CVE-2017-6432

The CVE-2017-6432 entry concerns Dahua DHI-HCVR7216A-S3 devices (firmware 3.210.0001.10, build 2016-06-06). The Dahua DVR protocol on TCP port 37777 is an unencrypted binary protocol; a Man-in-the-Middle can sniff and inject packets, enabling creation of fully privileged new users and capture of ...

Huawei HG658 V2 Cross Site Scripting

HUAWEI HG658 V2 = Modem Web Interface Reflected XSS Vulnerability My + Discovered by: KnocKout Contact : [email protected] HomePage : http://cyber-warrior.org Software info |Hardware/Web App : HUAWEI |Affected Version : HG658 V2 |Official Web: http://www.huawei.com INFO the same network with...

CVE-2017-6471

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length...

CVE-2017-6472

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value...

CVE-2017-6469

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure...

Packet Capture Use Examples

Intended Audience This article is not intended as a guide to using tshark or tcpdump. Links to the manuals for those products can be found in theMore Information section of this article. This article intends to provide customers with examples of the capture methods used by Veeam Support. There is...

Wireshark 2.2.x < 2.2.5 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.2.5. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.2.5 advisory. - In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet...

Wireshark 2.2.x < 2.2.5 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 2.2.5. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.2.5 advisory. - In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection o...

Android Package Inspector: Inspeckage

Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime. Inspeckage will let you interact with some elements of the app, such as...

UBUNTU-CVE-2017-6472

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value...

CVE-2017-6473

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets...

Code injection

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records...

CVE-2017-6472

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value...

ALPINE-CVE-2017-6469

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure...

CVE-2017-6471

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length...

ALPINE-CVE-2017-6468

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records...

UBUNTU-CVE-2017-6470

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness...

DEBIAN-CVE-2017-6467

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size...

DEBIAN-CVE-2017-6474

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes...

UBUNTU-CVE-2017-6474

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes...