security-bypass vulnerability.Successful exploits will allow an attacker to delete files from the root directory, which may aid in further attacks. PHP 5.3.6 is vulnerable; other versions may also be affected. reference LINKS: PHP Security Notice PHP CVE-2011-2202 SecurityTracker Alert ID: 1025659 Secunia Advisory: SA44874 CVE-2011-2202 IMPACT ASSESSMENT: High Discussion: The vulnerability lies in the 'SAPI_POST_HANDLER_FUNC()' function in

236

T-664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

664: Apache Santuario Buffer Overflow Lets Remote Users Deny 664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service T-664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service July 8, 2011 - 12:32pm Addthis PROBLEM: A vulnerability was reported in Apache Santuario. A remote user can cause denial of service conditions. PLATFORM: Prior to 1.6.1 - Apache Santuario XML Security for C++ library versions prior to V1.6.1 ABSTRACT: A buffer overflow exists when creating or verifying XML signatures with RSA keys of sizes on the order of 8192 or more bits. This typically results in a crash and denial of service in applications that verify signatures using keys that could be supplied by an attacker. reference LINKS: SecurityTracker Alert ID: 1025755 Bugzilla: 719698: CVE-2011-2516 xml-security-c The Apache Software Foundation - CVE-2011-2516

237

U-222: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the  

Broader source: Energy.gov (indexed) [DOE]

2: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, 2: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information U-222: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information July 27, 2012 - 7:00am Addthis PROBLEM: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information PLATFORM: Version(s):Apple Safari prior to 6.0 ABSTRACT: Multiple vulnerabilities were reported in Apple Safari. reference LINKS: The Vendor's Advisory Bugtraq ID: 54683 SecurityTracker Alert ID: 1027307 IMPACT ASSESSMENT:

238

U-241: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and  

Broader source: Energy.gov (indexed) [DOE]

41: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary 41: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information U-241: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information August 22, 2012 - 7:00am Addthis PROBLEM: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information PLATFORM: Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux operating systems Adobe Flash Player 11.1.115.11 and earlier versions for Android 4.x Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and 2.x Adobe AIR 3.3.0.3670 and earlier versions for Windows and Macintosh Adobe AIR 3.3.0.3690 SDK (includes AIR for iOS) and earlier versions Adobe AIR 3.3.0.3650 and earlier versions for Android ABSTRACT:

239

V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

20: Apple QuickTime Multiple Flaws Let Remote Users Execute 20: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code November 9, 2012 - 6:00am Addthis PROBLEM: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Versions prior to QuickTime 7.7.3 are vulnerable on Windows 7, Vista and XP. ABSTRACT: Multiple vulnerabilities were reported in Apple QuickTime. REFERENCE LINKS: Apple Security Article: HT5581 SecurityTracker Alert ID: 1027737 Bugtraq ID: 56438 Secunia Advisory SA51226 CVE-2011-1374 CVE-2012-3751 CVE-2012-3752 CVE-2012-3753 CVE-2012-3754 CVE-2012-3755 CVE-2012-3756 CVE-2012-3757 CVE-2012-3758 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Apple QuickTime, which can

240

T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

36: Cisco ASA Multiple Flaws Let Remote Users Deny Service and 36: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls January 18, 2011 - 2:30pm Addthis PROBLEM: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls. PLATFORM: Cisco 5500 Series Adaptive Security Appliances (ASA) ABSTRACT: Cisco ASA 5500 Series Adaptive Security Appliances are affected by multiple vulnerabilities. Affected versions of Cisco ASA Software vary depending on the specific vulnerability. Cisco ASA 5500 Series Adaptive Security Appliances may experience a TCP connection exhaustion condition (no new TCP connections are accepted) that can be triggered through the receipt of specific TCP segments during the

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


241

T-699: EMC AutoStart Buffer Overflows Let Remote Users Execute...  

Broader source: Energy.gov (indexed) [DOE]

EMC AutoStart Technical Info EMC Support Addthis Related Articles U-047: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code T-639:...

242

U-005: Apache mod_proxy Pattern Matching Bug Lets Remote Users...  

Broader source: Energy.gov (indexed) [DOE]

Impact: A remote user can access internal servers. Solution: The vendor has issued a patch for version 2.2.21 Apache 2.2.21 (released 2011-09-13) Addthis Related Articles U-046:...

243

V-140: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site...  

Broader source: Energy.gov (indexed) [DOE]

U-255: Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks U-121: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting...

244

V-203: HP LoadRunner Multiple Bugs Let Remote Users Deny Service...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

system. SOLUTION: The vendor has issued a fix(11.52) Addthis Related Articles V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code V-171: Apple Safari Bugs Let...

245

V-160: Wireshark Multiple Bugs Let Remote Users Deny Service | Department  

Broader source: Energy.gov (indexed) [DOE]

60: Wireshark Multiple Bugs Let Remote Users Deny Service 60: Wireshark Multiple Bugs Let Remote Users Deny Service V-160: Wireshark Multiple Bugs Let Remote Users Deny Service May 21, 2013 - 12:09am Addthis PROBLEM: Wireshark Multiple Bugs Let Remote Users Deny Service PLATFORM: Versions 1.8.0 to 1.8.6 ABSTRACT: Multiple vulnerabilities have been reported in Wireshark REFERENCE LINKS: Wireshark Docid: wnpa-sec-2013-23 Secunia Advisory SA53425 SecurityTracker Alert ID: 1028582 CVE-2013-2486 CVE-2013-2487 IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the RELOAD dissector (dissectors/packet-reload.c) can be exploited to trigger infinite loops and consume CPU resources via specially

246

T-568: Mozilla Firefox Bugs Let Remote Users Conduct Cross-Site Request  

Broader source: Energy.gov (indexed) [DOE]

68: Mozilla Firefox Bugs Let Remote Users Conduct Cross-Site 68: Mozilla Firefox Bugs Let Remote Users Conduct Cross-Site Request Forgery Attacks and Execute Arbitrary Code T-568: Mozilla Firefox Bugs Let Remote Users Conduct Cross-Site Request Forgery Attacks and Execute Arbitrary Code March 2, 2011 - 3:05pm Addthis PROBLEM: Mozilla Firefox Bugs Let Remote Users Conduct Cross-Site Request Forgery Attacks and Execute Arbitrary Code. PLATFORM: Firefox, Thunderbird, SeaMonkey ABSTRACT: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and Mozilla presume that with enough effort at least some of these could be exploited to run arbitrary code. reference LINKS:

247

U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic 259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code September 13, 2012 - 6:00am Addthis PROBLEM: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code PLATFORM: RSA BSAFE SSL-C prior to 2.8.6 ABSTRACT: RSA BSAFE SSL-C Multiple Vulnerabilities reference LINKS: Secunia Advisory SA50601 SecurityTracker Alert ID: 1027514 SecurityTracker Alert ID: 1027513 CVE-2011-3389 CVE-2012-2110 CVE-2012-2131 IMPACT ASSESSMENT: High Discussion: EMC has acknowledged a weakness and a vulnerability in RSA BSAFE, which can

248

U-167: OpenSSL Invalid TLS/DTLS Record Processing Lets Remote Users Deny  

Broader source: Energy.gov (indexed) [DOE]

7: OpenSSL Invalid TLS/DTLS Record Processing Lets Remote Users 7: OpenSSL Invalid TLS/DTLS Record Processing Lets Remote Users Deny Service U-167: OpenSSL Invalid TLS/DTLS Record Processing Lets Remote Users Deny Service May 11, 2012 - 7:00am Addthis PROBLEM: OpenSSL Invalid TLS/DTLS Record Processing Lets Remote Users Deny Service PLATFORM: Prior to versions 0.9.8x, 1.0.0j, 1.0.1c ABSTRACT: A vulnerability was reported in OpenSSL. A remote user can cause denial of service conditions. reference LINKS: SecurityTracker Alert ID: 1027057 CVE-2012-2333 OpenSSL Advisory IMPACT ASSESSMENT: High Discussion: A remote user can send specially crafted TLS/DTLS records to cause denial of service conditions. The CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS are affected, both clients and servers are affected. DTLS is affected in all versions of OpenSSL. TLS is affected in OpenSSL

249

T-636: Wireshark Multiple Flaws Let Remote Users Deny Service | Department  

Broader source: Energy.gov (indexed) [DOE]

T-636: Wireshark Multiple Flaws Let Remote Users Deny Service T-636: Wireshark Multiple Flaws Let Remote Users Deny Service T-636: Wireshark Multiple Flaws Let Remote Users Deny Service June 3, 2011 - 3:35pm Addthis PROBLEM: Wireshark Multiple Flaws Let Remote Users Deny Service PLATFORM: Wireshark Version(s): 1.2.0 to 1.2.16, 1.4.0 to 1.4.6 ABSTRACT: Multiple vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions. reference LINKS: wnpa-sec-2011-07 SecurityTracker Alert ID: 1025597 wnpa-sec-2011-08 IMPACT ASSESSMENT: High Discussion: A remote user can send specially crafted DICOM data, Visual Networks file, compressed capture data, snoop file, or Diameter dictionary file to cause the target service to crash or enter an infinite loop. Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.

250

U-111: IBM AIX ICMP Processing Flaw Lets Remote Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

11: IBM AIX ICMP Processing Flaw Lets Remote Users Deny Service 11: IBM AIX ICMP Processing Flaw Lets Remote Users Deny Service U-111: IBM AIX ICMP Processing Flaw Lets Remote Users Deny Service February 27, 2012 - 6:27am Addthis PROBLEM: A vulnerability was reported in IBM AIX. A remote user can cause denial of service conditions. PLATFORM: version(s): 5.3, 6.1, and 7.1 ABSTRACT: A remote user can send a specially crafted ICMP packet to cause the target service to crash. reference LINKS: Vendor Advisory Security Tracker ID 1026742 CVE-2011-1385 IMPACT ASSESSMENT: Medium Discussion: There is an error in the handling of a particular ICMP packet in which a remote user can cause a denial of service. Impact: Denial of service on AIX via network. Solution: The vendor has issued a fix. 5.3.12: APAR IV03369 6.1.5: APAR IV13672 6.1.6: APAR IV13554

251

U-074: Microsoft .NET Bugs Let Remote Users Execute Arbitrary...  

Broader source: Energy.gov (indexed) [DOE]

user can redirect users to arbitrary sites. Solution: The vendor has issued a fix. A patch matrix is available in the vendor's advisory. Microsoft Security Bulletin MS11-100...

252

V-034: RSA Adaptive Authentication (On-Premise) Input Validation Flaws  

Broader source: Energy.gov (indexed) [DOE]

4: RSA Adaptive Authentication (On-Premise) Input Validation 4: RSA Adaptive Authentication (On-Premise) Input Validation Flaws Permit Cross-Site Scripting Attacks V-034: RSA Adaptive Authentication (On-Premise) Input Validation Flaws Permit Cross-Site Scripting Attacks November 27, 2012 - 2:00am Addthis PROBLEM: RSA Adaptive Authentication (On-Premise) Input Validation Flaws Permit Cross-Site Scripting Attacks PLATFORM: RSA Adaptive Authentication (On-Premise) 6.x ABSTRACT: A vulnerability was reported in RSA Adaptive Authentication (On-Premise). REFERENCE LINKS: SecurityTracker Alert ID: 1027811 SecurityFocus Security Alert RSA Customer Support CVE-2012-4611 IMPACT ASSESSMENT: Medium DISCUSSION: A vulnerability was reported in RSA Adaptive Authentication (On-Premise). A remote user can conduct cross-site scripting attacks. The software does not

253

U-135: HP WBEM Discloses Diagnostic Data to Remote and Local Users |  

Broader source: Energy.gov (indexed) [DOE]

35: HP WBEM Discloses Diagnostic Data to Remote and Local Users 35: HP WBEM Discloses Diagnostic Data to Remote and Local Users U-135: HP WBEM Discloses Diagnostic Data to Remote and Local Users March 28, 2012 - 7:00am Addthis PROBLEM: HP WBEM Discloses Diagnostic Data to Remote and Local Users PLATFORM: HP-UX 11.11, 11.23, and 11.31 ABSTRACT: Two vulnerabilities were reported in HP WBEM. A remote or local user can gain access to diagnostic data. REFERENCE LINKS: SecurityTracker Alert ID: 1026849 CVE-2012-0125 CVE-2012-0126 iIMPACT ASSESSMENT Medium Discussion: A potential security vulnerability has been identified with certain HP-UX WBEM components. The vulnerability could be exploited remotely in HP-UX 11.11 and HP-UX 11.23 to gain unauthorized access to diagnostic data. The vulnerability could be exploited locally in HP-UX 11.31 to gain

254

U-135: HP WBEM Discloses Diagnostic Data to Remote and Local Users |  

Broader source: Energy.gov (indexed) [DOE]

5: HP WBEM Discloses Diagnostic Data to Remote and Local Users 5: HP WBEM Discloses Diagnostic Data to Remote and Local Users U-135: HP WBEM Discloses Diagnostic Data to Remote and Local Users March 28, 2012 - 7:00am Addthis PROBLEM: HP WBEM Discloses Diagnostic Data to Remote and Local Users PLATFORM: HP-UX 11.11, 11.23, and 11.31 ABSTRACT: Two vulnerabilities were reported in HP WBEM. A remote or local user can gain access to diagnostic data. REFERENCE LINKS: SecurityTracker Alert ID: 1026849 CVE-2012-0125 CVE-2012-0126 iIMPACT ASSESSMENT Medium Discussion: A potential security vulnerability has been identified with certain HP-UX WBEM components. The vulnerability could be exploited remotely in HP-UX 11.11 and HP-UX 11.23 to gain unauthorized access to diagnostic data. The vulnerability could be exploited locally in HP-UX 11.31 to gain

255

V-016: HP Performance Insight Bugs with Sybase Database Let Remote Users  

Broader source: Energy.gov (indexed) [DOE]

6: HP Performance Insight Bugs with Sybase Database Let Remote 6: HP Performance Insight Bugs with Sybase Database Let Remote Users Deny Service and Take Full Control of the Target System V-016: HP Performance Insight Bugs with Sybase Database Let Remote Users Deny Service and Take Full Control of the Target System November 5, 2012 - 6:00am Addthis PROBLEM: HP Performance Insight Bugs with Sybase Database Let Remote Users Deny Service and Take Full Control of the Target System PLATFORM: HP Performance Insight v5.31, v5.40 and v5.41 running on HP-UX, Solaris, Linux, and Windows and using Sybase as the database ABSTRACT: Two vulnerabilities were reported in HP Performance Insight. REFERENCE LINKS: HP Support Document ID: c03555488 SecurityTracker Alert ID: 1027719 CVE-2012-3269 CVE-2012-3270 IMPACT ASSESSMENT: High DISCUSSION:

256

V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

5: Cisco Mobility Services Engine Configuration Error Lets 5: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously September 5, 2013 - 12:33am Addthis PROBLEM: A vulnerability was reported in Cisco Mobility Services Engine. A remote user can login anonymously. PLATFORM: Cisco Mobility Services Engine ABSTRACT: A vulnerability in Cisco Mobility Services Engine could allow an unauthenticated, remote attacker to connect to a database replication port anonymously via Secure Sockets Layer (SSL). REFERENCE LINKS: SecurityTracker Alert ID: 1028972 CVE-2013-3469 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is due to the misconfiguration of the Oracle SSL service. An attacker could exploit this vulnerability by connecting to an

257

Weakness of two ID-based remote mutual authentication with key agreement protocols for mobile devices  

E-Print Network [OSTI]

to achieve explicit key confirmation. We also point out Wu's scheme decreases efficiency by using the double by the traditional public-key cryptography (Rivest et al., 1978; ElGama, l985). The computation ability and battery the number of users is increased, KAC needs a large storage space to store users' public keys

258

CAH and Shared Services Transition Plan CAH will move seven servers that provide daily operational services such as user authentication and access, central file  

E-Print Network [OSTI]

CAH and Shared Services Transition Plan CAH will move seven servers that provide daily operational the university's NET domain. Domains provide user authentication, access, and management to resources divide the transition plan, and each phase has goals and a deadline. The overall goal is to continue

Wu, Shin-Tson

259

T-579: BlackBerry Device Software Bug in WebKit Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

9: BlackBerry Device Software Bug in WebKit Lets Remote Users 9: BlackBerry Device Software Bug in WebKit Lets Remote Users Execute Code T-579: BlackBerry Device Software Bug in WebKit Lets Remote Users Execute Code March 15, 2011 - 5:05pm Addthis PROBLEM: A vulnerability was reported in BlackBerry Device Software. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: BlackBerry Device Software version 6.0 and later. ABSTRACT: BlackBerry Device Software Bug in WebKit Lets Remote Users Execute Code. reference LINKS: BlackBerry Advisory: KB26132 CVE-2011-1290 BlackBerry Security Note BlackBerry Device Storage IMPACT ASSESSMENT: Moderate Discussion: A vulnerability exists in the open source WebKit browser engine provided in BlackBerry Device Software version 6.0 and later. The issue could result in

260

U-205: RSA Access Manager Session Replay Flaw Lets Remote Users Access the  

Broader source: Energy.gov (indexed) [DOE]

5: RSA Access Manager Session Replay Flaw Lets Remote Users 5: RSA Access Manager Session Replay Flaw Lets Remote Users Access the System U-205: RSA Access Manager Session Replay Flaw Lets Remote Users Access the System July 5, 2012 - 7:02am Addthis PROBLEM: RSA Access Manager Session Replay Flaw Lets Remote Users Access the System PLATFORM: Version(s): Server version 6.0.x, 6.1, 6.1 SP1, 6.1 SP2, 6.1 SP3; all Agent versions ABSTRACT: A vulnerability was reported in RSA Access Manager. A remote user can gain access to the target system. reference LINKS: SecurityFocus ESA-2012-026 SecurityTracker Alert ID: 1027220 CVE-2012-2281 RSA SecurCare Online MPACT ASSESSMENT: Medium Discussion: RSA Access Manager contains a vulnerability that can be potentially exploited by a malicious user to replay the session with compromised session tokens. This is due to improper invalidation of session tokens

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


261

U-205: RSA Access Manager Session Replay Flaw Lets Remote Users Access the  

Broader source: Energy.gov (indexed) [DOE]

205: RSA Access Manager Session Replay Flaw Lets Remote Users 205: RSA Access Manager Session Replay Flaw Lets Remote Users Access the System U-205: RSA Access Manager Session Replay Flaw Lets Remote Users Access the System July 5, 2012 - 7:02am Addthis PROBLEM: RSA Access Manager Session Replay Flaw Lets Remote Users Access the System PLATFORM: Version(s): Server version 6.0.x, 6.1, 6.1 SP1, 6.1 SP2, 6.1 SP3; all Agent versions ABSTRACT: A vulnerability was reported in RSA Access Manager. A remote user can gain access to the target system. reference LINKS: SecurityFocus ESA-2012-026 SecurityTracker Alert ID: 1027220 CVE-2012-2281 RSA SecurCare Online MPACT ASSESSMENT: Medium Discussion: RSA Access Manager contains a vulnerability that can be potentially exploited by a malicious user to replay the session with compromised session tokens. This is due to improper invalidation of session tokens

262

T-718:Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

8:Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute 8:Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code T-718:Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code September 15, 2011 - 8:45am Addthis PROBLEM: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code. PLATFORM: Adobe Reader X (10.1) and earlier 10.x versions for Windows and Macintosh Adobe Reader 9.4.5 and earlier 9.x versions for Windows, Macintosh and UNIX Adobe Reader 8.3 and earlier 8.x versions for Windows and Macintosh Adobe Acrobat X (10.1) and earlier 10.x versions for Windows and Macintosh Adobe Acrobat 9.4.5 and earlier 9.x versions for Windows and Macintosh Adobe Acrobat 8.3 and earlier 8.x versions for Windows and Macintosh ABSTRACT: A remote user can create a file that, when loaded by the target user, will

263

U-233: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote...  

