Code injection

The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user...

CVE-2021-38459 AUVESY Versiondog

The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user...

CVE-2021-38459

CVE-2021-38459 affects AUVESY Versiondog. The vulnerability allows authentication at SYSDBA level by capturing initial handshake data and replaying it, provided a specific executable isn’t restarted frequently. Impact per sources includes the ability to change user passwords or delete the databas...

Packet-Sniffer - A pure-Python Network Packet Sniffing Tool

A simple pure-Python network packet sniffer. Packets are disassembled as they arrive at a given network interface controller and their information is displayed on the screen. This application maintains no dependencies on third-party modules and can be run by any Python 3.x interpreter. Installati...

Security Bulletin: Kernel as used by IBM QRadar Network Packet Capture contains multiple vulnerabilities

Summary Kernel as used by IBM QRadar Network Packet Capture contains multiple vulnerabilities Vulnerability Details CVEID: CVE-2020-12362 DESCRIPTION: Intel Graphics Drivers could allow a local authenticated attacker to gain elevated privileges on the system, caused by an integer overflow in the...

Async-h1 request smuggling possible with long unread bodies

Impact This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the body of a request which is longer than some buffer length, async-h1 will attempt to read a subsequent request from the body content...

IFSC Code Finder Project 1.0 - SQL injection (Unauthenticated)

Title: IFSC Code Finder Project 1.0 - SQL injection Unauthenticated Exploit Author: Yash Mahajan Date: 2021-10-07 Vendor Homepage: https://phpgurukul.com/ifsc-code-finder-project-using-php/ Version: 1 Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=14478 Tested On: Windows...

CVE-2020-21503

waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free...

CVE-2020-21503

waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free...

Design/Logic Flaw

waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free...

CVE-2020-21503

waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free...

Encrypted & Fileless Malware Sees Big Growth

A full 91.5 percent of malware was delivered using HTTPS-encrypted connections in the second quarter, researchers said, making attacks more evasive. That’s according to WatchGuard Technologies’ latest report on findings within its telemetry, which also found that these detections come primarily...

Open Redirect in firefly-iii/firefly-iii

Steps: 1. Login in application and and navigate to bill section and create bill and capture the request. Web applications use different techniques to redirect users to the next page. Apps may use URL query parameters, header values, with JavaScript code, or it may be backend code. In case of this...

PayloadsAllTheThings

It is an offensive tool for Web Application Security. The repository, PayloadsAllTheThings, contains a list of useful payloads and bypass techniques for web application security and penetration testing/CTF. The provided code snippet is a GitHub funding model configuration file .github/FUNDING.yml...

Exploit for CVE-2021-38647

cve-2021-38647 https://github.com/corelight/CVE-2021-38647 wit...

DEBIAN-CVE-2020-23273

Heap-buffer overflow in the randomizeiparp function in editpacket.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service DOS via a crafted pcap...

U.S. Dept Of Defense: Expired SSL Certificate allows credentials steal

Hi security Team! I've found this website with no valid SSL Certificate. https://██████████ Certificate has expired 314 days ago. Impact Error message can appear on page and user can have his credentials stolen by an attacker capturing the network data. System Hosts ███████ Affected Products and...

CVE-2021-27662 KT-1 Capture-replay

The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01...

The vulnerability of the IBM InfoSphere Data Replication and IBM InfoSphere Change Data Capture software configurations allows attackers to bypass the authentication process.

The vulnerability of the IBM InfoSphere Data Replication and IBM InfoSphere Change Data Capture software configurations is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to bypass the authentication process remotely...

EulerOS 2.0 SP2 : wireshark (EulerOS-SA-2021-2438)

According to the versions of the wireshark packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Wireshark is a network traffic analyzer for Unix-ish operating systems.This package lays base for libpcap, a packet capture and filtering...