CVE-2017-5189

NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application JAR file for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance...

CVE-2017-5189

NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application JAR file for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance...

CVE-2017-5189

CVE-2017-5189 affects NetIQ iManager prior to 3.0.3, where a SSL private key was embedded in a Java application (JAR) used to authenticate to the Sentinel appliance. This flaw enables an attacker to extract the private key and establish their own connections to Sentinel. The available sources des...

CVE-2018-2629

It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context...

sdrtrunk - Tool For Decoding, Monitoring, Recording And Streaming Trunked Mobile And Related Radio Protocols Using Software Defined Radios (SDR)

A cross-platform java application for decoding, monitoring, recording and streaming trunked mobile and related radio protocols using Software Defined Radios SDR. Getting Started User's Manual Version 0.3.0 Download Support Figure 1: sdrtrunk Version 0.3.0 Application Screenshot End User...

Software Defined Radio Trunked and Digital Radio Decoder: SDRtrunk

SDRtrunk is an integrated application for demodulating radio signals and decoding trunked radio network protocols and some related radio signal formats. The application does NOT require a discriminator tapped scanner and it does NOT require the use of audio piping applications like Virtual Audio...

OpenJDK: newline injection in the FTP client (Networking, 8170222)

A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application...

Apache Solr 5.x < 5.5.5 / 6.x < 6.6.2 / 7.x < 7.1.0 Multiple Vulnerabilities

The version of Apache Solr running on the remote web server is affected by multiple vulnerabilities as referenced in the advisory. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid104353; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate",...

Exploit Pack - Penetration Testing Framework

Exploit Pack has been designed by an experienced team of software developers and exploit writers to automate processes so penetration testers can focus on what's really important. The threat. This blend of software engineers and subject matter experts provides an unique advantage by combining...

Lexmark Scan To Network (SNF) 3.2.9 Information Disclosure

Summary ======= 1. Information exposure of network credentials in embedded printer application CVE-2017-13771 Vendor ====== "Lexmark creates innovative imaging solutions and technologies that help customers worldwide print, secure and manage information with ease, efficiency and unmatched value...

CVE-2017-12637

Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. dot dot in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657...

Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-3366-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3366-1 advisory. It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a...

OpenJDK: newline injection in the SMTP client (Networking, 8171533)

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

OpenJDK: newline injection in the SMTP client (Networking, 8171533)

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

OpenJDK: newline injection in the FTP client (Networking, 8170222)

A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application...

OpenJDK: newline injection in the FTP client (Networking, 8170222)

A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application...

EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2017-1028)

According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrust...

OpenJDK: newline injection in the FTP client (Networking, 8170222)

A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application...

CVE-2017-3544

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

Apache ActiveMQ 5.11.1 / 5.13.2 Directory Traversal / Command Execution

I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. I have only been able to reproduce this on Windows, i.e. where "" is a path delimiter. An attacker could use this flaw to upload...