Energy Savers [EERE]

11.2.0.2 and 11.2.0.3 are not affected on systems that have the July 2012 Critical Patch Update. Impact: A remote authenticated user with 'Create Table' privileges can gain...

264

T-617: BIND RPZ Processing Flaw Lets Remote Users Deny Service | Department  

Broader source: Energy.gov (indexed) [DOE]

7: BIND RPZ Processing Flaw Lets Remote Users Deny Service 7: BIND RPZ Processing Flaw Lets Remote Users Deny Service T-617: BIND RPZ Processing Flaw Lets Remote Users Deny Service May 6, 2011 - 7:00am Addthis PROBLEM: A vulnerability has been reported in BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: ISC BIND version 9.8.0. ABSTRACT: When a name server is configured with a response policy zone (RPZ), queries for type RRSIG can trigger a server crash. REFERENCE LINKS: ISC Advisory: CVE-2011-1907 Secunia Advisory: SA44416 Vulnerability Report: ISC BIND CVE-2011-1907 SecurityTracker Alert ID: 1025503 IMPACT ASSESSMENT: High Discussion: This advisory only affects BIND users who are using the RPZ feature configured for RRset replacement. BIND 9.8.0 introduced Response Policy Zones (RPZ), a mechanism for modifying DNS responses returned by a

265

Multi-factor authentication  

DOE Patents [OSTI]

Detection and deterrence of spoofing of user authentication may be achieved by including a cryptographic fingerprint unit within a hardware device for authenticating a user of the hardware device. The cryptographic fingerprint unit includes an internal physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generates a PUF value. Combining logic is coupled to receive the PUF value, combines the PUF value with one or more other authentication factors to generate a multi-factor authentication value. A key generator is coupled to generate a private key and a public key based on the multi-factor authentication value while a decryptor is coupled to receive an authentication challenge posed to the hardware device and encrypted with the public key and coupled to output a response to the authentication challenge decrypted with the private key.

Hamlet, Jason R; Pierson, Lyndon G

2014-10-21T23:59:59.000Z

266

U-260: ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

0: ISC BIND RDATA Processing Flaw Lets Remote Users Deny 0: ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service U-260: ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service September 14, 2012 - 6:00am Addthis PROBLEM: ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service PLATFORM: Version(s): 9.0.x -> 9.6.x, 9.4-ESV->9.4-ESV-R5-P1, 9.6-ESV->9.6-ESV-R7-P2, 9.7.0->9.7.6-P2, 9.8.0->9.8.3-P2, 9.9.0->9.9.1-P2 ABSTRACT: A vulnerability was reported in ISC BIND. reference LINKS: The vendor's advisory SecurityTracker Alert ID: 1027529 Bugtraq ID: 55522 Red Hat Bugzilla - Bug 856754 CVE-2012-4244 IMPACT ASSESSMENT: High Discussion: A remote user can send a query for a record that has RDATA in excess of 65535 bytes to cause named to exit. This can be exploited against recursive servers by causing the server to query for records provided by an

267

U-085: OpenSSL DTLS Bug Lets Remote Users Deny Service | Department of  

Broader source: Energy.gov (indexed) [DOE]

5: OpenSSL DTLS Bug Lets Remote Users Deny Service 5: OpenSSL DTLS Bug Lets Remote Users Deny Service U-085: OpenSSL DTLS Bug Lets Remote Users Deny Service January 20, 2012 - 9:15am Addthis PROBLEM: OpenSSL DTLS Bug Lets Remote Users Deny Service PLATFORM: Only DTLS applications using OpenSSL 1.0.0f and 0.9.8s are affected. ABSTRACT: A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack. REFERNCE LINKS: CVE-2012-0050 SecurityTracker Alert ID: 1026548 OpenSSL Security Advisory [18 Jan 2011] OpenSSL News IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in OpenSSL. The fix to correct the Datagram Transport Layer Security (DTLS) vulnerability referenced by CVE-2011-4108 introduced a flaw. A remote user can send specially crafted data to cause denial of service conditions on the target system.

268

U-007: IBM Rational AppScan Import/Load Function Flaws Let Remote Users  

Broader source: Energy.gov (indexed) [DOE]

7: IBM Rational AppScan Import/Load Function Flaws Let Remote 7: IBM Rational AppScan Import/Load Function Flaws Let Remote Users Execute Arbitrary Code U-007: IBM Rational AppScan Import/Load Function Flaws Let Remote Users Execute Arbitrary Code October 10, 2011 - 9:15am Addthis PROBLEM: IBM Rational AppScan Import/Load Function Flaws Let Remote Users Execute Arbitrary Code. PLATFORM: Version(s): 7.8, 7.8.0.1, 7.8.0.2, 7.9, 7.9.0.1, 7.9.0.2, 7.9.0.3, 8.0, 8.0.0.1, 8.0.0.2 ABSTRACT: Two vulnerabilities were reported in IBM Rational AppScan. A remote user can cause arbitrary code to be executed on the target user's system. reference LINKS: IBM Security Advisory Document ID: 1515110 IBM Fix Pack Document ID: 4030774 SecurityTracker Alert ID: 1026154 IMPACT ASSESSMENT: High Discussion: A high risk security vulnerability in the "Import functionality" of IBM

269

V-035: Google Chrome Multiple Flaws Let Remote Users Execute...  

Broader source: Energy.gov (indexed) [DOE]

of the target user. An out-of-bounds read may occur in Skia CVE-2012-5130. A memory corruption error may occur in the Apple OSX driver for Intel GPUs CVE-2012-5131. A...

270

V-029: Mozilla Firefox Multiple Bugs Let Remote Users Execute...  

Broader source: Energy.gov (indexed) [DOE]

that, when loaded by the target user, will trigger a buffer overflow, use-after-free memory error, or memory corruption error and execute arbitrary code on the target system. The...

271

U-262: Microsoft Internet Explorer Flaw Lets Remote Users Execute...  

Broader source: Energy.gov (indexed) [DOE]

can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run...

272

Instructions for using HSPD-12 Authenticated Outlook Web Access...  

Energy Savers [EERE]

Instructions for using HSPD-12 Authenticated Outlook Web Access (OWA) Instructions for using HSPD-12 Authenticated Outlook Web Access (OWA) Provides instructions for remote Outlook...

273

T-662: ISC BIND Packet Processing Flaw Lets Remote Users Deny Service |  

Broader source: Energy.gov (indexed) [DOE]

2: ISC BIND Packet Processing Flaw Lets Remote Users Deny 2: ISC BIND Packet Processing Flaw Lets Remote Users Deny Service T-662: ISC BIND Packet Processing Flaw Lets Remote Users Deny Service July 6, 2011 - 7:47am Addthis PROBLEM: A vulnerability was reported in ISC BIND. A remote user can cause denial of service conditions. PLATFORM: 9.6.3, 9.6-ESV-R4, 9.6-ESV-R4-P1, 9.6-ESV-R5b1 9.7.0, 9.7.0-P1, 9.7.0-P2, 9.7.1, 9.7.1-P1, 9.7.1-P2, 9.7.2, 9.7.2-P1, 9.7.2-P2, 9.7.2-P3, 9.7.3, 9.7.3-P1, 9.7.3-P2, 9.7.4b1 9.8.0, 9.8.0-P1, 9.8.0-P2, 9.8.0-P3, 9.8.1b1 ABSTRACT: A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers. The code location of the defect makes it impossible to protect BIND using ACLs configured

274

T-633: BIND RRSIG RRsets Negative Caching Off-by-one Bug Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

3: BIND RRSIG RRsets Negative Caching Off-by-one Bug Lets 3: BIND RRSIG RRsets Negative Caching Off-by-one Bug Lets Remote Users Deny Service T-633: BIND RRSIG RRsets Negative Caching Off-by-one Bug Lets Remote Users Deny Service May 31, 2011 - 3:35pm Addthis PROBLEM: A vulnerability was reported in BIND. A remote user can cause denial of service conditions. PLATFORM: BIND Version(s): 9.4-ESV-R3 and later, 9.6-ESV-R2 and later, 9.6.3, 9.7.1 and later, 9.8.0 and later; prior to 9.4-ESV-R4-P1, 9.6-ESV-R4-P1, 9.7.3-P1, 9.8.0-P2 ABSTRACT: A remote DNS server can supply very large RRSIG RRsets in a negative response to trigger an off-by-one error in a buffer size check and cause the target requesting named process to crash. A remote user can cause named to crash. reference LINKS: SecurityTracker Alert ID: 1025575 SecurityTracker Alert ID: 1025572

275

V-210: HP LaserJet Pro Printer Bug Lets Remote Users Access Data |  

Broader source: Energy.gov (indexed) [DOE]

V-210: HP LaserJet Pro Printer Bug Lets Remote Users Access Data V-210: HP LaserJet Pro Printer Bug Lets Remote Users Access Data V-210: HP LaserJet Pro Printer Bug Lets Remote Users Access Data August 3, 2013 - 2:37am Addthis PROBLEM: A vulnerability was reported in HP Printers. A remote user can obtain potentially sensitive information. PLATFORM: HP LaserJet Pro products ABSTRACT: A potential security vulnerability has been identified with certain HP LaserJet Pro printers. The vulnerability could be exploited remotely to gain unauthorized access to data. REFERENCE LINKS: SecurityTracker Alert ID 1028869 CVE-2013-4807 Vendor URL IMPACT ASSESSMENT: Medium DISCUSSION: The following models are affected: HP LaserJet Pro P1102w CE657A/CE658A HP LaserJet Pro P1606dn CE749A HP LaserJet Pro M1212nf MFP CE841A HP LaserJet Pro M1213nf MFP CE845A

276

V-164: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

4: Apple QuickTime Multiple Flaws Let Remote Users Execute 4: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code V-164: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code May 27, 2013 - 12:23am Addthis PROBLEM: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Apple QuickTime prior to 7.7.4. ABSTRACT: Apple QuickTime Multiple Vulnerabilities REFERENCE LINKS: Apple Article: HT5770 SecurityTracker Alert ID: 1028589 Secunia Advisory SA53520 CVE-2013-0986, CVE-2013-0987, CVE-2013-0988 CVE-2013-0989, CVE-2013-1015, CVE-2013-1016 CVE-2013-1017, CVE-2013-1018, CVE-2013-1019 CVE-2013-1020, CVE-2013-1021, CVE-2013-1022 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.

277

V-077: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication...  

Broader source: Energy.gov (indexed) [DOE]

property (via 'setSysProp.jsp') to bypass access restrictions and gain access to the API functionality. This can be exploited to download configuration files, download database...

278

U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication...  

Broader source: Energy.gov (indexed) [DOE]

7.0.0 and 7.0.1 (MEG 6.7.x is NOT affected.) McAfee Email and Web Security (EWS) 5.6 Patch 3 and earlier McAfee Email and Web Security (EWS) 5.5 Patch 6 and earlier ABSTRACT:...

279

T-690: Check Point Endpoint Security On-Demand Client Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

0: Check Point Endpoint Security On-Demand Client Lets Remote 0: Check Point Endpoint Security On-Demand Client Lets Remote Users Execute Arbitrary Code T-690: Check Point Endpoint Security On-Demand Client Lets Remote Users Execute Arbitrary Code August 10, 2011 - 8:45am Addthis PROBLEM: Due to quality issues within the software, an attacker is able to access insecure methods from the "trustworthy" Java applet or ActiveX control and exploit those features to compromise all client systems that trust the correctly signed Java applet or ActiveX control (e.g. all users that need to use this software for accessing internal systems over company VPN). PLATFORM: Multiple products:- R65.70 - R70.40 - R71.30 - R75 - Connectra R66.1 - Connectra R66.1n - VSX R65.20 - VSX R67 ABSTRACT: Check Point Endpoint Security On-Demand Client Lets Remote Users Execute

280

V-029: Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary  

Broader source: Energy.gov (indexed) [DOE]

29: Mozilla Firefox Multiple Bugs Let Remote Users Execute 29: Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks V-029: Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks November 21, 2012 - 2:00am Addthis PROBLEM: Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks PLATFORM: Version(s): prior to 17.0 ABSTRACT: Multiple vulnerabilities were reported in Mozilla Firefox REFERENCE LINKS: Mozilla Foundation Security Advisories Bugtraq ID: 55260 SecurityTracker Alert ID: 1027791 CVE-2012-4201, CVE-2012-4202, CVE-2012-4203, CVE-2012-4204, CVE-2012-4205, CVE-2012-4206, CVE-2012-4207,CVE-2012-4208, CVE-2012-4209, CVE-2012-4210, CVE-2012-4212, CVE-2012-4213, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216,

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


281

V-144: HP Printers Let Remote Users Access Files on the Printer |  

Broader source: Energy.gov (indexed) [DOE]

4: HP Printers Let Remote Users Access Files on the Printer 4: HP Printers Let Remote Users Access Files on the Printer V-144: HP Printers Let Remote Users Access Files on the Printer April 29, 2013 - 12:27am Addthis PROBLEM: HP Printers Let Remote Users Access Files on the Printer PLATFORM: HP Color LaserJet 3000 Q7534A HP Color LaserJet 3800 Q5981A HP Color LaserJet 4700 Q7492A HP Color LaserJet 4730 Multifunction Printer CB480A HP Color LaserJet 4730 Multifunction Printer CB480A HP Color LaserJet 5550 Q3714A HP Color LaserJet 9500 Multifunction Printer C8549A HP Color LaserJet CM6030 Multifunction Printer CE664A HP Color LaserJet CM6040 Multifunction Printer Q3939A HP Color LaserJet CP3505 CB442A HP Color LaserJet CP3525 CC469A HP Color LaserJet CP4005 CB503A HP Color LaserJet CP6015 Q3932A HP Color LaserJet Enterprise CP4025 CC490A

282

V-165: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

65: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote 65: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server V-165: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server May 28, 2013 - 12:46am Addthis PROBLEM: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server PLATFORM: Cisco WebEx for iOS 4.1, Other versions may also be affected. ABSTRACT: A vulnerability was reported in Cisco WebEx for iOS. REFERENCE LINKS: Cisco SecurityTracker Alert ID: 1028592 Secunia Advisory SA51412 CVE-2012-6399 IMPACT ASSESSMENT: Medium DISCUSSION: A security issue in Cisco WebEx for iOS can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due to the application not properly verifying the server SSL certificate. This can be exploited to e.g. spoof the server

283

U-081: McAfee SaaS 'myCIOScn.dll' ActiveX Control Lets Remote Users Execute  

Broader source: Energy.gov (indexed) [DOE]

1: McAfee SaaS 'myCIOScn.dll' ActiveX Control Lets Remote Users 1: McAfee SaaS 'myCIOScn.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code U-081: McAfee SaaS 'myCIOScn.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code January 13, 2012 - 9:15am Addthis PROBLEM: McAfee SaaS 'myCIOScn.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code PLATFORM: McAfee ABSTRACT: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: SecurityTracker Alert ID: 1026513 Zero Day Initiative ZDI-12-012 McAfee Threat Intelligence IMPACT ASSESSMENT: High Discussion: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service. User interaction is required to exploit this vulnerability in that the target must visit a

284

U-029: TCP/IP Services for OpenVMS POP/IMAP Service Bug Lets Remote Users  

Broader source: Energy.gov (indexed) [DOE]

29: TCP/IP Services for OpenVMS POP/IMAP Service Bug Lets Remote 29: TCP/IP Services for OpenVMS POP/IMAP Service Bug Lets Remote Users Gain Unauthorized Access U-029: TCP/IP Services for OpenVMS POP/IMAP Service Bug Lets Remote Users Gain Unauthorized Access November 8, 2011 - 8:00am Addthis PROBLEM: TCP/IP Services for OpenVMS POP/IMAP Service Bug Lets Remote Users Gain Unauthorized Access. PLATFORM: HP TCP/IP Services for OpenVMS v5.6 and v5.7 on iTanium and ALPHA Servers. ABSTRACT: A remote user can gain unauthorized access reference LINKS: HP Support document ID: c01908983 SecurityTracker Alert ID: 1026279 CVE-2011-3168 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in TCP/IP Services for OpenVMS. A remote user can gain unauthorized access. On systems running POP or IMAP servers, a remote user can gain unauthorized access.

285

Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications  

E-Print Network [OSTI]

Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications Michael web applications. Authentication attacks occur when a web application authenticates users unsafely, granting access to web clients that lack the ap- propriate credentials. Access control attacks occur when

Sabatini, David M.

286

U-265: HP SiteScope Bugs in SiteScope SOAP Feature Let Remote Users Obtain  

Broader source: Energy.gov (indexed) [DOE]

5: HP SiteScope Bugs in SiteScope SOAP Feature Let Remote Users 5: HP SiteScope Bugs in SiteScope SOAP Feature Let Remote Users Obtain Information and Execute Arbitrary Code U-265: HP SiteScope Bugs in SiteScope SOAP Feature Let Remote Users Obtain Information and Execute Arbitrary Code September 21, 2012 - 6:00am Addthis PROBLEM: HP SiteScope Bugs in SiteScope SOAP Feature Let Remote Users Obtain Information and Execute Arbitrary Code PLATFORM: HP SiteScope v11.10, v11.11, v11.12 for Windows, Linux and Solaris ABSTRACT: A vulnerability was reported in HP SiteScope. reference LINKS: HP Security Bulletin Document ID: c03489683 SecurityTracker Alert ID: 1027547 CVE-2012-3259 CVE-2012-3260 CVE-2012-3261 CVE-2012-3262 CVE-2012-3263 CVE-2012-3264 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP SiteScope. A remote user can execute

287

U-265: HP SiteScope Bugs in SiteScope SOAP Feature Let Remote Users Obtain  

Broader source: Energy.gov (indexed) [DOE]

5: HP SiteScope Bugs in SiteScope SOAP Feature Let Remote Users 5: HP SiteScope Bugs in SiteScope SOAP Feature Let Remote Users Obtain Information and Execute Arbitrary Code U-265: HP SiteScope Bugs in SiteScope SOAP Feature Let Remote Users Obtain Information and Execute Arbitrary Code September 21, 2012 - 6:00am Addthis PROBLEM: HP SiteScope Bugs in SiteScope SOAP Feature Let Remote Users Obtain Information and Execute Arbitrary Code PLATFORM: HP SiteScope v11.10, v11.11, v11.12 for Windows, Linux and Solaris ABSTRACT: A vulnerability was reported in HP SiteScope. reference LINKS: HP Security Bulletin Document ID: c03489683 SecurityTracker Alert ID: 1027547 CVE-2012-3259 CVE-2012-3260 CVE-2012-3261 CVE-2012-3262 CVE-2012-3263 CVE-2012-3264 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in HP SiteScope. A remote user can execute

288

Obfuscated authentication systems, devices, and methods  

DOE Patents [OSTI]

Embodiments of the present invention are directed toward authentication systems, devices, and methods. Obfuscated executable instructions may encode an authentication procedure and protect an authentication key. The obfuscated executable instructions may require communication with a remote certifying authority for operation. In this manner, security may be controlled by the certifying authority without regard to the security of the electronic device running the obfuscated executable instructions.

Armstrong, Robert C; Hutchinson, Robert L

2013-10-22T23:59:59.000Z

289

A generic mechanism for efficient authentication in B3G networks  

Science Journals Connector (OSTI)

A user in Beyond 3rd Generation (B3G) networks in order to get access to the network services must perform a multi-pass authentication procedure, which includes two or three sequential authentications steps. These multiple authentication steps include ... Keywords: Authentication performance, B3G networks, B3G security, Multi-pass authentication, Security binding

Christoforos Ntantogian, Christos Xenakis, Ioannis Stavrakakis

2010-06-01T23:59:59.000Z

290

The effectiveness of an indirect control message in decreasing the depreciative behavior of remote camping location users  

E-Print Network [OSTI]

of human waste on ground surface. According to Cole and Dalle-Molle (1982) the most significant problems include: 1) proliferation of fire sites, 2) the creation of elaborate fire rings, 3) litter, and 4) chopped trees and downed logs. These impacts... when the users first arrived at the site, and an impact data sheet, on which the impacts (e. g. , litter) left behind were quantified (e. g. , weighed). A total of 119 observations were completed. Results showed that the remote camping location users...

Barget, Robert George

2012-06-07T23:59:59.000Z

291

U-201: HP System Management Homepage Bugs Let Remote Users Deny Service  

Broader source: Energy.gov [DOE]

The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code.

292

PAAS: A Privacy-Preserving Attribute-based Authentication System for eHealth Networks  

E-Print Network [OSTI]

PAAS: A Privacy-Preserving Attribute-based Authentication System for eHealth Networks Linke Guo PAAS which leverages users' verifiable attributes to authenticate users in eHealth systems while

Latchman, Haniph A.

293

Remote administration and user experience evaluation of the iLab Heat Transfer Project site  

E-Print Network [OSTI]

The iLab Heat Transfer Project provides a means for students to remotely execute, via a web interface, experiments related to the topic of heat transfer. The website associated with this project provides instructors with ...

Graham, Rodney K

2006-01-01T23:59:59.000Z

294

V-066: Adobe Acrobat/Reader Multiple Flaws Lets Remote Users...  

Broader source: Energy.gov (indexed) [DOE]

and compromise a user's system. 1) An unspecified error can be exploited to corrupt memory. 2) Some unspecified errors can be exploited to corrupt memory. 3) Another unspecified...

295

Ch.3 User Authentication Textbook?  

E-Print Network [OSTI]

· account lockout mechanisms · policies against using common passwords but rather hard to guess passwords

Dong, Yingfei

296

U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially...  

Energy Savers [EERE]

and enhancement update U-068:Linux Kernel SGIO ioctl Bug Lets Local Users Gain Elevated Privileges T-712: Red Hat Enterprise MRG Grid 2.0 security, bug fix and enhancement update...

297

U-140: HP-UX Unspecified Flaw in DCE Lets Remote Users Execute...  

Broader source: Energy.gov (indexed) [DOE]

code via network, User access via network Solution: The vendor has issued a fix. The patch is available at HP support Center Addthis Related Articles U-137: HP Performance...

298

U-095: HP Data Protector Media Operations Lets Remote Users Execute...  

Broader source: Energy.gov (indexed) [DOE]

of arbitrary code via network, User access via network Solution: Hp has provided a patch (SMO A.06.20.01) to resolve this vulnerability. Addthis Related Articles T-538: HP...

299

U-241: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary...  

Broader source: Energy.gov (indexed) [DOE]

create specially crafted content that, when loaded by the target user, will trigger a memory corruption error CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166 or...

300

V-171: Apple Safari Bugs Let Remote Users Execute Arbitrary Code...  

Broader source: Energy.gov (indexed) [DOE]

can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system CVE-2013-1009,...

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


301

T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability |  

Broader source: Energy.gov (indexed) [DOE]

0:Samba SWAT 'user' Field Cross Site Scripting Vulnerability 0:Samba SWAT 'user' Field Cross Site Scripting Vulnerability T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability August 1, 2011 - 2:10pm Addthis PROBLEM: Samba SWAT 'user' Field Cross Site Scripting Vulnerability PLATFORM: All Linux ABSTRACT: It was found that the 'Change Password' page / screen of the Samba Web Administration Tool did not properly sanitize content of the user-provided "user" field, prior printing it back to the page content. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could allow the attacker to conduct cross-site scripting attacks (execute arbitrary HTML or script code). reference LINKS: SecurityFocus - Bugtraq ID: 48901 Secunia CVE Reference: CVE-2011-2694

302

T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability |  

Broader source: Energy.gov (indexed) [DOE]

80:Samba SWAT 'user' Field Cross Site Scripting Vulnerability 80:Samba SWAT 'user' Field Cross Site Scripting Vulnerability T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability August 1, 2011 - 2:10pm Addthis PROBLEM: Samba SWAT 'user' Field Cross Site Scripting Vulnerability PLATFORM: All Linux ABSTRACT: It was found that the 'Change Password' page / screen of the Samba Web Administration Tool did not properly sanitize content of the user-provided "user" field, prior printing it back to the page content. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could allow the attacker to conduct cross-site scripting attacks (execute arbitrary HTML or script code). reference LINKS: SecurityFocus - Bugtraq ID: 48901 Secunia CVE Reference: CVE-2011-2694

303

U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote  

Broader source: Energy.gov (indexed) [DOE]

6: HP StorageWorks File Migration Agent Buffer Overflows Let 6: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code July 19, 2012 - 7:14am Addthis PROBLEM: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code PLATFORM: HP StorageWorks File Migration Agent ABSTRACT: Two vulnerabilities were reported in HP StorageWorks File Migration Agent. reference LINKS: SecurityTracker Alert ID: 1027281 ZDI-12-127 ZDI-12-126 IMPACT ASSESSMENT: High Discussion: The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability. 1. (ZDI-12-127) The specific flaw exists within the HsmCfgSvc.exe service

304

U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote  

Broader source: Energy.gov (indexed) [DOE]

U-216: HP StorageWorks File Migration Agent Buffer Overflows Let U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code July 19, 2012 - 7:14am Addthis PROBLEM: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code PLATFORM: HP StorageWorks File Migration Agent ABSTRACT: Two vulnerabilities were reported in HP StorageWorks File Migration Agent. reference LINKS: SecurityTracker Alert ID: 1027281 ZDI-12-127 ZDI-12-126 IMPACT ASSESSMENT: High Discussion: The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability.

305

Two-Factor Authentication  

Broader source: Energy.gov [DOE]

Two-Factor Authentication (2FA) is a system wherein two different methods are used to authenticate an individual. 2FA is based on something you know (a secret PIN) and something you have (an...

306

V-174: RSA Authentication Manager Writes Operating System, SNMP...  

Broader source: Energy.gov (indexed) [DOE]

SNMP, and HTTP plug-in proxy passwords. SOLUTION: The vendor has issued a fix (8.0 Patch 1 (P1)). Addthis Related Articles V-195: RSA Authentication Manager Lets Local Users...

307

Method and system for normalizing biometric variations to authenticate users from a public database and that ensures individual biometric data privacy  

DOE Patents [OSTI]

A password system comprises a set of codewords spaced apart from one another by a Hamming distance (HD) that exceeds twice the variability that can be projected for a series of biometric measurements for a particular individual and that is less than the HD that can be encountered between two individuals. To enroll an individual, a biometric measurement is taken and exclusive-ORed with a random codeword to produce a "reference value." To verify the individual later, a biometric measurement is taken and exclusive-ORed with the reference value to reproduce the original random codeword or its approximation. If the reproduced value is not a codeword, the nearest codeword to it is found, and the bits that were corrected to produce the codeword to it is found, and the bits that were corrected to produce the codeword are also toggled in the biometric measurement taken and the codeword generated during enrollment. The correction scheme can be implemented by any conventional error correction code such as Reed-Muller code R(m,n). In the implementation using a hand geometry device an R(2,5) code has been used in this invention. Such codeword and biometric measurement can then be used to see if the individual is an authorized user. Conventional Diffie-Hellman public key encryption schemes and hashing procedures can then be used to secure the communications lines carrying the biometric information and to secure the database of authorized users.

Strait, Robert S. (Oakland, CA); Pearson, Peter K. (Livermore, CA); Sengupta, Sailes K. (Livermore, CA)

2000-01-01T23:59:59.000Z

308

Authentication ofAuthentication ofAuthentication ofAuthentication of Degree Certificates Application Form Name in Full  

E-Print Network [OSTI]

Authentication ofAuthentication ofAuthentication ofAuthentication of Degree Certificates Application Form Name in Full Name in Full as Registered at King's Date of Birth Student ID number (IE degree certificate copies for authentication to: PLEASE REMEMBER TO INCLUDE COPIES OF YOUR CERTIFICATE(S

Applebaum, David

309

T-541: Citrix Provisioning Services Unspecified Flaw Let's Remote...  

Broader source: Energy.gov (indexed) [DOE]

Citrix Provisioning Services Unspecified Flaw Let's Remote Users Execute Arbitrary Code T-541: Citrix Provisioning Services Unspecified Flaw Let's Remote Users Execute Arbitrary...

310

V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote...  

Broader source: Energy.gov (indexed) [DOE]

6: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code June...

311

2011 Raj JainCSE571SWashington University in St. Louis Authentication, Authorization,Authentication, Authorization,  

E-Print Network [OSTI]

23-1 ©2011 Raj JainCSE571SWashington University in St. Louis Authentication, Authorization://www.cse.wustl.edu/~jain/cse571-11/ #12;23-2 ©2011 Raj JainCSE571SWashington University in St. Louis OverviewOverview RADIUS 802.1X #12;23-3 ©2011 Raj JainCSE571SWashington University in St. Louis RADIUSRADIUS Remote

Jain, Raj

312

Authentication of quantum messages.  

SciTech Connect (OSTI)

Authentication is a well-studied area of classical cryptography: a sender A and a receiver B sharing a classical private key want to exchange a classical message with the guarantee that the message has not been modified or replaced by a dishonest party with control of the communication line. In this paper we study the authentication of messages composed of quantum states. We give a formal definition of authentication in the quantum setting. Assuming A and B have access to an insecure quantum channel and share a private, classical random key, we provide a non-interactive scheme that both enables A to encrypt and authenticate (with unconditional security) an m qubit message by encoding it into m + s qubits, where the probability decreases exponentially in the security parameter s. The scheme requires a private key of size 2m + O(s). To achieve this, we give a highly efficient protocol for testing the purity of shared EPR pairs. It has long been known that learning information about a general quantum state will necessarily disturb it. We refine this result to show that such a disturbance can be done with few side effects, allowing it to circumvent cryptographic protections. Consequently, any scheme to authenticate quantum messages must also encrypt them. In contrast, no such constraint exists classically: authentication and encryption are independent tasks, and one can authenticate a message while leaving it publicly readable. This reasoning has two important consequences: On one hand, it allows us to give a lower bound of 2m key bits for authenticating m qubits, which makes our protocol asymptotically optimal. On the other hand, we use it to show that digitally signing quantum states is impossible, even with only computational security.

Barnum, Howard; Crpeau, Jean-Claude; Gottesman, D. (Daniel); Smith, A. (Adam); Tapp, Alan

2001-01-01T23:59:59.000Z

313

U-212: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame  

Broader source: Energy.gov (indexed) [DOE]

2: RSA Authentication Manager Flaws Permit Cross-Site and 2: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame Scripting and URL Redirection Attacks U-212: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame Scripting and URL Redirection Attacks July 13, 2012 - 7:00am Addthis PROBLEM: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame Scripting and URL Redirection Attacks PLATFORM: RSA Authentication Manager 7.1 is vulnerable; other versions may also be affected. ABSTRACT: RSA Authentication Manager is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible.

314

PAKE-based mutual HTTP authentication for preventing phishing attacks  

E-Print Network [OSTI]

This paper describes a new password-based mutual authentication protocol for Web systems which prevents various kinds of phishing attacks. This protocol provides a protection of user's passwords against any phishers even if dictionary attack is employed, and prevents phishers from imitating a false sense of successful authentication to users. The protocol is designed considering interoperability with many recent Web applications which requires many features which current HTTP authentication does not provide. The protocol is proposed as an Internet Draft submitted to IETF, and implemented in both server side (as an Apache extension) and client side (as a Mozilla-based browser and an IE-based one). The paper also proposes a new user-interface for this protocol which is always distinguishable from fake dialogs provided by phishers.

Oiwa, Yutaka; Takagi, Hiromitsu

2009-01-01T23:59:59.000Z

315

A Novel Trigon based Dual Authentication Protocol for Enhancing Security in Grid Environment  

E-Print Network [OSTI]

In recent times, a necessity has been raised in order to distribute computing applications often across grids. These applications are dependent on the services like data transfer or data portal services as well as submission of jobs. Security is of utmost importance in grid computing applications as grid resources are heterogeneous, dynamic, and multidomain. Authentication remains as the significant security challenge in grid environment. In traditional authentication protocol a single server stores the sensitive user credentials, like username and password. When such a server is compromised, a large number of user passwords, will be exposed. Our proposed approach uses a dual authentication protocol in order to improve the authentication service in grid environment. The protocol utilizes the fundamental concepts of trigon and based on the parameters of the trigon the user authentication will be performed. In the proposed protocol, the password is interpreted and alienated into more than one unit and these uni...

