5111 matches found
CVE-2024-5462
If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords ...
CVE-2024-35110
A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker...
Exploit for Cross-site Scripting in Roundcube Webmail
CVE-2024-42009 PoC: Email Capture Listener & XSS Exploit O...
Azure Linux 3.0 Security Update: libpcap / nmap (CVE-2023-7256)
The version of libpcap / nmap installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-7256 advisory. - In affected libpcap versions during the setup of a remote packet capture the internal function...
Azure Linux 3.0 Security Update: libpcap / nmap (CVE-2024-8006)
The version of libpcap / nmap installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-8006 advisory. - Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remo...
ABB Cylon FLXeon 9.3.4 wsConnect.js WebSocket Command Spawning
ABB Cylon FLXeon version 9.3.4 is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. This command captures network traffic and filters it on serial ports 4855 and 4851, which are relevant to the device's services. The vulnerability ca...
CVE-2021-39196
pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filte...
CVE-2022-24831
OpenClinica is an open source software for Electronic Data Capture EDC and Clinical Data Management CDM. Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatenation to create SQL queries instead of prepared statements. No known workarounds exist. This issue has...
CVE-2024-50338
Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...
Medium: wireshark
Issue Overview: ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file CVE-2024-11596 Buffer Overflow vulnerability in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service v...
Medium: wireshark
Issue Overview: ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file CVE-2024-11596 Buffer Overflow vulnerability in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service v...
Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2025-837)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-837 advisory. ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file CVE-2024-11596 Buffer Overflow vulnerability in Wiresha...
CVE-2024-0860
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests...
Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities
Summary The product includes multiple vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to...
CVE-2024-27137
In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...
CVE-2024-12511
With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access...
CVE-2024-12511 SMB/FTP Address Book Scan Pass-back attack
With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access...
CVE-2024-12511 SMB/FTP Address Book Scan Pass-back attack
With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access...
CVE-2024-12511
CVE-2024-12511 is a Xerox VersaLink pass-back vulnerability affecting VersaLink MFPs (C7020/7025/7030 series) up to firmware 57.69.91. An attacker with printer/admin access and configured SMB/FTP scan could alter the user address book to redirect SMB/FTP traffic to a rogue host, allowing capture ...
Xerox Versalink 安全漏洞
Xerox VersaLink is a line of commercial printers from Xerox Corporation USA. A security vulnerability exists in Xerox Versalink that originates from access via the address book and can modify SMB/FTP settings, redirect scans and potentially capture credentials...