CVE-2015-1791

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...

MS KB3009008: Vulnerability in SSL 3.0 Could Allow Information Disclosure (POODLE)

The remote host is missing one of the workarounds referenced in the Microsoft Security Advisory 3009008. If the client registry key workaround has not been applied, any client software installed on the remote host including IE is affected by an information disclosure vulnerability when using SSL...

AOL Instant Messenger 4.x Remote Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/3769/info AOL Instant Messenger AIM is a real time messaging service. The vulnerability exists in the way that AIM parses a game request with a TLV type, length, value type of 0x2711. This type of game request is prone to...

openSUSE Security Update : krb5 (openSUSE-SU-2010:1053-1)

Multiple remote vulnerabilities in the MIT krb5 package have been fixed. They affect client as well as server software. CVE-2010-1323, CVE-2010-1324,CVE-2010-4020 and CVE-2010-4021 have been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

OpenSSH protection bypass

SSHFP protection bypass for client...

Microsoft Windows DirectAccess CVE-2013-3876 Security Bypass Vulnerability

Description Microsoft Windows DirectAccess is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and impersonate a legitimate server to perform man-in-the-middle attacks. Successfully exploiting this issue allows attackers to obtai...

Juniper NSM Web Proxy Detection

The remote host is running the Juniper NSM Web Proxy, which is used for hosting NSM GUI client software and web-based APIs. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69875; scriptversion"1.4"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"Juniper NSM Web...

Safend Data Protector Multiple Vulnerabilities

Safend Data Protector Multiple Vulnerabilities Client software 3.4.5586.9772: Advisory Link: http://www.reactionpenetrationtesting.co.uk/safend-private-key-log-file.html Details CVE number: CVE-2012-4767 The private key data is in the securitylayer.log file in a directory called "logs.9772". This...

Check Point Abra Bypass / Command Execution

Exploit for php platform in category web applications Check Point Abra Vulnerabilities Vendor: Check Point Software Technologies Ltd Product web page: http://rus.checkpoint.com/products/abra/index.html; http://www.checkpoint.com/products/go/ Platforms: Windows XP, Vista, 7 32 bit Authors: Belov V...

Check Point Abra Bypass / Command Execution

Check Point Abra Vulnerabilities Vendor: Check Point Software Technologies Ltd Product web page: http://rus.checkpoint.com/products/abra/index.html; http://www.checkpoint.com/products/go/ Platforms: Windows XP, Vista, 7 32 bit Authors: Belov V., Komarov A. Group-IB Summary: Check Point Abra allow...

CCTV DVR Login Scanning Utility

This module tests for standalone CCTV DVR video surveillance deployments specifically by MicroDigital, HIVISION, CTRing, and numerous other rebranded devices that are utilizing default vendor passwords. Additionally, this module has the ability to brute force user accounts. Such CCTV DVR video...

JVN#31860555: twicca fails to restrict access permissions

twicca is a client software for using Twitter. twicca contains an issue where access permissions are not restricted. Impact Android applications without permissions for network access may upload image files with the privileges of twicca. Solution Update the Software Apply the latest update for ea...

IBM MQ Server and Client Detection (Windows)

IBM MQ formerly IBM WebSphere MQ Server or Client is installed on the remote Windows host. C Tenable, Inc. include"compat.inc"; if description scriptid57708; scriptversion"1.15"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/04/22"; scriptxrefname:"IAVT", value:"0001-T-0631";...

An Interview With Telex's J. Alex Halderman

A group of researchers from the University of Michigan and the University of Waterloo have developed a proxy system called Telex that provides a method for users to circumvent state-level censorship of the Web. It uses an architecture that includes a proxy at the ISP level and uses connections to...

openSUSE Security Update : krb5 (openSUSE-SU-2010:1053-1)

Multiple remote vulnerabilities in the MIT krb5 package have been fixed. They affect client as well as server software. CVE-2010-1323, CVE-2010-1324,CVE-2010-4020 and CVE-2010-4021 have been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Ten Years Later, Rethinking Microsoft's Vuln Ratings

Microsoft’s vulnerability Severity Rating System is closing in on its tenth birthday. While the security landscape has been transformed during that time, the Ratings have endured. But do they still work? Threatpost asked prominent vulnerability researchers to give us their opinion. You may be...

SuSE 10 Security Update : krb5 (ZYPP Patch Number 7243)

Multiple remote vulnerabilities in the MIT krb5 package have been fixed. They affect client as well as server software. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL 3000 exit0; include'deprecatednasllevel.inc';...

Microsoft Outlook Express And Windows Mail Common Library Integer Overflow Vulnerability

Description Microsoft Outlook Express and Windows Mail are prone to a remote integer-overflow vulnerability because the applications fail to perform boundary checks on integer values. Successfully exploiting this issue will allow an attacker to execute arbitrary code with the privileges of the...

Novell Client NetIdentity Agent XTIERRPCPIPE pointer dereference vulnerability

Added: 07/24/2009 CVE: CVE-2009-1350 BID: 34400 OSVDB: 53351 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem A vulnerability in the xtagent.exe program allows remote, authenticated attackers to execute arbitrary commands by sending a specially crafted...

Novell Client NetIdentity Agent XTIERRPCPIPE pointer dereference vulnerability

Added: 07/24/2009 CVE: CVE-2009-1350 BID: 34400 OSVDB: 53351 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem A vulnerability in the xtagent.exe program allows remote, authenticated attackers to execute arbitrary commands by sending a specially crafted...