Ruckmani, V

2010-01-01T23:59:59.000Z

316

Dynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems , Jinsong Han2  

E-Print Network [OSTI]

Dynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems Li Lu1 , Jinsong Han2 an emerging requirement ­ protecting user privacy [13] in RFID authentications. In most RFID systems, tags sensitive information. For example, without pri- vacy protection, any reader can identify a consumer's ID

Liu, Yunhao

317

Dynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems , Jinsong Han2  

E-Print Network [OSTI]

- sitive information. For example, without privacy pro- tection, any reader can identify a consumer's IDDynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems Li Lu1 , Jinsong Han2 an emerging requirement ­ protecting user privacy [13] in RFID authentications. In most RFID systems, tags

Liu, Yunhao

318

QKD Quantum Channel Authentication  

E-Print Network [OSTI]

Several simple yet secure protocols to authenticate the quantum channel of various QKD schemes, by coupling the photon sender's knowledge of a shared secret and the QBER Bob observes, are presented. It is shown that Alice can encrypt certain portions of the information needed for the QKD protocols, using a sequence whose security is based on computational-complexity, without compromising all of the sequence's entropy. It is then shown that after a Man-in-the-Middle attack on the quantum and classical channels, there is still enough entropy left in the sequence for Bob to detect the presence of Eve by monitoring the QBER. Finally, it is shown that the principles presented can be implemented to authenticate the quantum channel associated with any type of QKD scheme, and they can also be used for Alice to authenticate Bob.

J. T. Kosloski

2006-04-02T23:59:59.000Z

319

V-036: EMC Smarts Network Configuration Manager Database Authentication  

Broader source: Energy.gov (indexed) [DOE]

6: EMC Smarts Network Configuration Manager Database 6: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability November 29, 2012 - 3:30am Addthis PROBLEM: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability PLATFORM: EMC Smarts Network Configuration Manager (NCM) all versions prior 9.1 ABSTRACT: Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. REFERENCE LINKS: EMC Identifier: ESA-2012-057 Secunia Advisory SA51408 SecurityTracker Alert ID: 1027812 CVE-2012-4614 CVE-2012-4615 IMPACT ASSESSMENT: Medium DISCUSSION: The systems uses a hard-coded key to encrypt authentication credentials on the target system [CVE-2012-4615]. A local user with knowledge of the key

320

Key recycling in authentication  

E-Print Network [OSTI]

In their seminal work on authentication, Wegman and Carter propose that to authenticate multiple messages, it is sufficient to reuse the same hash function as long as each tag is encrypted with a one-time pad. They argue that because the one-time pad is perfectly hiding, the hash function used remains completely unknown to the adversary. Since their proof is not composable, we revisit it using a composable security framework. It turns out that the above argument is insufficient: if the adversary learns whether a corrupted message was accepted or rejected, information about the hash function is leaked, and after a bounded finite amount of rounds it is completely known. We show however that this leak is very small: Wegman and Carter's protocol is still $\\epsilon$-secure, if $\\epsilon$-almost strongly universal$_2$ hash functions are used. This implies that the secret key corresponding to the choice of hash function can be reused in the next round of authentication without any additional error than this $\\epsilon$. We also show that if the players have a mild form of synchronization, namely that the receiver knows when a message should be received, the key can be recycled for any arbitrary task, not only new rounds of authentication.

Christopher Portmann

2012-02-06T23:59:59.000Z

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


321

U-212: RSA Authentication Manager Flaws Permit Cross-Site and...  

Broader source: Energy.gov (indexed) [DOE]

actions on the site acting as the target user. Solution: The vendor has issued a fix (Patch 14 (P14) for RSA Authentication Manager 7.1 SP4 and Appliance 3.0 SP4). Addthis...

322

Nanotechnology-Based Trusted Remote Sensing James B. Wendt and Miodrag Potkonjak  

E-Print Network [OSTI]

Nanotechnology-Based Trusted Remote Sensing James B. Wendt and Miodrag Potkonjak Computer Science nanotechnology PPUF-based architecture for trusted remote sensing. Current public physical unclonable function the authentication process. Our novel nanotechnology- based architecture ensures fast authentication through partial

Potkonjak, Miodrag

323

T-719:Apache mod_proxy_ajp HTTP Processing Error Lets Remote...  

Broader source: Energy.gov (indexed) [DOE]

719:Apache modproxyajp HTTP Processing Error Lets Remote Users Deny Service T-719:Apache modproxyajp HTTP Processing Error Lets Remote Users Deny Service September 16, 2011 -...

324

V-174: RSA Authentication Manager Writes Operating System, SNMP, and HTTP  

Broader source: Energy.gov (indexed) [DOE]

4: RSA Authentication Manager Writes Operating System, SNMP, 4: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files V-174: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files June 10, 2013 - 12:47am Addthis PROBLEM: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files PLATFORM: RSA Authentication Manager 8.0 ABSTRACT: A vulnerability was reported in RSA Authentication Manager. REFERENCE LINKS: RSA SecurityTracker Alert ID: 1028638 CVE-2013-0947 IMPACT ASSESSMENT: Medium DISCUSSION: The system may write operating system, SNMP, and HTTP plug-in proxy passwords in clear text to log and configuration files. IMPACT: A local user can obtain operating system, SNMP, and HTTP plug-in proxy

325

CERTIFICATE OF AUTHENTICITY  

Broader source: Energy.gov (indexed) [DOE]

CERTIFICATE OF AUTHENTICITY CERTIFICATE OF AUTHENTICITY I hereby certify that this transcript constitutes an accurate record of the full Council meeting of the National Coal Council held on November 14,2008 at the Westin Grand Hotel, Washington, D.C. ~ i c h a e l G. Mueller, Chair National Coal Council I NATIONAL COAL COUNCIL 1 FULL COUNCIL MEETING FRIDAY NOVEMBER 14, 2 0 0 8 The Full Council meeting convened at 9 : 0 0 a.m. in the Washington Ballroom of the Westin Grand Hotel, 2 3 5 0 M Street, NW, Washington, DC, Chair Michael G. Mueller presiding. ATTENDEES: MIKE MUELLER, Arneren Energy Fuels & Services Company, Chair RICH EIMER, Dynegy Inc., Vice-Chair ROBERT BECK, National Coal Council, Executive Vice-President SY ALI, Clean Energy Consulting BARB ALTIZER, Eastern Coal Council

326

T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability |  

Broader source: Energy.gov (indexed) [DOE]

94: IBM solidDB Password Hash Authentication Bypass 94: IBM solidDB Password Hash Authentication Bypass Vulnerability T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability April 4, 2011 - 6:08am Addthis PROBLEM: A vulnerability has been reported in IBM solidDB, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: IBM solidDB 4.x - IBM solidDB 6.x ABSTRACT: This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability. REFERENCE LINKS: IBM Security Alert Secunia Advisory: SA44030 ZDI Advisory: ZDI-11-115 IBM solidDB Support IMPACT ASSESSMENT: Medium Discussion: The specific flaw exists within the solid.exe process which listens by default on TCP ports 1315, 1964 and 2315. The authentication protocol

327

Remote monitoring using technologies from the Internet and World Wide Web  

SciTech Connect (OSTI)

Recent developments in Internet technologies are changing and enhancing how one processes and exchanges information. These developments include software and hardware in support of multimedia applications on the World Wide Web. In this paper the authors describe these technologies as they have applied them to remote monitoring and show how they will allow the International Atomic Energy Agency to efficiently review and analyze remote monitoring data for verification of material movements. The authors have developed demonstration software that illustrates several safeguards data systems using the resources of the Internet and Web to access and review data. This Web demo allows the user to directly observe sensor data, to analyze simulated safeguards data, and to view simulated on-line inventory data. Future activities include addressing the technical and security issues associated with using the Web to interface with existing and planned monitoring systems at nuclear facilities. Some of these issues are authentication, encryption, transmission of large quantities of data, and data compression.

Puckett, J.M.; Burczyk, L.

1997-11-01T23:59:59.000Z

328

U-219: Symantec Web Gateway Input Validation Flaws Lets Remote...  

Broader source: Energy.gov (indexed) [DOE]

9: Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords U-219: Symantec Web Gateway Input...

329

V-149: Microsoft Internet Explorer Object Access Bug Lets Remote...  

Broader source: Energy.gov (indexed) [DOE]

CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code U-047: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code...

330

T-570: HP Security Bulletin - HP-UX Running OpenSSL, Remote Execution of  

Broader source: Energy.gov (indexed) [DOE]

70: HP Security Bulletin - HP-UX Running OpenSSL, Remote 70: HP Security Bulletin - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass T-570: HP Security Bulletin - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass March 4, 2011 - 3:05pm Addthis PROBLEM: Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), authentication bypass. PLATFORM: HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08q. ABSTRACT: A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS) or an authentication bypass. reference LINKS: Net-Security Advisory: HPSBUX02638

331

T-570: HP Security Bulletin - HP-UX Running OpenSSL, Remote Execution of  

Broader source: Energy.gov (indexed) [DOE]

0: HP Security Bulletin - HP-UX Running OpenSSL, Remote 0: HP Security Bulletin - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass T-570: HP Security Bulletin - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass March 4, 2011 - 3:05pm Addthis PROBLEM: Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), authentication bypass. PLATFORM: HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08q. ABSTRACT: A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS) or an authentication bypass. reference LINKS: Net-Security Advisory: HPSBUX02638

332

Hardware Acceleration of the SRP Authentication Protocol Peter Groen1,2  

E-Print Network [OSTI]

Hardware Acceleration of the SRP Authentication Protocol Peter Groen1,2 , Panu H¨am¨al¨ainen2 , Ben employed is the Secure Remote Password (SRP) authenti- cation protocol [15]. It makes extensive use of hash that can be called from soft- ware routines in the SRP protocol. This paper is structured as follows

Kuzmanov, Georgi

333

Secure Anonymous RFID Authentication Protocols Christy Chatmon  

E-Print Network [OSTI]

and scalable. Keywords: RFID, Authentication, Anonymity, Privacy, Availability, Scalability. 1 Introduction technology is to automatically identify objects that are contained in electromagnetic fields. RFID tags doSecure Anonymous RFID Authentication Protocols Christy Chatmon Computer & Information Sciences

Burmester, Mike

334

Remote switch actuator  

DOE Patents [OSTI]

The invention provides a device and method for actuating electrical switches remotely. The device is removably attached to the switch and is actuated through the transfer of a user's force. The user is able to remain physically removed from the switch site obviating need for protective equipment. The device and method allow rapid, safe actuation of high-voltage or high-current carrying electrical switches or circuit breakers.

Haas, Edwin Gerard; Beauman, Ronald; Palo, Jr., Stefan

2013-01-29T23:59:59.000Z

335

V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability  

Broader source: Energy.gov (indexed) [DOE]

6: MediaWiki CentralAuth Extension Authentication Bypass 6: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability September 6, 2013 - 4:36am Addthis PROBLEM: A vulnerability has been reported in the CentralAuth extension for MediaWiki, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: MediaWiki CentralAuth Extension ABSTRACT: A vulnerability has been reported in the CentralAuth extension for MediaWik REFERENCE LINKS: Secunia Advisory SA54723 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an error when handling auto-logins and can be exploited to bypass the authentication mechanism by providing a valid username within the "centralauth_User" cookie. IMPACT:

336

V-010: 3Com, HP, and H3C Switches SNMP Configuration Lets Remote...  

Broader source: Energy.gov (indexed) [DOE]

The vendor has issued a fix for some affected products. Addthis Related Articles U-240: Apple Remote Desktop Encryption Failure Lets Remote Users Obtain Potentially Sensitive...

337

TwoKind Authentication: Usable Authenticators for Untrustworthy Environments  

E-Print Network [OSTI]

damage if the session or their password is compromised. 1. INTRODUCTION In today's Internet. Current authentication mechanisms such as one-time passwords [4] (such as RSA SecurID [3]) and privileged-time passwords limit the damage caused by stolen passwords, but allow full-scale damage in a hijacked session

Smith, Sean W.

338

U-192 VMware Workstation/Player VM Remote Device Bug Lets Local or Remote  

Broader source: Energy.gov (indexed) [DOE]

VMware Workstation/Player VM Remote Device Bug Lets Local or VMware Workstation/Player VM Remote Device Bug Lets Local or Remote Users Deny Service U-192 VMware Workstation/Player VM Remote Device Bug Lets Local or Remote Users Deny Service June 15, 2012 - 7:00am Addthis PROBLEM: A vulnerability was reported in VMware Workstation/Player. PLATFORM: Version(s): Workstation 8.x, Player 4.x ABSTRACT: A local or remote user can cause denial of service conditions on the target virtual system. reference LINKS: Vendor Advisory Security Tracker ID 1027173 CVE-2012-3289 IMPACT ASSESSMENT: High Discussion: A user with the ability to modify communications data between a remote virtual device (e.g., CD-ROM, keyboard) located on a physically separate system and the target virtual machine can cause the target virtual machine to crash. Impact:

339

U-192: VMware Workstation/Player VM Remote Device Bug Lets Local or Remote  

Broader source: Energy.gov (indexed) [DOE]

92: VMware Workstation/Player VM Remote Device Bug Lets Local or 92: VMware Workstation/Player VM Remote Device Bug Lets Local or Remote Users Deny Service U-192: VMware Workstation/Player VM Remote Device Bug Lets Local or Remote Users Deny Service June 15, 2012 - 7:00am Addthis PROBLEM: A vulnerability was reported in VMware Workstation/Player. PLATFORM: Version(s): Workstation 8.x, Player 4.x aBSTRACT: A local or remote user can cause denial of service conditions on the target virtual system. reference LINKS: Vendor Advisory Security Tracker ID 1027173 CVE-2012-3289 IMPACT ASSESSMENT: High Discussion: A user with the ability to modify communications data between a remote virtual device (e.g., CD-ROM, keyboard) located on a physically separate system and the target virtual machine can cause the target virtual machine to crash.

340

U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain...  

Broader source: Energy.gov (indexed) [DOE]

9: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass...

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


341

V-036: EMC Smarts Network Configuration Manager Database Authenticatio...  

Energy Savers [EERE]

Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative...

342

Biometric authentication system using reduced joint feature vector of iris and face  

Science Journals Connector (OSTI)

In this paper, we present the biometric authentication system based on the fusion of two user-friendly biometric modalities: Iris and Face. Using one biometric feature can lead to good results, but there is no reliable way to verify the classification. ...

Byungjun Son; Yillbyung Lee

2005-07-01T23:59:59.000Z

343

Integration of IEEE 802.21 services and pre-authentication framework  

Science Journals Connector (OSTI)

Providing multi-interface device users the ability to roam between different access networks is becoming a key requirement for service providers. The availability of multiple mobile broadband access technologies together with increasing use of real ... Keywords: IEEE 80221, MIH, MPA, authentication, handover performance, heterogeneous networks, media-independent handover, media-independent pre-, multi-interface devices, seamless mobility, testbed

Miriam Tauil; Ashutosh Dutta; Yuu-Heng Cheng; Subir Das; Donald Baker; Maya Yajnik; David Famolari; Yoshihiro Ohba; Kenichi Taniuchi; Victor Fajardo; Henning Schulzrinne

2010-07-01T23:59:59.000Z

344

T-608: HP Virtual Server Environment Lets Remote Authenticated...  

Broader source: Energy.gov (indexed) [DOE]

running HP software products should be applied in accordance with the customer's patch management policy. Recommended Update: HP Software media set 6.3 HP Insight Software...

345

U-045: Windows Win32k.sys Keyboard Layout Bug Lets Local Users...  

Broader source: Energy.gov (indexed) [DOE]

Restrict access to trusted users only. Addthis Related Articles U-047: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code U-046:...

346

CERTIFICATE OF AUTHENTICITY | Department of Energy  

Energy Savers [EERE]

D.C. Tran001.pdf CERTIFICATE OF AUTHENTICITY More Documents & Publications U.S. Offshore Wind Advanced Technology Demonstration Projects Public Meeting Transcript for...

347

A DAWP Technique for Audio Authentication  

Science Journals Connector (OSTI)

Digital audio content protection is part of information security for audio authentication and audio integrity evaluation. Watermarking is widely used in copyright protection. However, watermark requires a thir...

Tung-Shou Chen; Jeanne Chen; Jiun-Lin Tang; Keshou Wu

2011-01-01T23:59:59.000Z

348

Prospective Users  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Prospective Users Prospective Users Prospective Users Print The Advanced Light Source (ALS) welcomes researchers from universities, government labs, and industry who are interested in performing experiments at the general sciences and structural biology beamlines open to users. An overview of user opportunities, and the procedures to become a user, are outlined below: What is an ALS User? Research Facilities Available to Users Costs to Users Users from Industry User Policy How to Become an ALS User What is an ALS User? The ALS is a third generation synchrotron light source, providing over 35 beamlines, where samples may be illuminated with x-ray, ultraviolet or infrared light to explore the structure and electronic properties of materials. The ALS operates as a national user facility, and is open to researchers worldwide to submit proposals for research.

349

V-055: Firefly Media Server Null Pointer Dereference Lets Remote...  

Broader source: Energy.gov (indexed) [DOE]

V-055: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service December 26, 2012 - 9:00am Addthis PROBLEM: Firefly Media Server Null Pointer Dereference...

350

Verifying authentication protocols with CSP Steve Schneider  

E-Print Network [OSTI]

Verifying authentication protocols with CSP Steve Schneider Department of Computer Science Royal of Communicating Sequential Processes (CSP). It is il- lustrated by an examination of the Needham-Schroeder public of authentication protocols, built on top of the gen- eral CSP semantic framework. This approach aims to combine

Doran, Simon J.

