[SECURITY] Fedora 22 Update: netty-4.0.28-1.fc22

Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. 'Quick and easy' doesn't mean that a resulting application wil...

Bacula - Network Backup Tool for Linux, Unix, Mac, and Windows

Bacula is a set of computer programs that permits the system administrator to manage backup, recovery, and verification of computer data across a network of computers of different kinds. Bacula can also run entirely upon a single computer and can backup to various types of media, including tape a...

Maligno v2.0 - Metasploit Payload Server

Maligno is an open source penetration testing tool written in Python that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded prior to transmission. Maligno also comes with a client tool, which...

CVE-2015-1595

The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream...

Host Based Intrusion Detection System: Samhain

The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. samhain is a file and host integrity and intrusion alert system...

nss: Do not allow p-1 as a public DH value (MFSA 2014-12)

It was found that NSS accepted weak Diffie-Hellman Key exchange DHKE parameters. This could possibly lead to weak encryption being used in communication between the client and the server...

EasyCafe 2.1/2.2 Security Restriction Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19401/info EasyCafe is prone to a vulnerability that lets attackers bypass security restrictions. This issue occurs because the application fails to prevent an attacker from gaining unauthorized access to a client compute...

NetSaro Enterprise Messenger 2.0 - Multiple Vulnerabilities

No description provided by source. =================================================== Secur-I Research Group Security Advisory SV-2011-004 =================================================== Title: NetSaro Enterprise Messenger v2.0 Multiple Vulnerabilities Product: Enterprise Messenger Server...

IBM Network Station Manager 2.0 R1 Race Condition Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/900/info IBM's Network Station Manager is a client/server application which facilitates management for IBM Network Stations. It is possible to locally gain root priviliges on hosts running the NetStation daemon. NetStatio...

Mah-Jong 1.4 Client/Server Remote sscanf() Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8557/info A remote buffer overflow vulnerability when calling the sscanf function has been reported to affect the mah-jong game client and server programs. The issue occurs within seperate source files, however the code...

McKesson Pathways Homecare 6.5 Weak Username and Password Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3653/info McKesson Pathways Homecare is a client/server application which is used to track patient information, billing information and medical records for home care patients. The administrative username and password are...

Network Audio System: Multiple vulnerabilities

Background Network Audio System is a network transparent, client/server audio transport system. Description Multiple vulnerabilities have been discovered in Network Audio System. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly...

X.Org X Server: Multiple vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could execute arbitrary...

[SECURITY] Fedora 20 Update: community-mysql-5.5.37-1.fc20

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

Symantec Endpoint Protection Manager 12.1.x - SEH Overflow POC

===================================================================================== This POC code overwrite EIP with "CCCCCCCC" About KCS Key: That key is used to obfuscate traffic between client and server. The key is generated during SEPM installation. We need that key to talk with the SEPM...

SmartSniff - Capture TCP/IP packets on your network adapter

SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode for text-based protocols, like HTTP...

[DNmap] Distributed Nmap Framwork

DNmap is a distributed nmap framwork using a client/server architecture. The server reads the commands from a file and send them to each client. The client execute the nmap command and send the results back. Download DNmap...

CVE-2014-1242

Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream...

ISC DHCP: Denial of service

Background ISC DHCP is a Dynamic Host Configuration Protocol DHCP client/server. Description ISC DHCP is vulnerable to a memory exhaustion attack involving regular expressions sent by DHCP clients. Impact A remote attacker could send a specially crafted request from a malicious or spoofed client,...

CVE-2013-6427

upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing HPLIP 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream...