Vulnerability of the print-rsvp.c:rsvp_obj_print() utility for capturing and analyzing network traffic with tcpdump: This utility allows a intruder to gain unauthorized access to information and compromise its integrity and availability.

The vulnerability in the print-rsvp.c:rsvpobjprint utility for capturing and analyzing network traffic using tcpdump is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access to information and compromise...

Vulnerability of the print-bgp.c:bgp_capabilities_print() function in the packet capture and analysis tool tcpdump: This function allows a malicious actor to gain unauthorized access to information and compromise its integrity and availability.

The vulnerability in the print-bgp.c:bgpcapabilitiesprint utility for capturing and analyzing network traffic using tcpdump is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to information and...

Security Bulletin: OpenSSL as used by IBM QRadar Network Packet Capture is vulnerable to (CVE-2019-1559)

Summary The software does not implement a required step in a cryptographic algorithm Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can...

CVE-2019-16565

A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2019-16566

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2019-16566

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Design/Logic Flaw

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2019-16574

CVE-2019-16574 affects the Jenkins Alauda DevOps Pipeline Plugin up to version 2.3.2. The root cause is a missing permission check that allows attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified credentials IDs, thereby potentially capturing credentials st...

CVE-2019-16573

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2019-16565

A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Vulnerability in the print-icmp.c:icmp_print() utility for capturing and analyzing network traffic with tcpdump: This allows a intruder to gain unauthorized access to information and compromise its integrity and availability.

The vulnerability in the print-icmp.c function, specifically the icmpprint utility for capturing and analyzing network traffic using tcpdump, is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access to...

Omron PLC CJ and CS Series

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Omron Equipment : PLC CJ and CS Series Vulnerabilities : Authentication Bypass by Spoofing, Authentication Bypass by Capture-replay, Unrestricted Externally Accessible Lock 2. UPDATE This updated...

USN-4221-1: libpcap vulnerability

It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service memory exhaustion...

USN-4221-1 libpcap vulnerability

It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service memory exhaustion...

CVE-2019-16674

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network...

CVE-2019-16674

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network...

CVE-2019-16674

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network...

OwnCloud 8.1.8 - Username Disclosure

Exploit Title: OwnCloud 8.1.8 - Username Disclosure Exploit Author : Daniel Moreno Exploit Date: 2019-11-29 Vendor Homepage : https://owncloud.org/ Link Software : https://ftp.icm.edu.pl/packages/owncloud/ old version. Download at your own risk Tested on OS: CentOS PoC: 1. Create an account in...

EulerOS 2.0 SP2 : wireshark (EulerOS-SA-2019-2425)

According to the versions of the wireshark packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Wireshark is a network traffic analyzer for Unix-ish operating systems.This package lays base for libpcap, a packet capture and filtering...