351

Prospective Users  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Prospective Users Print Prospective Users Print The Advanced Light Source (ALS) welcomes researchers from universities, government labs, and industry who are interested in performing experiments at the general sciences and structural biology beamlines open to users. An overview of user opportunities, and the procedures to become a user, are outlined below: What is an ALS User? Research Facilities Available to Users Costs to Users Users from Industry User Policy How to Become an ALS User What is an ALS User? The ALS is a third generation synchrotron light source, providing over 35 beamlines, where samples may be illuminated with x-ray, ultraviolet or infrared light to explore the structure and electronic properties of materials. The ALS operates as a national user facility, and is open to researchers worldwide to submit proposals for research.

352

User Services  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Contacts for Users Contacts for Users User Services Print The User Services Group is available to aid ALS users before they arrive, while they are here, and after they leave. User Office Experiment Coordination Section Sue Bailey This e-mail address is being protected from spambots. You need JavaScript enabled to view it User Services Group Leader Prospective users Proprietary users Tel: 510-486-7727 ALS User Office The User Office is located on the mezzanine of Building 6 (the ALS), Room 2212. Contact Email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: 510-486-7745 Fax: 510-486-4773 Address: Advanced Light Source, Berkeley Lab, MS 6-2100, Berkeley, CA 94720 Hours User Office: Monday-Friday 8.00 a.m. - 12.00 p.m. and 1.00 p.m. - 5.00 p.m.

353

T-563: Red Hat Directory Server Bugs Let Local Users Gain Elevated  

Broader source: Energy.gov (indexed) [DOE]

3: Red Hat Directory Server Bugs Let Local Users Gain Elevated 3: Red Hat Directory Server Bugs Let Local Users Gain Elevated Privileges and Remote and Local Users Deny Service T-563: Red Hat Directory Server Bugs Let Local Users Gain Elevated Privileges and Remote and Local Users Deny Service February 23, 2011 - 7:00am Addthis PROBLEM: Red Hat Directory Server Bugs Let Local Users Gain Elevated Privileges and Remote and Local Users Deny Service. PLATFORM: Red Hat Directory Server v8 EL4, Red Hat Directory Server v8 EL5 ABSTRACT: Several vulnerabilities were reported in Red Hat Directory Server. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions. A local user can cause denial of service conditions. A remote user can send multiple simple paged search requests to cause the

354

U-082: McAfee SaaS 'myCIOScn.dll' ActiveX Control Lets Remote...  

Broader source: Energy.gov (indexed) [DOE]

Lets Remote Users Execute Arbitrary Code January 17, 2012 - 1:00pm Addthis PROBLEM: PHP Null Pointer Dereference in zendstrndup() Lets Local Users Deny Service PLATFORM: PHP...

355

AUTHENTICATED  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

2. AMENDMENT OF AGREEMENT BPA and Port Townsend amend the Agreement as follows: (a) The following Section 2.24 ("Wheel Turning Load") shall be added to the Agreement: "2.24...

356

Deniable Authentication with RSA and Multicasting Daniel R. L. Brown  

E-Print Network [OSTI]

. Related concepts to deniable authentication are plausible deniability and prevention of surreptitious

357

Securing the global, remote, mobile user  

Science Journals Connector (OSTI)

Electronic commerce is inevitable and will reshape our lives, but before true electronic commerce environments can be realized, it will be necessary to secure your enterprise against outside attacks on its electronic information and provide controls ...

Walt Curtis; Lori Sinton

1999-03-01T23:59:59.000Z

358

User-centric identity as a service-architecture for eIDs with selective attribute disclosure  

Science Journals Connector (OSTI)

Unique identification and secure authentication of users are essential processes in numerous security-critical areas such as e-Government, e-Banking, or e-Business. Therefore, many countries (particularly in Europe) have implemented national eID solutions ... Keywords: Austrian eID, authentication, citizen card, cloud computing, identity management, privacy, public cloud, selective attribute disclosure

Daniel Slamanig, Klaus Stranacher, Bernd Zwattendorfer

2014-06-01T23:59:59.000Z

359

User Services  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Home Contact Home Contact User Services Print The User Services Group is available to aid ALS users before they arrive, while they are here, and after they leave. User Office Experiment Coordination Section Sue Bailey This e-mail address is being protected from spambots. You need JavaScript enabled to view it User Services Group Leader Prospective users Proprietary users Tel: 510-486-7727 ALS User Office The User Office is located on the mezzanine of Building 6 (the ALS), Room 2212. Contact Email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: 510-486-7745 Fax: 510-486-4773 Address: Advanced Light Source, Berkeley Lab, MS 6-2100, Berkeley, CA 94720 Hours User Office: Monday-Friday 8.00 a.m. - 12.00 p.m. and 1.00 p.m. - 5.00 p.m.

360

T-563: Red Hat Directory Server Bugs Let Local Users Gain Elevated...  

Office of Environmental Management (EM)

T-563: Red Hat Directory Server Bugs Let Local Users Gain Elevated Privileges and Remote and Local Users Deny Service T-563: Red Hat Directory Server Bugs Let Local Users Gain...

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


361

V-141: HP ElitePad 900 Secure Boot Bug Lets Local Users Boot...  

Broader source: Energy.gov (indexed) [DOE]

Bug Lets Local Users Deny Service V-098: Linux Kernel Extended Verification Module Bug Lets Local Users Deny Service U-036: Apple iOS Bugs Let Remote Users Execute Arbitrary Code...

362

E-Print Network 3.0 - archeological gold authentication Sample...  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

't do. Tests and quizzes aren't the gold standard either. - Fixed-choice test questions tend... by authentic use & authentic assessment. 12;Authentic performance...

363

Hardware device binding and mutual authentication  

DOE Patents [OSTI]

Detection and deterrence of device tampering and subversion by substitution may be achieved by including a cryptographic unit within a computing device for binding multiple hardware devices and mutually authenticating the devices. The cryptographic unit includes a physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generates a binding PUF value. The cryptographic unit uses the binding PUF value during an enrollment phase and subsequent authentication phases. During a subsequent authentication phase, the cryptographic unit uses the binding PUF values of the multiple hardware devices to generate a challenge to send to the other device, and to verify a challenge received from the other device to mutually authenticate the hardware devices.

Hamlet, Jason R; Pierson, Lyndon G

2014-03-04T23:59:59.000Z

364

Remote maintenance  

SciTech Connect (OSTI)

A general description is given of the study of maintenance design in reactor designs. The Fusion Experimental Reactor and INTOR-J are discussed in terms of simplicity in remote maintenance design, and a figure shows one of the designs of a torus sector configuration for the Fusion Experimental Reactor. An R-tokamak which is under design is a D-T burning device with a Q less than unity. Technical issues are listed and it is suggested that a long-range plan for fusion remote maintenance should be implemented. A multijoint inspection system and a remote maintenance simulation test model of the divertor module are shown.

Kazawa, Y.; Tachikawa, K.; Tone, T.

1983-12-01T23:59:59.000Z

365

Interception and modification of network authentication packets with the purpose of allowing alternative authentication modes  

DOE Patents [OSTI]

Methods and systems in a data/computer network for authenticating identifying data transmitted from a client to a server through use of a gateway interface system which are communicately coupled to each other are disclosed. An authentication packet transmitted from a client to a server of the data network is intercepted by the interface, wherein the authentication packet is encrypted with a one-time password for transmission from the client to the server. The one-time password associated with the authentication packet can be verified utilizing a one-time password token system. The authentication packet can then be modified for acceptance by the server, wherein the response packet generated by the server is thereafter intercepted, verified and modified for transmission back to the client in a similar but reverse process.

Kent, Alexander Dale (Los Alamos, NM)

2008-09-02T23:59:59.000Z

366

User Services  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

User Services Print User Services Print The User Services Group is available to aid ALS users before they arrive, while they are here, and after they leave. User Office Experiment Coordination Section Sue Bailey This e-mail address is being protected from spambots. You need JavaScript enabled to view it User Services Group Leader Prospective users Proprietary users Tel: 510-486-7727 ALS User Office The User Office is located on the mezzanine of Building 6 (the ALS), Room 2212. Contact Email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: 510-486-7745 Fax: 510-486-4773 Address: Advanced Light Source, Berkeley Lab, MS 6-2100, Berkeley, CA 94720 Hours User Office: Monday-Friday 8.00 a.m. - 12.00 p.m. and 1.00 p.m. - 5.00 p.m. New user registration: Monday-Friday 8.00 a.m. - 12.00 p.m. and

367

User Services  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

User Services Print User Services Print The User Services Group is available to aid ALS users before they arrive, while they are here, and after they leave. User Office Experiment Coordination Section Sue Bailey This e-mail address is being protected from spambots. You need JavaScript enabled to view it User Services Group Leader Prospective users Proprietary users Tel: 510-486-7727 ALS User Office The User Office is located on the mezzanine of Building 6 (the ALS), Room 2212. Contact Email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: 510-486-7745 Fax: 510-486-4773 Address: Advanced Light Source, Berkeley Lab, MS 6-2100, Berkeley, CA 94720 Hours User Office: Monday-Friday 8.00 a.m. - 12.00 p.m. and 1.00 p.m. - 5.00 p.m. New user registration: Monday-Friday 8.00 a.m. - 12.00 p.m. and

368

User Services  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

User Services Print User Services Print The User Services Group is available to aid ALS users before they arrive, while they are here, and after they leave. User Office Experiment Coordination Section Sue Bailey This e-mail address is being protected from spambots. You need JavaScript enabled to view it User Services Group Leader Prospective users Proprietary users Tel: 510-486-7727 ALS User Office The User Office is located on the mezzanine of Building 6 (the ALS), Room 2212. Contact Email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: 510-486-7745 Fax: 510-486-4773 Address: Advanced Light Source, Berkeley Lab, MS 6-2100, Berkeley, CA 94720 Hours User Office: Monday-Friday 8.00 a.m. - 12.00 p.m. and 1.00 p.m. - 5.00 p.m. New user registration: Monday-Friday 8.00 a.m. - 12.00 p.m. and

369

User Services  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

User Services Print User Services Print The User Services Group is available to aid ALS users before they arrive, while they are here, and after they leave. User Office Experiment Coordination Section Sue Bailey This e-mail address is being protected from spambots. You need JavaScript enabled to view it User Services Group Leader Prospective users Proprietary users Tel: 510-486-7727 ALS User Office The User Office is located on the mezzanine of Building 6 (the ALS), Room 2212. Contact Email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: 510-486-7745 Fax: 510-486-4773 Address: Advanced Light Source, Berkeley Lab, MS 6-2100, Berkeley, CA 94720 Hours User Office: Monday-Friday 8.00 a.m. - 12.00 p.m. and 1.00 p.m. - 5.00 p.m. New user registration: Monday-Friday 8.00 a.m. - 12.00 p.m. and

370

EPICS system: system structure and user interface  

SciTech Connect (OSTI)

This paper present the user's view of and the general organization of the EPICS control system at Fermilab. Various subsystems of the EPICS control system are discussed. These include the user command language, software protection, the device database, remote computer interfaces, and several application utilities. This paper is related to two other papers on EPICS: an overview paper and a detailed implementation paper.

West, R.E.; Bartlett, J.F.; Bobbitt, J.S.; Lahey, T.E.; Kramper, B.J.; MacKinnon, B.A.

1984-02-01T23:59:59.000Z

371

User Guide  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Guide Guide User Guide Print 1. Apply for Beam Time Submit a new proposal or a Beam Time Request (BTR) using an existing active proposal. 2. Establish a User Agreement Your institute must have a signed agreement with Berkeley Lab before you may do work at the ALS. 3. Complete Experiment Safety Documentation and Review Safety for Users Safety documentation must be completed and reviewed before your beam time. Experiments involving any biological material or radioactive material require more review steps so please allow several weeks for these. 4. Register with the User Office New and returning users need to register with the User Office TWO weeks before arriving at the ALS. Users arriving out of regular office hours must either have a valid Berkeley Lab ID badge, or have completed registration to be granted access to the ALS.

372

User Obligations  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

User Obligations User Obligations Summary of what APS expects of users in return for access to the facility. Registration Register with the APS as far in advance of your initial visit as possible (even when you are simply planning an experiment). User Agreement Ensure that a User Agreement is in place between the APS and your home institution. Training Ensure that you complete all required training before conducting hands-on work at the APS. Safety Assessement Complete Experiment Safety Assessment Forms. End of Experiment Form Complete End of Experiment form to provide feedback (required for General Users, optional for others). Published Reports of Work Carried Out at the APS As an APS user, you are required to notify both the APS and your host beamline staff of all work published in the open literature (including

373

T-646: Debian fex authentication bypass | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

6: Debian fex authentication bypass 6: Debian fex authentication bypass T-646: Debian fex authentication bypass June 14, 2011 - 3:45pm Addthis PROBLEM: The vulnerability is caused due to the application not properly verifying the existence of "auth-ID" when uploading files and can be exploited to bypass the authentication mechanism. PLATFORM: Debian fex ABSTRACT: Debian security discovered that fex, a web service for transferring very large, files, is not properly validating authentication IDs. While the service properly validates existing authentication IDs, an attacker who is not specifying any authentication ID at all, can bypass the authentication procedure. reference LINKS: DSA-2259-1 fex Secunia Advisory SA44940 Debian Security Advisory DSA-2259-1 fex-20110610.tar Vulnerability Report: Debian GNU/Linux 6.0

374

A service-oriented architecture for authentication and authorization  

E-Print Network [OSTI]

THESIS A Service-oriented Architecture for AuthenticationSAN DIEGO A Service-oriented Architecture for Authentication2.0, which is a service-oriented architecture that addresses

Hamedtoolloei, Hamidreza

2009-01-01T23:59:59.000Z

375

User Services  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Services Print Services Print The User Services Group is available to aid ALS users before they arrive, while they are here, and after they leave. User Office Experiment Coordination Section Sue Bailey This e-mail address is being protected from spambots. You need JavaScript enabled to view it User Services Group Leader Prospective users Proprietary users Tel: 510-486-7727 ALS User Office The User Office is located on the mezzanine of Building 6 (the ALS), Room 2212. Contact Email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: 510-486-7745 Fax: 510-486-4773 Address: Advanced Light Source, Berkeley Lab, MS 6-2100, Berkeley, CA 94720 Hours User Office: Monday-Friday 8.00 a.m. - 12.00 p.m. and 1.00 p.m. - 5.00 p.m. New user registration: Monday-Friday 8.00 a.m. - 12.00 p.m. and

376

User Services  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Services Print Services Print The User Services Group is available to aid ALS users before they arrive, while they are here, and after they leave. User Office Experiment Coordination Section Sue Bailey This e-mail address is being protected from spambots. You need JavaScript enabled to view it User Services Group Leader Prospective users Proprietary users Tel: 510-486-7727 ALS User Office The User Office is located on the mezzanine of Building 6 (the ALS), Room 2212. Contact Email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: 510-486-7745 Fax: 510-486-4773 Address: Advanced Light Source, Berkeley Lab, MS 6-2100, Berkeley, CA 94720 Hours User Office: Monday-Friday 8.00 a.m. - 12.00 p.m. and 1.00 p.m. - 5.00 p.m. New user registration: Monday-Friday 8.00 a.m. - 12.00 p.m. and

377

CLOC: Authenticated Encryption for Short Input Tetsu Iwata1  

E-Print Network [OSTI]

. CLOC uses a variant of CFB mode in its encryption part and a variant of CBC MAC in the authentication

378

Deniable Authentication with RSA and Multicasting Daniel R. L. Brown  

E-Print Network [OSTI]

of surreptitious forwarding. The IETF S/MIME protocol, which can be used to secure email, includes an Authenticated

379

Information to iteration : using information and communication technologies [ICT] in design for remote regions  

E-Print Network [OSTI]

Remote design comes with significant challenges. A major barrier to designing in remote regions is the lack of communication between designers and users. As a result, the lack of information flow leads to assumptions about ...

Griffith, Kenfield A. (Kenfield Allistair)

2012-01-01T23:59:59.000Z

380

T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability  

Broader source: Energy.gov (indexed) [DOE]

613: Microsoft Excel Axis Properties Remote Code Execution 613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability May 2, 2011 - 7:42am Addthis PROBLEM: Microsoft Excel is prone to a remote code-execution vulnerability because the applications fail to sufficiently validate user-supplied input. PLATFORM: Microsoft Excel (2002-2010) ABSTRACT: Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails to sufficiently validate user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


381

PAP: A Privacy and Authentication Protocol for Passive RFID Tags  

E-Print Network [OSTI]

PAP: A Privacy and Authentication Protocol for Passive RFID Tags Alex X. Liu LeRoy A. Bailey for RFID tags is necessary to ensure the privacy and authentication between each tag and their reader. In order to accomplish this, we propose PAP, a privacy and authentication protocol for passive RFID tags

Liu, Alex X.

