The vulnerability of the rpcapd/daemon.c component in the libpcap library allows a hacker to trigger a service failure.

The vulnerability of the rpcapd/daemon.c component in the libpcap library is related to pointer arithmetic errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

KKCMS suffers from SQL injection vulnerability (CNVD-2020-30168)

kkcms is an open source video capture and playback system. KKCMS suffers from SQL injection vulnerability. Attackers can exploit the vulnerability to obtain sensitive information in the database...

CVE-2018-8956

CVE-2018-8956 affects ntp (ntpd) in ntp 4.2.8p10–4.2.8p13. A remote attacker can prevent a broadcast client from synchronizing with a broadcast NTP server by sending spoofed soofed mode 3/5 packets. Exploitation requires access to the same broadcast network or control of a slave that can relay pa...

[SECURITY] Fedora 30 Update: wireshark-3.2.3-1.fc30

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...

MITRE ATT&CK Evaluation Demonstrates the Power of the VMware Carbon Black Cloud

MITRE has released the results for its latest endpoint detection and response EDR product evaluation using its now industry-standard open methodology, the ATT&CK® framework. This year’s results further demonstrate why VMware Carbon Black, now a two-time participant, is a top choice of security an...

SCANNER-INURLBR

It is an offensive tool for web application vulnerability scanning. The primary CVE ID present in the context is not explicitly mentioned, but the tool is designed for Google Hacking and web application vulnerability scanning. The target product/service or framework is not explicitly stated, but...

DEBIAN-CVE-2020-11724

An issue was discovered in OpenResty before 1.15.8.4. ngxhttpluasubrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API...

UBUNTU-CVE-2020-11724

An issue was discovered in OpenResty before 1.15.8.4. ngxhttpluasubrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API...

Cross-site Scripting (XSS)

SeaMonkey is vulnerable to cross-site scripting XSS. The attack is possible because remote attackers can perform cross-origin keystroke capture, and possibly conduct cross-site scripting XSS attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object...

wireshark security and bug fix update

1.10.14-24.0.1 - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect 1.10.14-24 - Related: 1613034 - Typo in the previous patch discovered by covscan 1.10.14-23 - Related: 1613034 - Fixing an infinite loop created by previous update 1.10.14-22 - Related: 1633330 - fixing a...

FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG

As developers of the network simulation tool FakeNet-NG, reverse engineers on the FireEye FLARE team, and malware analysis instructors, we get to see how different analysts use FakeNet-NG and the challenges they face. We have learned that FakeNet-NG provides many useful features and solutions of...

PT-2022-6561 · Gitea +1 · Gitea +1

Name of the Vulnerable Software and Affected Versions: Gitea versions prior to 1.11.2 Description: The issue is related to trusting HTTP permission methods on the server side when referencing the vulnerable admin or user API, which could allow a remote malicious user to execute arbitrary code. It...

Wiper Malware Called "Coronavirus" Spreads Among Windows Victims

A new Windows malware has emerged that makes disks unusable by overwriting the master boot record MBR. It takes its cue from the COVID-19 pandemic, calling itself simply “Coronavirus.” Overwriting the MBR is the same trick that the infamous NotPetya wiper malware used in 2017 in a campaign that...

CVE-2020-10508

Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...

CVE-2020-10508 Sunnet eHRD - Sensitive Data Exposure

Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...

CVE-2020-6972

In Notifier Web Server NWS Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser...

CVE-2020-6972

In Notifier Web Server NWS Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser...

Authentication flaw

In Notifier Web Server NWS Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser...

CVE-2020-6972

In Notifier Web Server NWS Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser...

CVE-2020-6972

CVE-2020-6972 affects Honeywell/NWS Notifier Web Server (NWS-3) versions 3.50 and earlier. The vulnerability is an authentication bypass by a capture-replay attack from a web browser, with CVSS v3.1 base score 9.1 (Network, Privileges None, User Interaction None; Confidentiality/Integrity High, A...