Design/Logic Flaw

The management console on Symantec Web Gateway SWG appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture."...

CVE-2015-5693

The management console on Symantec Web Gateway SWG appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture."...

DARPA Protecting Software From Reverse Engineering Through Obfuscation

Researchers with a DARPA-led team are looking into new ways to combat reverse engineering by using obfuscation to tidy up shoddy commercial and government security. Researchers with the unit, dubbed the SafeWare program, are hoping to develop new methods, bolstered by encryption, to obscure...

Amazon Linux: Security Advisory (ALAS-2014-358)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 23 Update: wireshark-1.12.7-2.fc23

Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package...

CVE-2015-6510

Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 srctrack, 2 usemfstmpsize, or 3 usemfsvarsize parameter to systemadvancedmisc.php; the 4 port, 5 snaplen, or 6 count parameter to diagpacketcapture.php...

python-oauth2: _check_signature() ignores the nonce value when validating signed urls

It was found that python-oauth2 did not properly verify the nonce of a signed URL. An attacker able to capture network traffic of a website using OAuth2 authentication could use this flaw to conduct replay attacks against that website...

BetterCap - A complete, modular, portable and easily extensible MITM framework

BetterCap is an attempt to create a complete, modular, portable and easily extensible MITM framework with every kind of features could be needed while performing a man in the middle attack. It's currently able to sniff and print from the network the following informations: URLs being visited. HTT...

XSS Payload Management Framework: Sleepy Puppy

Sleepy Puppy is a cross-site scripting XSS payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time. Why Should I use Sleepy Puppy? Often when testing for client side injections HTML/JS/etc. security engineers are looking fo...

Enter: Potential for financial loss, negative Values for "Buy fee" and "Sell Fee"

Issue It is possible to set negative values for the Buy Fee and Sell Fee, which will cause unexpected transfers etc. as these settings override the settings at the location. PoC 1. Go to the Operator Wallet's Settings. 2. Click on the users tab. 3. Select any user. 4. Go to settings tab of that...

KMPlayer 3.9.1.136 - Capture Unicode Buffer Overflow (ASLR Bypass)

!/usr/bin/python KMPlayer 3.9.1.136 Capture Unicode Buffer Overflow ASLR Bypass Author: Naser Farhadi Date: 21 June 2015 Version: 3.9.1.136 Tested on: Windows 7 SP1 32 bit Usage: chmod +x KMPlayer.py python KMPlayer.py Alt+c | Video Capture | Alt+a | Audio Capture paste content of KMPlayer.txt in...

Super cannon Great Cannon）defect inquiry of JS bloomer-vulnerability warning-the black bar safety net

Following the last post in the black bar to secure the article on the super cannon Great Cannon）defect inquiry of TTL article, we reference from abroad, a research organization for the event post-mortem analysis, as well as by being an attack site log and capture the code on a bloomer, locking Th...

SUSE SLED10 / SLES10 Security Update : xorg-x11-server (SUSE-SU-2013:0857-1)

In some cases, input events are sent to X servers not currently the VT owner, allowing a user to capture passwords. This update fixes this issue. CVE-2013-1940 has been assigned to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...

WordPress vTiger Plugin - Unknown Vulnerability

This plugin is prone to CRM lead capture unspecified vulnerability. Solution Update the plugin...

CVE-2015-1848

The CVE-2015-1848 entry concerns the PCS daemon (pcsd) in PCS 0.9.137 and earlier failing to set the Secure flag on cookies in HTTPS sessions (CVE-2015-1848); CVE-2015-3983 covers the related issue of not setting the HttpOnly flag. Multiple open-source advisories (Fedora/CentOS and related feeds)...

FastNetMon - Very Fast DDoS Analyzer with Sflow/Netflow/Mirror Support

A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines NetFlow, IPFIX, sFLOW, netmap, PFRING, PCAP. What can we do? We can detect hosts in our own network with a large amount of packets per second/bytes per second or flow per second incoming or outgoing from...

[security bulletin] HPSBPI03315 rev.1 - HP Capture and Route Software, Remote Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04633710 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04633710 Version: 1 HPSBPI03315 rev....

HP Capture and Route information disclosure

No description provided...

SmartSniff v2.17 - Capture TCP/IP packets on your network adapter

SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode for text-based protocols, like HTTP...

HP Capture and Route Software Remote Information Disclosure Vulnerability

HP Capture and Route Software is one of the HP JetAdvantage Workflow Solution to effectively manage, update, and store information. A remote information disclosure vulnerability exists in HP Capture and Route Software. This vulnerability could be exploited by an authenticated, remote attacker to...