382

REALIZING TWO-FACTOR AUTHENTICATION FOR THE BITCOIN PROTOCOL  

E-Print Network [OSTI]

REALIZING TWO-FACTOR AUTHENTICATION FOR THE BITCOIN PROTOCOL Christopher Mann and Daniel Loebenberger 15 August 2014 Abstract. We show how to realize two-factor authentication for a Bitcoin wal- let a prototypic implementation of a Bitcoin wallet that offers both: two-factor authentication and verification

383

FORENSIC CONNOISSEURSHIP, JACKSON POLLOCK, AND THE AUTHENTIC EYE  

E-Print Network [OSTI]

FORENSIC CONNOISSEURSHIP, JACKSON POLLOCK, AND THE AUTHENTIC EYE by Francis V. O'Connor, Ph shall proceed to some general #12;Forensic Connoisseurship, Pollock, & The Authentic Eye - F. V. O, the training of authentic eyes and forensic connoisseurs -- concluding with a final thought on the historicity

Taylor, Richard

384

Robust video authentication system over internet protocol  

Science Journals Connector (OSTI)

This paper presents a video authentication system over internet protocol that is insusceptible to illumination and expression variations. The illumination and expression invariant features are extracted using multi-band feature extraction. These features are classified by a radial basis function neural network. A new adaptive decision fusion method is proposed to combine the scores from different modalities and the different frames during the authentication process. Three levels of decision fusion are carried out in the proposed adaptive decision fusion. Depending on the level of decision fusion, the level of illumination influence is taken into account during the decision making.

Sue Inn Ch'ng; Kah Phooi Seng; Li-Minn Ang; Fong Tien Ong; Yee Wan Wong

2011-01-01T23:59:59.000Z

385

Industrial Users  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Industrial Users - Media Publications and Information The Invisible Neutron Threat Neutron-Induced Failures in Semiconductor Devices Nuclear Science Research at the LANSCE-WNR...

386

Industrial Users  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

on altitude. This large flux allows testing of semiconductor devices at greatly accelerated rates. Industry users are invited to contact Steve Wender, phone:505-667-1344 or...

387

2013 ALS User Meeting Highlights  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

2013 ALS User Meeting Highlights 2013 ALS User Meeting Highlights 2013 ALS User Meeting Highlights Print This year's ALS User Meeting launched with a welcome from Users' Executive Committee Chair Corie Ralston and LBNL Director Paul Alivisatos. ALS Director Roger Falcone followed with a "state of the ALS" presentation that began with a reminder of the ALS mission, which he noted remains true even in the midst of a government shutdown: "Supporting users in doing outstanding science in a safe environment." Falcone gave the 414 meeting attendees an update on the ALS beamlines, which included good news about increased user numbers thanks to the new RAPIDD access system, enhanced robotics, and remote capabilities. Falcone reflected that ALS metrics continue to represent our highly productive users-the number of journal articles and papers per user that come from ALS research have continued to grow in the past year. Looking forward, Falcone touched on how a proposed ALS upgrade to a diffraction-limited light source would increase scientific capabilities.

388

2013 ALS User Meeting Highlights  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

2013 ALS User Meeting Highlights 2013 ALS User Meeting Highlights 2013 ALS User Meeting Highlights Print Thursday, 24 October 2013 09:06 This year's ALS User Meeting launched with a welcome from Users' Executive Committee Chair Corie Ralston and LBNL Director Paul Alivisatos. ALS Director Roger Falcone followed with a "state of the ALS" presentation that began with a reminder of the ALS mission, which he noted remains true even in the midst of a government shutdown: "Supporting users in doing outstanding science in a safe environment." Falcone gave the 414 meeting attendees an update on the ALS beamlines, which included good news about increased user numbers thanks to the new RAPIDD access system, enhanced robotics, and remote capabilities. Falcone reflected that ALS metrics continue to represent our highly productive users-the number of journal articles and papers per user that come from ALS research have continued to grow in the past year. Looking forward, Falcone touched on how a proposed ALS upgrade to a diffraction-limited light source would increase scientific capabilities.

389

V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

8: RealPlayer Buffer Overflow and Memory Corruption Error Let 8: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code August 27, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities were reported in RealPlayer PLATFORM: RealPlayer 16.0.2.32 and prior ABSTRACT: A remote user can cause arbitrary code to be executed on the target user's system REFERENCE LINKS: Security Tracker Alert ID 1028953 RealNetworks Security Bulletin CVE-2013-4973 CVE-2013-4974 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can create a specially crafted RMP file that, when loaded by the target user, will trigger a stack overflow and execute arbitrary code on the target system. A remote user can create a specially crafted RealMedia file that, when

390

Remote Environmental Monitoring System CRADA  

SciTech Connect (OSTI)

The goal of the project was to develop a wireless communications system, including communications, command, and control software, to remotely monitor the environmental state of a process or facility. Proof of performance would be tested and evaluated with a prototype demonstration in a functioning facility. AR Designs' participation provided access to software resources and products that enable network communications for real-time embedded systems to access remote workstation services such as Graphical User Interface (GUI), file I/O, Events, Video, Audio, etc. in a standardized manner. This industrial partner further provided knowledge and links with applications and current industry practices. FM and T's responsibility was primarily in hardware development in areas such as advanced sensors, wireless radios, communication interfaces, and monitoring and analysis of sensor data. This role included a capability to design, fabricate, and test prototypes and to provide a demonstration environment to test a proposed remote sensing system. A summary of technical accomplishments is given.

Hensley, R.D.

2000-03-30T23:59:59.000Z

391

Remote computing using the National Fusion Grid  

Science Journals Connector (OSTI)

The National Fusion Collaboratory (http://www.fusiongrid.org) uses grid technology to implement remote computing on the National Fusion Grid. The motivations are to reduce the cost of computing resources, shorten the software deployment cycle, and simplify remote computing for the user community. The National Fusion Collaboratory has successfully demonstrated remote access as a grid service to the TRANSP transport analysis code for tokamak experiments. TRANSP development and administration are now centralized at the Princeton Plasma Physics Laboratory (PPPL), obviating both the need to port TRANSP to different platforms and the process of deploying TRANSP to remote sites. TRANSP users now share the resources of a powerful Linux cluster located at PPPL. Fusion researchers have completed over 900 TRANSP runs utilizing over 5600h of CPU time since the TRANSP service was installed in October 2002.

J.R Burruss; S Flanagan; K Keahey; C Ludescher; D.C McCune; Q Peng; L Randerson; D.P Schissel; M Thompson

2004-01-01T23:59:59.000Z

392

Spatial Data Authentication Using Mathematical Visualization  

E-Print Network [OSTI]

Spatial Data Authentication Using Mathematical Visualization Vert, G., Harris, F., Nasser, S. Dept has become an increasingly compromised method to transmit any type of data including spatial data. Due to the criticality of spatial data in decision making processes that range from military targeting to urban planning

Harris Jr., Frederick C.

393

V-166: HP-UX Directory Server Discloses Passwords to Remote Authentica...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

Articles U-135: HP WBEM Discloses Diagnostic Data to Remote and Local Users U-200: Red Hat Directory Server Information Disclosure Security Issue and Vulnerability T-692:...

394

New User Training: Sep. 10, 2013  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

New User New User Training New User Training: Sep. 10, 2013 September 10, 2013 NERSC will present a four-hour training for new users on Sep. 10, 2013 from 10:00 to 14:00 PDT. This event is targeted to new users of NERSC and will help them navigate the center and its systems. Attemdamce: 104 Location This event will be presented online using WebEx technology and in person at NERSC Oakland Scientific Facility. Please see the remote setup page for connection information. Registration There is no registration for the online event. Visit the remote setup page for connection information. If you wish to attend locally in Oakland, please send email to training@nersc.gov. Local attendees will have the opportunity to take a tour of the NERSC machine room. Agenda Time (PDT) Time (EDT) Topic Presenter

395

User Policy  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

User Policy Print User Policy Print 1. Guiding Principles The aim of User Policy at the Advanced Light Source (ALS) is to provide a framework for establishing a challenging yet congenial environment where talented scientists from different backgrounds can work together in pursuit of the new scientific opportunities presented by the availability of this innovative facility. User policy must address a variety of user needs and sensitivities. On one hand, the qualified researcher with little financial backing needs assurance of adequate access to the facility. On the other hand, qualified groups that make a large commitment of time and resources need some assurance of an equitable return on their investment. A national facility should be accessible to all qualified researchers and at the ALS there are three modes of access: as a General User, a member of an Approved Program (AP), or as a member of a Participating Research Team (PRT). All proposals for research to be conducted at the ALS are evaluated based on the criteria endorsed by the International Union of Pure and Applied Physics (IUPAP). These criteria are detailed on the IUPAP Web site at IUPAP Recommendations for the Use of Major Physics Users Facilities (pdf version).

396

NIF Users  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

have never been created in a laboratory environment and exist naturally only during thermonuclear burn, in supernovae and in the fusion reactions that power our stars. The NIF User...

397

User Community  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Community Community Given the pressures of conducting experiments, it's sometimes hard to find time to connect with new potential colleagues, even though they may be working at the next beamline. There are many opportunities for making informal connections with other users and with APS staff; this page lists only a few of the many communication channels at the APS. Reaching Other Users Coffee Cart A source of morning sustenance and a chance to see who's been working in the hutch next to yours all night. An APS manager makes the rounds with the Coffee Cart each morning. Scientific Interest Groups Self-organizing groups of users and beamline staff interested in advancing synchrotron research in a particular area. User Science Seminars, General Seminars and Conferences

398

User Policy  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Policy Policy User Policy Print 1. Guiding Principles The aim of User Policy at the Advanced Light Source (ALS) is to provide a framework for establishing a challenging yet congenial environment where talented scientists from different backgrounds can work together in pursuit of the new scientific opportunities presented by the availability of this innovative facility. User policy must address a variety of user needs and sensitivities. On one hand, the qualified researcher with little financial backing needs assurance of adequate access to the facility. On the other hand, qualified groups that make a large commitment of time and resources need some assurance of an equitable return on their investment. A national facility should be accessible to all qualified researchers and at the ALS there are three modes of access: as a General User, a member of an Approved Program (AP), or as a member of a Participating Research Team (PRT). All proposals for research to be conducted at the ALS are evaluated based on the criteria endorsed by the International Union of Pure and Applied Physics (IUPAP). These criteria are detailed on the IUPAP Web site at IUPAP Recommendations for the Use of Major Physics Users Facilities (pdf version).

399

Calculation and Use of Peaking Factors for Remote Terminal Emulation  

Science Journals Connector (OSTI)

An important goal of the remote terminal emulator-driven tests described here was obtaining a representative test workload. Reaching this goal depended on (i) imposing the test workload in a representative manner, (ii) using representative types of user ...

William A. Ward, Jr.; David Langan

2000-03-01T23:59:59.000Z

400

U-063: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

3: RSA SecurID Software Token for Windows DLL Loading Error 3: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code U-063: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code December 16, 2011 - 8:00am Addthis PROBLEM: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code. PLATFORM: RSA SecurID Software Token 4.1 for Microsoft Windows ABSTRACT: A remote user can cause the target application to execute arbitrary code on the target user's system. reference LINKS: SecurityTracker Alert ID: 1026426 ESA-2011-039 Secunia Advisory: SA45665 Securityfocus Advisory CVE-2011-4141 RSA Online Fraud Resource Center IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in RSA SecurID Software Token. A remote user

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


401

U-063: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

63: RSA SecurID Software Token for Windows DLL Loading Error 63: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code U-063: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code December 16, 2011 - 8:00am Addthis PROBLEM: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code. PLATFORM: RSA SecurID Software Token 4.1 for Microsoft Windows ABSTRACT: A remote user can cause the target application to execute arbitrary code on the target user's system. reference LINKS: SecurityTracker Alert ID: 1026426 ESA-2011-039 Secunia Advisory: SA45665 Securityfocus Advisory CVE-2011-4141 RSA Online Fraud Resource Center IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in RSA SecurID Software Token. A remote user

402

U-236: Microsoft JScript and VBScript Engine Integer Overflow Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

36: Microsoft JScript and VBScript Engine Integer Overflow Lets 36: Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code U-236: Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code August 15, 2012 - 7:00am Addthis PROBLEM: Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code PLATFORM: Version(s): 5.8 ABSTRACT: Execution of arbitrary code via network A remote user can cause arbitrary code to be executed on the target REFERENCE LINKS: technet.microsoft.com/en-us/security/bulletin/ms12-056 http://www.securitytracker.com/id/1027392 CVE-2012-2523 Impact assessment: Medium Discussion: Vulnerability was reported in Microsoft JScript and VBScript. A remote user can cause arbitrary code to be executed on the target user's system. A

403

User Policy  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Policy Print Policy Print 1. Guiding Principles The aim of User Policy at the Advanced Light Source (ALS) is to provide a framework for establishing a challenging yet congenial environment where talented scientists from different backgrounds can work together in pursuit of the new scientific opportunities presented by the availability of this innovative facility. User policy must address a variety of user needs and sensitivities. On one hand, the qualified researcher with little financial backing needs assurance of adequate access to the facility. On the other hand, qualified groups that make a large commitment of time and resources need some assurance of an equitable return on their investment. A national facility should be accessible to all qualified researchers and at the ALS there are three modes of access: as a General User, a member of an Approved Program (AP), or as a member of a Participating Research Team (PRT). All proposals for research to be conducted at the ALS are evaluated based on the criteria endorsed by the International Union of Pure and Applied Physics (IUPAP). These criteria are detailed on the IUPAP Web site at IUPAP Recommendations for the Use of Major Physics Users Facilities (pdf version).

404

User Policy  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Policy Print Policy Print 1. Guiding Principles The aim of User Policy at the Advanced Light Source (ALS) is to provide a framework for establishing a challenging yet congenial environment where talented scientists from different backgrounds can work together in pursuit of the new scientific opportunities presented by the availability of this innovative facility. User policy must address a variety of user needs and sensitivities. On one hand, the qualified researcher with little financial backing needs assurance of adequate access to the facility. On the other hand, qualified groups that make a large commitment of time and resources need some assurance of an equitable return on their investment. A national facility should be accessible to all qualified researchers and at the ALS there are three modes of access: as a General User, a member of an Approved Program (AP), or as a member of a Participating Research Team (PRT). All proposals for research to be conducted at the ALS are evaluated based on the criteria endorsed by the International Union of Pure and Applied Physics (IUPAP). These criteria are detailed on the IUPAP Web site at IUPAP Recommendations for the Use of Major Physics Users Facilities (pdf version).

405

Verifiable process monitoring through enhanced data authentication.  

SciTech Connect (OSTI)

To ensure the peaceful intent for production and processing of nuclear fuel, verifiable process monitoring of the fuel production cycle is required. As part of a U.S. Department of Energy (DOE)-EURATOM collaboration in the field of international nuclear safeguards, the DOE Sandia National Laboratories (SNL), the European Commission Joint Research Centre (JRC) and Directorate General-Energy (DG-ENER) developed and demonstrated a new concept in process monitoring, enabling the use of operator process information by branching a second, authenticated data stream to the Safeguards inspectorate. This information would be complementary to independent safeguards data, improving the understanding of the plant's operation. The concept is called the Enhanced Data Authentication System (EDAS). EDAS transparently captures, authenticates, and encrypts communication data that is transmitted between operator control computers and connected analytical equipment utilized in nuclear processes controls. The intent is to capture information as close to the sensor point as possible to assure the highest possible confidence in the branched data. Data must be collected transparently by the EDAS: Operator processes should not be altered or disrupted by the insertion of the EDAS as a monitoring system for safeguards. EDAS employs public key authentication providing 'jointly verifiable' data and private key encryption for confidentiality. Timestamps and data source are also added to the collected data for analysis. The core of the system hardware is in a security enclosure with both active and passive tamper indication. Further, the system has the ability to monitor seals or other security devices in close proximity. This paper will discuss the EDAS concept, recent technical developments, intended application philosophy and the planned future progression of this system.

Goncalves, Joao G. M. (European Commission Joint Research Centre, Italy); Schwalbach, Peter (European Commission Directorate General%3CU%2B2014%3EEnergy, Luxemburg); Schoeneman, Barry Dale; Ross, Troy D.; Baldwin, George Thomas

2010-09-01T23:59:59.000Z

406

User Manual  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Manual Manual Services Overview ECS Audio/Video Conferencing Fasterdata IPv6 Network Network Performance Tools (perfSONAR) ESnet OID Registry PGP Key Service Virtual Circuits (OSCARS) OSCARS Case Study Documentation User Manual Web Browser Interface (WBUI) Web Service Interface (API) FAQ Design Specifications Functional Specifications Notifications Publications Authorization Policy Default Attributes Message Security Clients For Developers Interfaces Links Hardware Requirements DOE Grids Service Transition Contact Us Technical Assistance: 1 800-33-ESnet (Inside the US) 1 800-333-7638 (Inside the US) 1 510-486-7600 (Globally) 1 510-486-7607 (Globally) Report Network Problems: trouble@es.net Provide Web Site Feedback: info@es.net User Manual Introduction The OSCARS Interdomain Controller (IDC) allows end users to reserve high

407

V-163: Red Hat Network Satellite Server Inter-Satellite Sync Remote  

Broader source: Energy.gov (indexed) [DOE]

3: Red Hat Network Satellite Server Inter-Satellite Sync Remote 3: Red Hat Network Satellite Server Inter-Satellite Sync Remote Authentication Bypass V-163: Red Hat Network Satellite Server Inter-Satellite Sync Remote Authentication Bypass May 24, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Red Hat Network Satellite Server PLATFORM: Red Hat Network Satellite (v. 5.3 for RHEL 5) Red Hat Network Satellite (v. 5.4 for RHEL 5) Red Hat Network Satellite (v. 5.4 for RHEL 6) Red Hat Network Satellite (v. 5.5 for RHEL 5) Red Hat Network Satellite (v. 5.5 for RHEL 6) ABSTRACT: The system does not properly validate all Inter-Satellite Sync operations REFERENCE LINKS: SecurityTracker Alert ID: 1028587 RHSA-2013:0848-1 CVE-2013-2056 IMPACT ASSESSMENT: Medium DISCUSSION: It was discovered that Red Hat Network Satellite did not fully check the

408

Formal analysis of device authentication applications in ubiquitous computing.  

