GTA WAF GB-OS v6.2.02 - Bypass & Persistent Vulnerability

Document Title: =============== GTA WAF GB-OS v6.2.02 - Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1713 Release Date: ============= 2016-02-24 Vulnerability Laboratory ID VL-ID: ====================================...

NetworkMiner 2.0 - Network Forensic Analysis Tool (NFAT)

NetworkMiner is a Network Forensic Analysis Tool NFAT for Windows but also works in Linux / Mac OS X / FreeBSD. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the...

Oh Snap! Lenovo protects your Security with '12345678' as Hard-Coded Password in SHAREit

What do you expect a tech giant to protect your backdoor security with? Holy Cow! It's "12345678" as a Hard-Coded Password. Yes, Lenovo was using one of the most obvious, awful passwords of all time as a hard-coded password in its file sharing software SHAREit that could be exploited by anyone wh...

HackerOne: HTML injection can lead to data theft

Hey, This is more like an in-depth security thing with a reasonable attack scenario. In some occasions, it seems to be possible to leak sensitive data to an external server, not affected by the CSP. This can happen in the following situation: 1. There's a HTML injection vulnerability 2. The...

[SECURITY] Fedora 23 Update: wireshark-1.12.9-1.fc23

Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package...

Capturing and Analyzing Network Flow Data: Joy

A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring. Joy is a BSD-licensed libpcap-based software package for extracting data features from live network traffic or packet capture pcap files, using a flow-oriented mod...

Packet Capture Utility: Stenographer

Stenographer is a full-packet-capture utility for buffering packets to disk for intrusion detection and incident response purposes. It provides a high-performance implementation of NIC-to-disk packet writing, handles deleting those files as disk fills up, and provides methods for reading back...

Cisco Jabber for Windows STARTTLS Downgrade Vulnerability

Cisco Jabber for Windows is a unified communications, collaborative work application. A security vulnerability exists in the Send Screen Capture feature of Cisco Jabber for Windows. An attacker could exploit the vulnerability to cause a client to establish an XMPP connection in plain text...

Seemingly tasteless ESPCMS background injected, can actually be a lot of fun-vulnerability warning-the black bar safety net

Yesterday, the black bar safety net loophole platform exposes a ESPCMS of injection vulnerabilities, Ali cloud computing security attack and defense against a team of friends first time on the vulnerability to do an impact assessment. Did not think need to login to the backend before it can be...

HTTPNetworkSniffer v1.50 - Packet Sniffer Tool That Captures All HTTP Requests/Responses

HTTPNetworkSniffer is a packet sniffer tool that captures all HTTP requests/responses sent between the Web browser and the Web server and displays them in a simple table. For every HTTP request, the following information is displayed: Host Name, HTTP method GET, POST, HEAD, URL Path, User Agent,...

UBUNTU-CVE-2015-7830

The pcapngreadifdescrblock function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service incorrect free and application crash via a crafted packet that triggers...

IBM Security QRadar Incident Forensics Man-in-the-Middle Attack Vulnerability (CNVD-2015-07479)

IBM Security QRadar Incident Forensics is a suite of security forensic investigation software from IBM. The software supports in-depth forensic investigations of suspected malicious network security incidents, and repair network security vulnerabilities. IBM Security QRadar Incident Forensics 7.2...

Network Forensic Analysis Tool: Xplico

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols, all HTTP contents, each VoIP call SIP, FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is ...

iBackDoor: High-Risk Code Hits iOS Apps

Introduction FireEye mobile researchers recently discovered potentially “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded functionality in iOS apps that used the library to display...

MIT Scientists: Now You Can See Through Walls with Wi-Fi

Forget about Superman's X-rays vision, you can now see through walls using WI-FI device only. Scientists at MIT's Computer Science and Artificial Intelligence Lab CSAIL have developed a device that uses WiFi signals to effectively see through walls and other obstacles, and identify which persons...

The vulnerability of the Android operating system allows a hacker to bypass the user’s warning when a screenshot is taken and gain access to the protected information.

The vulnerability of the Media Projection component in the Android operating system is related to deficiencies in access control for certain functions. Exploiting this vulnerability allows a malicious actor to bypass user notifications about screen capture and gain access to protected information...

Android 5.0 screen recording Vulnerability, CVE-2 0 1 5-3 8 7 8 threat early warning-vulnerability warning-the black bar safety net

The first Chapter exploits the principles of One, Android 5.0 new features Android 5.0 added screen recording interface, no special permissions, using the following system APIS to realize screen recording function: ! To initiate a recording request, the system POPs up the following message box...

[SECURITY] Fedora 22 Update: wireshark-1.12.7-2.fc22

Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package...

Network Security Toolkit: NST

Network Security Toolkit NST is a bootable ISO image Live DVD based on Fedora providing easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x8664 platforms. The main intent of developing this toolkit was to provide the security professional and networ...

CVE-2015-5693

The management console on Symantec Web Gateway SWG appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture."...