Justniffer - Network TCP Packet Sniffer

Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic. It lets you interactively trace tcp traffic from a live network o...

Security Bulletin: Vulnerabilities in OpenSSL affect System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface (UEFI) (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. OpenSSL is used by IBM System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface UEFI. IBM System x, BladeCenter and Flex Systems UEFI has addressed the applicable CVEs. Vulnerability...

The vulnerability of the web interface of the Cisco Secure Access Control System allows a perpetrator to access confidential information.

The vulnerability of the Cisco Secure Access Control System’s web interface is related to incorrect processing of external XML entities when working with XML files. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information...

The vulnerability of the S3 protocol in the S3 Browser allows a hacker to view files and obtain NTLMv2 user hash values.

The vulnerability of the S3 Browser protocol based on HTTP is related to shortcomings in the restrictions on XML links to external objects. In this case, server responses are transmitted in XML format. Exploiting this vulnerability allows a malicious actor to remotely access files and obtain user...

The vulnerability of the Cisco Secure ACS access control system’s web interface allows a perpetrator to gain access to confidential information.

The vulnerability in the Cisco Secure ACS access control system’s web interface is related to improper processing of external XML entities when working with XML files. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information...

A Framework for Secure and Scalable Network Traffic Analysis: Netcap

The Netcap NETwork CAPture framework efficiently converts a stream of network packets into highly accessible type-safe structured data that represent specific protocols or custom abstractions. These audit records can be stored on disk or exchanged over the network, and are well suited as a data...

XML External Entity Reference in c3p0:c3p0

c3p0 allows XXE during initialization...

PT-2019-6341 · D Link · D-Link Dir-818Lw +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-818LW Rev.A version 2.05.B03 D-Link DIR-822 B1 version 202KRb06 Description: The issue affects the /HNAP1/SetRouterSettings message, where the RemotePort parameter is vulnerable. This vulnerability can be exploited by sending a...

XSLT CMS Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in XSLT CMS, a content management system CMS written in PHP and based on XML and XSL transformations. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the title field of the create/?action=items.edit&type=Page...

The vulnerability of the Python programming package, related to errors in resource release, allows a perpetrator to trigger a service failure.

The vulnerability of the Python programming package is related to errors during resource release. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially crafted XML document...

The vulnerability in the web interface of the Cisco Energy Management Suite, related to incorrect restrictions on XML references to external objects (XXE), allows an attacker to disclose or modify sensitive information.

The vulnerability in the web interface of the Cisco Energy Management Suite relates to incorrect restrictions on XML references to external objects XXE. Exploiting this vulnerability could allow an attacker to disclose or modify sensitive information...

The vulnerability of the Extensible Authentication Protocol over LAN (EAPOL) implementation in Cisco router microsoftware of the Small Business 100 Series and Small Business 300 Series models allows a hacker to disclose protected information.

The vulnerability of the Extensible Authentication Protocol over LAN EAPOL implementation in Cisco router software of the Small Business 100 Series and Small Business 300 Series models arises due to errors in the EAPOL message processing mechanism during Wi-Fi connection establishment. Exploiting...

No-Cms 1.0 - order_by SQL Injection

No-Cms 1.0 - orderby SQL Injection Exploit Title: No-Cms 1.0 - 'orderby' SQL Injection Date: 2018-11-28 Exploit Author: Loading Kura Kura Vendor Homepage: https://github.com/goFrendiAsgard/No-CMS Software Link: https://codeload.github.com/goFrendiAsgard/No-CMS/zip/master Tested on: Win10/Kali Lin...

No-Cms 1.0 - order_by SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: No-Cms 1.0 - 'orderby' SQL Injection Exploit Author: Loading Kura Kura Vendor Homepage: https://github.com/goFrendiAsgard/No-CMS Software Link: https://codeload.github.com/goFrendiAsgard/No-CMS/zip/master Tested on: Win10/Kali...

The vulnerability of the Extensible Authentication Protocol over LAN (EAPOL) implementation in microprogrammable routering software from Cisco’s Small Business 100 Series and Cisco Small Business 300 Series allows a perpetrator to induce a service failure.

The vulnerability of the Extensible Authentication Protocol over LAN EAPOL implementation in microprogramming-based router software from Cisco’s Small Business 100 Series and Cisco Small Business 300 Series models is related to errors in processing EAPOL frames. Exploiting this vulnerability allo...

[SECURITY] Fedora 28 Update: ruby-2.5.3-94.fc28

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Security Analysis Toolkit for Proprietary Car Protocols: CANalyzat0r

While car manufacturers steadily refine and advance vehicle systems, requirements of the underlying networks increase even further. Striving for smart cars, a fast-growing amount of components are interconnected within a single car. This results in specialized and often proprietary car protocols...

USN-3810-1 ppp vulnerability

Ivan Gotovchits discovered that ppp incorrectly handled the EAP-TLS protocol. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly bypass authentication...

wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant

An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive...

The vulnerability of the PI Studio XML development tool analyzer arises from incorrect restrictions on XML references to external objects, allowing attackers to disclose protected information.

The vulnerability of the PI Studio XML analysis tool arises from an incorrect limitation on XML references to external objects. Operating this tool may allow a malicious actor to disclose protected information...