SciTech Connect (OSTI)

Authentication between mobile devices in ad-hoc computing environments is a challenging problem. Without pre-shared knowledge, existing applications rely on additional communication methods, such as out-of-band or location-limited channels for device authentication. However, no formal analysis has been conducted to determine whether out-of-band channels are actually necessary. We answer this question through formal analysis, and use BAN logic to show that device authentication using a single channel is not possible.

Shin, Dongwan (New Mexico Tech, Socorro, NM); Claycomb, William R.

2010-11-01T23:59:59.000Z

409

U-268: Oracle Database Authentication Protocol Discloses Session...  

Broader source: Energy.gov (indexed) [DOE]

the authentication protocol at the time of this entry. Please visit the Oracle Critical Patch Updates, Security Alerts and Third Party Bulletin for additional information when it...

410

Dos and don'ts of client authentication on the web  

Science Journals Connector (OSTI)

Client authentication has been a continuous source of problems on the Web. Although many well-studied techniques exist for authentication, Web sites continue to use extremely weak authentication schemes, especially in non-enterprise environments such ...

Kevin Fu; Emil Sit; Kendra Smith; Nick Feamster

2001-08-01T23:59:59.000Z

411

Serious leisure, participation and experience in tourism: authenticity and ritual in a renaissance festival  

E-Print Network [OSTI]

the serious festival participation were reminiscent of tourism existential authenticity specified by Wang (1999) as two levels: intrapersonal authenticity (gaining one?s true self) and interpersonal authenticity (gaining true human relationship). A search...

Kim, Hyounggon

2005-02-17T23:59:59.000Z

412

Multiple node remote messaging  

DOE Patents [OSTI]

A method for passing remote messages in a parallel computer system formed as a network of interconnected compute nodes includes that a first compute node (A) sends a single remote message to a remote second compute node (B) in order to control the remote second compute node (B) to send at least one remote message. The method includes various steps including controlling a DMA engine at first compute node (A) to prepare the single remote message to include a first message descriptor and at least one remote message descriptor for controlling the remote second compute node (B) to send at least one remote message, including putting the first message descriptor into an injection FIFO at the first compute node (A) and sending the single remote message and the at least one remote message descriptor to the second compute node (B).

Blumrich, Matthias A. (Ridgefield, CT); Chen, Dong (Croton on Hudson, NY); Gara, Alan G. (Mount Kisco, NY); Giampapa, Mark E. (Irvington, NY); Heidelberger, Philip (Cortlandt Manor, NY); Ohmacht, Martin (Yorktown Heights, NY); Salapura, Valentina (Chappaqua, NY); Steinmacher-Burow, Burkhard (Esslingen, DE); Vranas, Pavlos (Danville, CA)

2010-08-31T23:59:59.000Z

413

Remote information service access system based on a client-server-service model  

DOE Patents [OSTI]

A local host computing system, a remote host computing system as connected by a network, and service functionalities: a human interface service functionality, a starter service functionality, and a desired utility service functionality, and a Client-Server-Service (CSS) model is imposed on each service functionality. In one embodiment, this results in nine logical components and three physical components (a local host, a remote host, and an intervening network), where two of the logical components are integrated into one Remote Object Client component, and that Remote Object Client component and the other seven logical components are deployed among the local host and remote host in a manner which eases compatibility and upgrade problems, and provides an illusion to a user that a desired utility service supported on a remote host resides locally on the user's local host, thereby providing ease of use and minimal software maintenance for users of that remote service.

Konrad, Allan M. (P.O. Box 4023, Berkeley, CA 94704)

1999-01-01T23:59:59.000Z

414

Remote information service access system based on a client-server-service model  

DOE Patents [OSTI]

A local host computing system, a remote host computing system as connected by a network, and service functionalities: a human interface service functionality, a starter service functionality, and a desired utility service functionality, and a Client-Server-Service (CSS) model is imposed on each service functionality. In one embodiment, this results in nine logical components and three physical components (a local host, a remote host, and an intervening network), where two of the logical components are integrated into one Remote Object Client component, and that Remote Object Client component and the other seven logical components are deployed among the local host and remote host in a manner which eases compatibility and upgrade problems, and provides an illusion to a user that a desired utility service supported on a remote host resides locally on the user's local host, thereby providing ease of use and minimal software maintenance for users of that remote service.

Konrad, Allan M. (P.O. Box 4023, Berkeley, CA 94704)

1997-01-01T23:59:59.000Z

415

User Environment  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

User Environment Environment on Genepool When you log into the Genepool system you will land in your $HOME directory on NERSC's "global homes" file system. The global homes file system is mounted across all NERSC computation systems with the exception of PDSF. The $HOME directory has quota of 40GB and 1,000,000 inodes. To customize your environment, by setting environment variables or aliases, you will need to modify one of the "dot" files that NERSC has created for you. You may NOT modify the .bashrc or .cshrc files. These are set to read-only on NERSC systems and specify system specific customizations. Instead you should modify a file called .bashrc.ext or .cshrc.ext. Learn more about the global homes user environment. Important Environment Variables

416

User's Manual  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

User's User's Manual for Pelegant - Yusong Wang, Michael Borland, Robert Soliday - APS Accelerator Systems Division, Advanced Photon Source 1 Introduction Pelegant stands for "parallel elegant," which is a parallelized version of elegant [1]. Written in the C programming language with MPICH, the Pelegant has been successfully ported to several clusters and supercomputers, such as the "weed" cluster (a heterogeneous system of 100 CPUs) at Advanced Photon Source (APS), and the Jazz cluster (350 Intel Xeon CPUs) at Argonne National Lab (ANL) and the BlueGene/L supercomputer (1024 dual PowerPC 440 nodes) at Argonne National Lab. Thanks to careful design in parallelization and good architecture of the serial elegant, the Pelegant achieves very good performance. For example, for a simulation of 10 5 particles in APS including symplectic element-by-element tracking,

417

U-008: Symantec Data Loss Prevention Bugs in KeyView Filter Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

08: Symantec Data Loss Prevention Bugs in KeyView Filter Lets 08: Symantec Data Loss Prevention Bugs in KeyView Filter Lets Remote Users Deny Service U-008: Symantec Data Loss Prevention Bugs in KeyView Filter Lets Remote Users Deny Service October 11, 2011 - 8:00am Addthis PROBLEM: Symantec Data Loss Prevention Bugs in KeyView Filter Lets Remote Users Deny Service PLATFORM: Symantec Data Loss Prevention Enforce/Detection Servers for Windows 10.x, 11.x ABSTRACT: A remote user can create a file that, when processed by the target filter, will cause partial denial of service conditions. reference LINKS: Symantec Security Advisory SYM11-013 SecurityTracker Alert ID: 1026157 IMPACT ASSESSMENT: Medium Discussion: Multiple vulnerabilities were reported in Symantec Data Loss Prevention. A remote user can cause denial of service conditions on the target system.A

418

U-269: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

9: Cisco IOS Intrusion Prevention System DNS Processing Bug 9: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service U-269: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service September 27, 2012 - 4:07am Addthis PROBLEM: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service PLATFORM: Devices configured with Cisco IOS IPS are affected ABSTRACT: A vulnerability was reported in Cisco IOS. reference LINKS: SecurityTracker Alert ID: 1027580 Cisco Security Advisory CVE-2012-3950 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Cisco IOS. A remote user can cause denial of service conditions. A remote user can send specially crafted (but legitimate) DNS packets through the target device to cause the device to

419

U-269: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

9: Cisco IOS Intrusion Prevention System DNS Processing Bug 9: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service U-269: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service September 27, 2012 - 4:07am Addthis PROBLEM: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service PLATFORM: Devices configured with Cisco IOS IPS are affected ABSTRACT: A vulnerability was reported in Cisco IOS. reference LINKS: SecurityTracker Alert ID: 1027580 Cisco Security Advisory CVE-2012-3950 IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Cisco IOS. A remote user can cause denial of service conditions. A remote user can send specially crafted (but legitimate) DNS packets through the target device to cause the device to

420

CMS FNAL Remote Operations Center  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

LHC@FNAL Remote Operations Center (ROC) at Fermilab is located on the first floor of Wilson Hall. From the ROC, shifters perform real-time monitoring of the data recorded by the CMS Experiment. LHC@FNAL Remote Operations Center (ROC) at Fermilab is located on the first floor of Wilson Hall. From the ROC, shifters perform real-time monitoring of the data recorded by the CMS Experiment. ROC WBM / WBM Twiki FNAL ELog Mailing List Agendas / ROC Presentations & Notes WBM Publications Runs CVS SiTracker / MTCC AEM / AEM help Screen Snapshot Service FAQ Accounts & Nodes New User Instructions WebCams CMS Workbook Directories / Glossaries Photos Vidyo / EVO Google / Wikipedia LHC@FNAL Computing Console Map Documents Mailing List One East Mtg Schedule rocshare Telephones To Do List Video Conferencing CMS Shifter CSC DAQ DataOps DQM / FNAL ROC ECAL Event Display HCAL Pixel Trigger Global Run Calendar CMS Live Contact List DAQ Status DAS

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


421

Secure password-based authenticated key exchange for web services  

Science Journals Connector (OSTI)

This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based ... Keywords: authenticated key exchange, password, security, web services

Liang Fang; Samuel Meder; Olivier Chevassut; Frank Siebenlist

2004-10-01T23:59:59.000Z

422

Enhancing CardSpace Authentication Using a Mobile Device  

E-Print Network [OSTI]

, authentication. 1 Introduction In line with the continuing increase in the number of on-line services requir- ing design goals of CardSpace is to reduce reliance on password authentication. We address this limitation, since the additional overhead is handled by the client. The remainder of the paper is

Sheldon, Nathan D.

423

Extreme Users WHY engage with extreme users  

E-Print Network [OSTI]

Extreme Users METHOD WHY engage with extreme users HOW to engage extreme users Designers engage inspiration from their work-arounds and frameworks. When you speak with and observe extreme users, their needs extreme users are often also needs of a wider population. Determine who's extreme Determining who

Prinz, Friedrich B.

424

U-014: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote  

Broader source: Energy.gov (indexed) [DOE]

14: Oracle Java Runtime Environment (JRE) Multiple Flaws Let 14: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service U-014: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service October 19, 2011 - 6:00pm Addthis PROBLEM: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service. PLATFORM: Oracle JDK and JRE 7; JDK and JRE 6 Update 27 and prior; JDK and JRE 5.0 Update 31 and prior; SDK and JRE 1.4.2_33 and prior ABSTRACT: A remote user can create a Java applet or Java Web Start application that, when loaded by the target user, will access or modify data or execute arbitrary code on the target user's system. reference LINKS: Oracle Critical Patch Updates and Security Alerts

425

U-014: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote  

Broader source: Energy.gov (indexed) [DOE]

4: Oracle Java Runtime Environment (JRE) Multiple Flaws Let 4: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service U-014: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service October 19, 2011 - 6:00pm Addthis PROBLEM: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service. PLATFORM: Oracle JDK and JRE 7; JDK and JRE 6 Update 27 and prior; JDK and JRE 5.0 Update 31 and prior; SDK and JRE 1.4.2_33 and prior ABSTRACT: A remote user can create a Java applet or Java Web Start application that, when loaded by the target user, will access or modify data or execute arbitrary code on the target user's system. reference LINKS: Oracle Critical Patch Updates and Security Alerts

426

JC3 Bulletin Archive | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

January 25, 2013 January 25, 2013 V-077: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication A remote user can gain administrative access to the target system. January 24, 2013 V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code A remote authenticated user can execute arbitrary code on the target system. A remote authenticated user can modify the configuration on the target system. A remote user can cause denial of service conditions. January 23, 2013 V-075: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code Two vulnerabilities were reported in EMC AlphaStor. January 22, 2013 V-074: IBM Informix Genero libpng Integer Overflow Vulnerability

427

NIF User Group  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

users NIF User Group The National Ignition Facility User Group provides an organized framework and independent vehicle for interaction between the scientists who use NIF for...

428

T-616: PHP Stream Component Remote Denial of Service Vulnerability |  

Broader source: Energy.gov (indexed) [DOE]

6: PHP Stream Component Remote Denial of Service Vulnerability 6: PHP Stream Component Remote Denial of Service Vulnerability T-616: PHP Stream Component Remote Denial of Service Vulnerability May 5, 2011 - 12:59am Addthis PROBLEM: PHP Stream Component Remote Denial of Service Vulnerability PLATFORM: Ubuntu Linux PHP MandrakeSoft Corporate Server MandrakeSoft Enterprise Server MandrakeSoft Linux Mandrake ABSTRACT: PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable. reference LINKS: SecurityFocus IMPACT ASSESSMENT: Medium Discussion: PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this

429

JC3 Bulletin Archive | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

Java vulnerability to deliver the Poison Ivy RAT onto the unsuspecting victims' machines August 27, 2012 U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication...

430

JC3 Bulletin Archive | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

vulnerabilities were reported in Symantec Messaging Gateway. August 29, 2012 U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative...

431

JC3 Bulletin Archive | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

Remote Authenticated Users Partially Access Data. April 19, 2011 T-605: Oracle Critical Patch Update Advisory - April 2011 A Critical Patch Update is a collection of patches for...

432

JC3 | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

Remote Authenticated Users Partially Access Data. April 19, 2011 T-605: Oracle Critical Patch Update Advisory - April 2011 A Critical Patch Update is a collection of patches for...

433

JC3 Medium Impact Assessment Bulletins | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

February 28, 2012 February 28, 2012 U-112: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated Privileges, Inject SQL Commands, and Spoof Certificates A remote authenticated user can gain elevated privileges. A remote authenticated user can inject SQL commands. A remote user can spoof connections in certain cases. February 27, 2012 U-111: IBM AIX ICMP Processing Flaw Lets Remote Users Deny Service A remote user can send a specially crafted ICMP packet to cause the target service to crash. February 24, 2012 U-110: Samba Bug Lets Remote Users Execute Arbitrary Code A remote user can send specially crafted data to the smbd service to trigger a flaw in chain_reply() and construct_reply() and execute arbitrary code on the target system. February 21, 2012 U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service

434

V-139: Cisco Network Admission Control Input Validation Flaw Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

9: Cisco Network Admission Control Input Validation Flaw Lets 9: Cisco Network Admission Control Input Validation Flaw Lets Remote Users Inject SQL Commands V-139: Cisco Network Admission Control Input Validation Flaw Lets Remote Users Inject SQL Commands April 21, 2013 - 11:50pm Addthis PROBLEM: Cisco Network Admission Control Input Validation Flaw Lets Remote Users Inject SQL Commands PLATFORM: Cisco NAC Manager versions prior to 4.8.3.1 and 4.9.2 ABSTRACT: A vulnerability was reported in Cisco Network Admission Control. REFERENCE LINKS: SecurityTracker Alert ID: 1028451 Cisco Advisory ID: cisco-sa-20130417-nac CVE-2013-1177 IMPACT ASSESSMENT: High DISCUSSION: The Cisco Network Admission Control (NAC) Manager does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

435

T-615: IBM Rational System Architect ActiveBar ActiveX Control Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

5: IBM Rational System Architect ActiveBar ActiveX Control Lets 5: IBM Rational System Architect ActiveBar ActiveX Control Lets Remote Users Execute Arbitrary Code T-615: IBM Rational System Architect ActiveBar ActiveX Control Lets Remote Users Execute Arbitrary Code May 4, 2011 - 7:15am Addthis PROBLEM: A vulnerability was reported in IBM Rational System Architect. A remote user can cause arbitrary code to be executed on the target user's system. PLATFORM: IBM Rational System 11.4 and prior versions ABSTRACT: There is a high risk security vulnerability with the ActiveBar ActiveX controls used by IBM Rational System Architect. reference LINKS: IBM Advisory: 21497689 SecurityTracker Alert ID: 1025464 CVE-2011-1207 Secunia Advisory: SA43399 IMPACT ASSESSMENT: High Discussion: A remote user can create a specially crafted HTML that, when loaded by the

436

V-009: Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

09: Adobe Shockwave Player Buffer Overflows and Array Error Lets 09: Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote Users Execute Arbitrary Code V-009: Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote Users Execute Arbitrary Code October 24, 2012 - 6:00am Addthis PROBLEM: Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote Users Execute Arbitrary Code PLATFORM: Adobe Shockwave Player 11.6.7.637 and earlier versions for Windows and Macintosh ABSTRACT: Several vulnerabilities were reported in Adobe Shockwave. REFERENCE LINKS: Adobe Security bulletin SecurityTracker Alert ID: 1027692 CVE-2012-4172 CVE-2012-4173 CVE-2012-4174 CVE-2012-4175 CVE-2012-4176 CVE-2012-5273 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create specially crafted content that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on

437

U-012: BlackBerry Enterprise Server Collaboration Service Bug Lets Remote  

Broader source: Energy.gov (indexed) [DOE]

12: BlackBerry Enterprise Server Collaboration Service Bug Lets 12: BlackBerry Enterprise Server Collaboration Service Bug Lets Remote Users Impersonate Intra-organization Messages U-012: BlackBerry Enterprise Server Collaboration Service Bug Lets Remote Users Impersonate Intra-organization Messages October 17, 2011 - 9:45am Addthis PROBLEM: BlackBerry Enterprise Server Collaboration Service Bug Lets Remote Users Impersonate Intra-organization Messages. PLATFORM: Exchange and Domino 5.0.3 through 5.0.3 MR4 BlackBerry Client for use with Microsoft Office Communications Server 2007 R2 BlackBerry Client for use with Microsoft Lync Server 2010 ABSTRACT: A vulnerability was reported in BlackBerry Enterprise Server. A remote user can impersonate another messaging user within the same organization. reference LINKS: BlackBerry Security Advisory ID: KB28524

438

Secure password-based authenticated key exchange for web services  

SciTech Connect (OSTI)

This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based authentication and key exchange, while the WS-Trust and WS-Secure Conversation are emerging Web Services Security specifications that extend the WS-Security specification. A prototype of the presented protocol is integrated in the WSRF-compliant Globus Toolkit V4. Further hardening of the implementation is expected to result in a version that will be shipped with future Globus Toolkit releases. This could help to address the current unavailability of decent shared-secret-based authentication options in the Web Services and Grid world. Future work will be to integrate One-Time-Password (OTP) features in the authentication protocol.

