Hunt CCTV Credential Disclosure

Hunt CCTV and generics brands Insufficient Authentication January 17, 2013 - A. Ramos -- CVE ID: CVE-2013-1391 reserved -- Affected Vendors: Hunt CCTV http://www.huntcctv.com/ generic brands from Hunt Capture CCTV http://www.capturecctv.ca/ NoVus CCTV http://www.novuscctv.com/ Well-Vision Inc...

Wireshark: Dos via large buffer allocation request

Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service application crash via a long packet in a 1 Accellent 5Views aka .5vw file, 2 I4B trace file, or 3 NETMON 2 capture file...

wireshark: multiple file parser vulnerabilities (wnpa-sec-2012-01)

The dissectpacket function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service application crash via a long packet in a capture file, as demonstrated by an airopeek file...

Nexpose Security Console Session Capture

Product: Nexpose Security Console Vendor: Rapid7 Version: ’ is replaced by ‘nexposeCCSessionID=;time-zone-offset=000. 5. Success. Vendor Notified: Yes Vendor Response: Quickly escalated and resolved. Vendor Update: Remediated in 5.5.4. Reference: CVE-2012-6494...

ECShop all version SQL injection 0day-vulnerability warning-the black bar safety net

Thanks owed to the killing of the Black Box Any goods added to the shopping cart fill in your delivery address of that page, there is the region of choice flow. php? step=consignee&directshopping=1 For example, the province select Anhui Wherein the POST data as follows country=1&province=3&city=3...

Twitter for iPhone - Man in the Middle Security

source: https://www.securityfocus.com/bid/56665/info Twitter for iPhone is prone to a security vulnerability that lets attackers to perform a man-in-the-middle attack. Attackers can exploit this issue to capture and modify pictures that the user sees in the application. Twitter for iPhone 5.0 is...

Twitter 5.0 Eavesdropping Proof Of Concept

Twitter App vulnerable to eavesdropping Vendor: Twitter Inc. Product: Twitter 5.0 Tested on: iPhone 4 iOS 6.0 Vendor notification: Nov 10, 2012. Risk level: Low Researcher: Carlos Reventlov Link: http://reventlov.com/advisories/twitter-app-vulnerable-to-partial-mitm The Twitter 5.0 app for the...

CTF365 – Capture The Flag – Next Generation

Prepare your tools, build your team, defend your country and conquer the World. It is well known that the best way to learn security is hands on. It's the kind of experience you earn in pentest labs or CTF competitions based on challenges or defensive and offensive security and it's aimed at...

[Cookie Cadger] v.0.9

An auditing tool for Wi-Fi or wired Ethernet connections Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests. Cookie Cadger works on Windows, Linux, or Mac, and requires Java 7. Using Cookie Cadger requires having “tshark” – a utility which i...

A Recruitment System 0day a gold-bug warning-the black bar safety net

Google: the keywords: inurl:IndexPerson. asp inurl:headhunt ! Use steps: 1. Front Desk registered users 2. Upload photos ! 3. Capture 4. Modification packet nc truncated to submit ! If the directory can not write the situation, change the Upload Directory to...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Clinical/Remote Data Capture component in Oracle Industry Applications 4.6.0 and 4.6.2 allows remote authenticated users to affect confidentiality, related to HTML Surround...

CVE-2012-1763

CVE-2012-1763 affects Oracle Clinical/Remote Data Capture in Oracle Industry Applications 4.6.0 and 4.6.2. The vulnerability, related to HTML Surround, allows remote authenticated users to affect confidentiality (partial impact). CVSS metrics from NVD indicate network access with single authentic...

Authentication Capture: PostgreSQL

This module provides a fake PostgreSQL service that is designed to capture clear-text authentication credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Authentication Capture:...

Mandriva Linux Security Advisory : wireshark (MDVSA-2011:138)

This advisory updates wireshark to the latest version 1.6.2, fixing several security issues : The prototreeadditem function in Wireshark 1.6.1, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service infinite loop via vectors involving a...

Mandriva Linux Security Advisory : mozilla (MDVSA-2011:192)

Security issues were identified and fixed in mozilla firefox and thunderbird : The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service out-of-bounds...

Windows Manage Remote Packet Capture Service Starter

This module enables the Remote Packet Capture System rpcapd service included in the default installation of Winpcap. The module allows you to set up the service in passive or active mode useful if the client is behind a firewall. If authentication is enabled you need a local user account to captu...

CVE-2012-3548

The dissectdrda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a small value for a certain length field in a capture file...

Design/Logic Flaw

The dissectdrda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a small value for a certain length field in a capture file...

UBUNTU-CVE-2012-3548

The dissectdrda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a small value for a certain length field in a capture file...

CVE-2012-3548

The dissectdrda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a small value for a certain length field in a capture file...