Liang, Fang; Meder, Samuel; Chevassut, Olivier; Siebenlist, Frank

2004-11-22T23:59:59.000Z

439

T-659: Update support for RSA Authentication Manager | Department...  

Broader source: Energy.gov (indexed) [DOE]

Manager July 1, 2011 - 7:15am Addthis PROBLEM: Authentication Manager SP4 Patch 4 Windows Server 2008 PLATFORM: Windows Server 2008 SP4 Patch 4 32bit & 64bit...

440

User Facility Training | Advanced Photon Source  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

See Also: See Also: Argonne WBT Argonne eJHQ ACIS Training APS Beamline Shielding Argonne National Laboratory User Facility Training Core Courses: These courses require your badge number and APS web password. If you have forgotten your web password, please click here. A temporary password will be sent to your e-mail address on record. Course Name APS 101 Advanced Photon Source User Orientation (2 year retraining) CNM 101 Center for Nanoscale Materials User Orientation (2 year retraining) ESH 100U Argonne National Laboratory User Facility Orientation (2 year retraining) ESH 223 Cybersecurity Annual Education and Awareness (1 year retraining) ESH 738 GERT: General Employee Radiation Training (2 year retraining) Additional Courses Available Remotely: These courses require your badge number and APS web password. If you have forgotten your web password, please click here. A temporary password will be sent to your e-mail address on record.

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


441

U-188: MySQL User Login Security Bypass and Unspecified Vulnerability |  

Broader source: Energy.gov (indexed) [DOE]

8: MySQL User Login Security Bypass and Unspecified 8: MySQL User Login Security Bypass and Unspecified Vulnerability U-188: MySQL User Login Security Bypass and Unspecified Vulnerability June 12, 2012 - 7:00am Addthis PROBLEM: A security issue and vulnerability have been reported in MySQL PLATFORM: MySQL 5.x ABSTRACT: An error when verifying authentication attempts can be exploited to bypass the authentication mechanism. Reference LINKS: Original Advisory CVE-2012-2122 Secunia Advisory 49409 IMPACT ASSESSMENT: High Discussion: Successful exploitation of this vulnerability requires MySQL to be built on a system with a library that allows "memcmp()" to return a value outside of the -128 through 127 range (e.g. sse-optimized glibc). NOTE: Vendor binaries are reportedly not affected. The security issue is reported in versions prior to 5.1.63 and 5.5.25.

442

2014 NERSC User Survey  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

2014 NERSC User Survey 2014 NERSC User Survey December 17, 2014 by Francesca Verdier (0 Comments) Please take a few minutes to fill out NERSC's annual user survey. Your feedback is...

443

Safety for Users  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Safety for Users Print Safety at the ALS The mission of the ALS is "Support users in doing outstanding science in a safe environment." All users and staff participate in creating a...

444

Safety for Users  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Safety for Users Print Safety at the ALS The mission of the ALS is "Support users in doing outstanding science in a safe environment." All users and staff participate in creating...

445

T-526: Microsoft Internet Explorer 'ReleaseInterface()' Remote Code  

Broader source: Energy.gov (indexed) [DOE]

526: Microsoft Internet Explorer 'ReleaseInterface()' Remote Code 526: Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability T-526: Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability January 3, 2011 - 2:38pm Addthis PROBLEM: Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability PLATFORM: Microsoft Internet Explorer 8.0.7600.16385 ABSTRACT: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 8.0.7600.16385 is vulnerable; other versions may also be affected. reference LINKS: SecurityFocus - Microsoft Internet Explorer

446

Remote inspection system for hazardous sites  

SciTech Connect (OSTI)

Long term storage of special nuclear materials poses a number of problems. One of these is a need to inspect the items being stored from time to time. Yet the environment is hostile to man, with significant radiation exposure resulting from prolonged presence in the storage facility. This paper describes research to provide a remote inspection capability, which could lead to eliminating the need for humans to enter a nuclear storage facility. While there are many ways in which an RI system might be created, this paper describes the development of a prototype remote inspection system, which utilizes virtual reality technology along with robotics. The purpose of this system is to allow the operator to establish a safe and realistic telepresence in a remote environment. In addition, it was desired that the user interface for the system be as intuitive to use as possible, thus eliminating the need for extensive training. The goal of this system is to provide a robotic platform with two cameras, which are capable of providing accurate and reliable stereographic images of the remote environment. One application for the system is that it might be driven down the corridors of a nuclear storage facility and utilized to inspect the drums inside, all without the need for physical human presence. Thus, it is not a true virtual reality system providing simulated graphics, but rather an augmented reality system, which performs remote inspection of an existing, real environment.

Redd, J.; Borst, C.; Volz, R.A.; Everett, L.J. [Texas A and M Univ., College Station, TX (United States). Computer Science Dept.] [Texas A and M Univ., College Station, TX (United States). Computer Science Dept.

1999-04-01T23:59:59.000Z

447

General User Proposals  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

General User Proposals Print General Users are granted beam time through a peer review proposal process. They may use beamlines and endstations provided by the ALS or the...

448

General User Proposals  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Office General User Proposals Print General Users are granted beam time through a peer review proposal process. They may use beamlines and endstations provided by the ALS...

449

Remote Systems Design & Deployment  

SciTech Connect (OSTI)

The Pacific Northwest National Laboratory (PNNL) was tasked by Washington River Protection Solutions, LLC (WRPS) to provide information and lessons learned relating to the design, development and deployment of remote systems, particularly remote arm/manipulator systems. This report reflects PNNLs experience with remote systems and lays out the most important activities that need to be completed to successfully design, build, deploy and operate remote systems in radioactive and chemically contaminated environments. It also contains lessons learned from PNNLs work experiences, and the work of others in the national laboratory complex.

Bailey, Sharon A.; Baker, Carl P.; Valdez, Patrick LJ

2009-08-28T23:59:59.000Z

450

Using Semantics for Automating the Authentication of Web APIs  

E-Print Network [OSTI]

Abstract. Recent technology developments in the area of services on the Web are marked by the proliferation of Web applications and APIs. The implementation and evolution of applications based on Web APIs is, however, hampered by the lack of automation that can be achieved with current technologies. Research on semantic Web services is therefore trying to adapt the principles and technologies that were devised for traditional Web services, to deal with this new kind of services. In this paper we show that currently more than 80 % of the Web APIs require some form of authentication. Therefore authentication plays a major role for Web API invocation and should not be neglected in the context of mashups and composite data applications. We present a thorough analysis carried out over a body of publicly available APIs that determines the most commonly used authentication approaches. In the light of these results, we propose an ontology for the semantic annotation of Web API authentication information and demonstrate how it can be used to create semantic Web API descriptions. We evaluate the applicability of our approach by providing a prototypical implementation, which uses authentication annotations as the basis for automated service invocation. 1

Maria Maleshkova; Carlos Pedrinaci; John Domingue; Guillermo Alvaro; Ivan Martinez

451

V-075: EMC AlphaStor Command Injection and Format String Flaws Let Remote  

Broader source: Energy.gov (indexed) [DOE]

5: EMC AlphaStor Command Injection and Format String Flaws Let 5: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code V-075: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code January 23, 2013 - 12:26am Addthis PROBLEM: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code PLATFORM: EMC AlphaStor 4.0 prior to build 800 (All platforms) ABSTRACT: Two vulnerabilities were reported in EMC AlphaStor. REFERENCE LINKS: ESA-2013-008: SecurityTracker Alert ID: 1028020 Secunia Advisory SA51930 CVE-2013-0928 CVE-2013-0929 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send a specially crafted DCP run command to inject commands and cause the Device Manager (rrobotd.exe) to execute arbitrary code on the target system [CVE-2013-0928].

452

V-075: EMC AlphaStor Command Injection and Format String Flaws Let Remote  

Broader source: Energy.gov (indexed) [DOE]

5: EMC AlphaStor Command Injection and Format String Flaws Let 5: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code V-075: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code January 23, 2013 - 12:26am Addthis PROBLEM: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code PLATFORM: EMC AlphaStor 4.0 prior to build 800 (All platforms) ABSTRACT: Two vulnerabilities were reported in EMC AlphaStor. REFERENCE LINKS: ESA-2013-008: SecurityTracker Alert ID: 1028020 Secunia Advisory SA51930 CVE-2013-0928 CVE-2013-0929 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send a specially crafted DCP run command to inject commands and cause the Device Manager (rrobotd.exe) to execute arbitrary code on the target system [CVE-2013-0928].

453

V-225: McAfee Email Gateway SMTP Processing Flaw Lets Remote...  

Broader source: Energy.gov (indexed) [DOE]

IMPACT: Denial of service via network SOLUTION: The vendor has issued a fix (7.5 Patch 1). Addthis Related Articles U-244: McAfee Email Gateway Lets Remote Users Bypass...

454

V-165: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote...  

Office of Environmental Management (EM)

T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities U-165: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs U-239:...

455

U-265: HP SiteScope Bugs in SiteScope SOAP Feature Let Remote...  

Broader source: Energy.gov (indexed) [DOE]

information. Solution: The vendor has issued a fix. Addthis Related Articles U-121: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting...

456

Safe patch version 0.9 user manual  

SciTech Connect (OSTI)

The SafePatch version 0.9 provides automated analysis of network-based computer systems to determine the status of security patches and distributes needed patches. SafePatch determines what patches need to be installed and what patches are installed on a system. SafePatch will distribute needed patches to the remote system for later installation. For those patches that are installed, SafePatch checks the permissions and ownership of the files referenced in the patch and reports on the attributes that differ from those recommended by the patch. SafePatch also ensures that the system software is authentic (that is, belonging to either a release of an operating system or a patch). The process SafePatch uses to authenticate the software on a system is more reliable and secure than other vendor-specific tools. SafePatch compares the remote system's files with the files from the patches to determine what is actually installed and what needs to be installed. This approach ensures accurate reporting of a system's patch status. It also allows SafePatch to identify files that do not belong to either the original system distribution (for example, Solaris 2.5) or to any patch. These unidentified files may be customized or trojan. Either way these files should be investigated further to determine their exact origin.

Kelley, M

1999-03-01T23:59:59.000Z

457

Specifying authentication using signal events in CSP Siraj A. Shaikh (first and corresponding author)  

E-Print Network [OSTI]

1 Specifying authentication using signal events in CSP Siraj A. Shaikh (first and corresponding in the process algebra Communicating Sequential Processes (CSP) to specify authentication. The purpose, security protocols, CSP, formal specification, Kerberos 1. Introduction Schneider [1] uses Communicating

Doran, Simon J.

458

Efficient authentication scheme for data aggregation in smart grid with fault tolerance and fault diagnosis  

Science Journals Connector (OSTI)

Authentication schemes relying on per-packet signature and per-signature verification introduce heavy cost for computation and communication. Due to its constraint resources, smart grid's authentication requirement cannot be satisfied by this scheme. ...

Depeng Li; Zeyar Aung; John R. Williams; Abel Sanchez

2012-01-01T23:59:59.000Z

459

Remote direct memory access over datagrams  

DOE Patents [OSTI]

A communication stack for providing remote direct memory access (RDMA) over a datagram network is disclosed. The communication stack has a user level interface configured to accept datagram related input and communicate with an RDMA enabled network interface card (NIC) via an NIC driver. The communication stack also has an RDMA protocol layer configured to supply one or more data transfer primitives for the datagram related input of the user level. The communication stack further has a direct data placement (DDP) layer configured to transfer the datagram related input from a user storage to a transport layer based on the one or more data transfer primitives by way of a lower layer protocol (LLP) over the datagram network.

Grant, Ryan Eric; Rashti, Mohammad Javad; Balaji, Pavan; Afsahi, Ahmad

2014-12-02T23:59:59.000Z

460

Quantum-Secure Authentication with a Classical Key  

E-Print Network [OSTI]

Authentication provides the trust people need to engage in transactions. The advent of physical keys that are impossible to copy promises to revolutionize this field. Up to now, such keys have been verified by classical challenge-response protocols. Such protocols are in general susceptible to emulation attacks. Here we demonstrate Quantum-Secure Authentication ("QSA") of an unclonable classical physical key in a way that is inherently secure by virtue of quantum-physical principles. Our quantum-secure authentication operates in the limit of a large number of channels, represented by the more than thousand degrees of freedom of an optical wavefront shaped with a spatial light modulator. This allows us to reach quantum security with weak coherent pulses of light containing dozens of photons, too few for an adversary to determine their complex spatial shapes, thereby rigorously preventing emulation.

Sebastianus A. Goorden; Marcel Horstmann; Allard P. Mosk; Boris kori?; Pepijn W. H. Pinkse

2014-06-03T23:59:59.000Z

Note: This page contains sample records for the topic "remote authenticated users" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


461

Remote actuated valve implant  

SciTech Connect (OSTI)

Valve implant systems positionable within a flow passage, the systems having an inlet, an outlet, and a remotely activatable valve between the inlet and outlet, with the valves being operable to provide intermittent occlusion of the flow path. A remote field is applied to provide thermal or magnetic activation of the valves.

McKnight, Timothy E; Johnson, Anthony; Moise, Jr., Kenneth J; Ericson, Milton Nance; Baba, Justin S; Wilgen, John B; Evans, III, Boyd McCutchen

2014-02-25T23:59:59.000Z

462

Remotely Deployed Virtual Sensors  

E-Print Network [OSTI]

Remotely Deployed Virtual Sensors TR-UTEDGE-2007-010 Sanem Kabadayi Christine Julien © Copyright 2007 The University of Texas at Austin #12;Remotely Deployed Virtual Sensors Sanem Kabadayi that run on mobile client devices connect to the sensors of a multihop sensor network. For emerging

Julien, Christine

463

T-650: Microsoft Word Unspecified Flaw Lets Remote Users Execute...  

Broader source: Energy.gov (indexed) [DOE]

vulnerability has been reported in Microsoft Office Word. The vulnerability is due to memory corruption when parsing a specially crafted Word file. Impact: An attacker can exploit...

464

U-277: Google Chrome Multiple Flaws Let Remote Users Execute...  

Broader source: Energy.gov (indexed) [DOE]

A crash may occur in Skia text rendering CVE-2012-2900. A race condition may occur in audio device handling CVE-2012-5108. An out-of-bounds read may occur in ICU regex...

465

VISION 2008 User's Guide  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

VISION 2008 User's Guide VISION 2008 User's Guide ANL-08/34 Energy Systems Division VISION 2008 User's Guide ANL-08/34 User's Guide by J. Ward Vehicle Technologies Program, U.S. Department of Energy, Energy Efficiency and Renewable Energy VISION model by A. Vyas and M. Singh Transportation Technology R&D Center, Argonne National Laboratory October 2008 VISION 2008 User's Guide October 2008 i Table of Contents Copyright Notification .............................................................................................................................. ii List of Abbreviations ................................................................................................................................ iii

466

Current Projects: Product Authenticity Tags - Vulnerability Assessment Team  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Product Authenticity Tags Product Authenticity Tags VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

467

FACET User Facility  

Broader source: All U.S. Department of Energy (DOE) Office Webpages

AD SLACPortal > Accelerator Research Division > FACET User Facility AD SLACPortal > Accelerator Research Division > FACET User Facility Sign In Launch the Developer Dashboard SLAC National Accelerator Laboratory DOE | Stanford | SLAC | SSRL | LCLS | AD | PPA | Photon Science | PULSE | SIMES FACET User Facility : FACET An Office of Science User Facility Search this site... Search Help (new window) Top Link Bar FACET User Facility FACET Home About FACET FACET Experimental Facilities FACET Users Research at FACET SAREC Expand SAREC FACET FAQs FACET User Facility Quick Launch FACET Users Home FACET Division ARD Home About FACET FACET News FACET Users FACET Experimental Facilities FACET Research Expand FACET Research FACET Images Expand FACET Images SAREC Expand SAREC FACET Project Site (restricted) FACET FAQs FACET Site TOC All Site Content

468

Users from Industry  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Users from Industry Users from Industry Users from Industry Print The Advanced Light Source (ALS) welcomes industrial users from large and small companies whose projects advance scientific knowledge, investigate the development of new products and manufacturing methods, or provide economic benefits and jobs to the economy. The nature of industrial research can be different from traditional university and government sponsored projects, so the ALS has created unique opportunities for new and existing industrial users to access our user facilities and engage in productive relationships with our scientific and engineering staff. Examples of past and current research conducted at the ALS can be viewed on the Industry @ ALS Web page. There are several modes of access; the ALS User and Scientific Support Groups are especially committed to helping new industrial users gain a foothold in our user community and welcome inquiries about how to make that happen.

469