UBUNTU-CVE-2019-18625

An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST...

UBUNTU-CVE-2019-18792

An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet containing the data will be ignored by...

Private Internet Access (PIA) VPN Client Arbitrary Code Execution Vulnerability (CNVD-2019-24214)

Private Internet Access PIA is a commercial VPN service operated by London Trust Media. An arbitrary code execution vulnerability exists in the London Trust Media Private Internet Access PIA VPN client for Linux, version 82. An attacker can exploit this vulnerability by passing a malicious...

Private Internet Access (PIA) VPN Client Arbitrary Code Execution Vulnerability (CNVD-2019-24217)

Private Internet Access PIA is a commercial VPN service operated by London Trust Media. An arbitrary code execution vulnerability exists in the London Trust Media Private Internet Access PIA VPN client for Linux, version 82. An attacker can exploit this vulnerability by creating a malicious libra...

CVE-2019-1853

A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker...

UBUNTU-CVE-2018-10924

It was discovered that fsync2 system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine...

CVE-2017-15049

The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler...

Zoom Linux Client 2.0.106600.0904 - Command Injection

Zoom Linux Client 2.0.106600.0904 - Command Injection CONVISO-17-003 - Zoom Linux Client Command Injection Vulnerability RCE 1. Advisory Information Conviso Advisory ID: CONVISO-17-003 CVE ID: CVE-2017-15049 CVSS v2: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C Date: 2017-10-01 2. Affected Components Zoom clie...

Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC)

CONVISO-17-002 - Zoom Linux Client Stack-based Buffer Overflow Vulnerability 1. Advisory Information Conviso Advisory ID: CONVISO-17-002 CVE ID: CVE-2017-15048 CVSS v2: 6.8, AV:N/AC:M/Au:N/C:P/I:P/A:P Date: 2017-10-01 2. Affected Components Zoom client for Linux, version 2.0.106600.0904...

Zoom Linux Client 2.0.106600.0904 Buffer Overflow

CONVISO-17-002 - Zoom Linux Client Stack-based Buffer Overflow Vulnerability 1. Advisory Information Conviso Advisory ID: CONVISO-17-002 CVE ID: CVE-2017-15048 CVSS v2: 6.8, AV:N/AC:M/Au:N/C:P/I:P/A:P Date: 2017-10-01 2. Affected Components Zoom client for Linux, version 2.0.106600.0904...

Zoom Linux Client 2.0.106600.0904 Command Injection

CONVISO-17-003 - Zoom Linux Client Command Injection Vulnerability RCE 1. Advisory Information Conviso Advisory ID: CONVISO-17-003 CVE ID: CVE-2017-15049 CVSS v2: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C Date: 2017-10-01 2. Affected Components Zoom client for Linux, version 2.0.106600.0904 zoomamd64.deb...

Zoom Linux Client 2.0.106600.0904 Command Injection Vulnerability

The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler zoommtg:// and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is...

Fortinet FortiClient SSL_VPN for Linux Remote Code Execution Vulnerability

Fortinet FortiClient SSLVPN for Linux is a Linux-based VPN client for connecting to Fortinet devices. A remote code execution vulnerability exists in Fortinet FortiClient SSLVPN for Linux. An attacker can exploit this vulnerability to overwrite arbitrary files with FortiClient log files...

Fortinet FortiClient SSLVPN Linux Client Local Privilege Vulnerability

Fortinet FortiClient is a Fortinet security software solution for endpoints that provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication, etc. FortiClient SSLVPN Linux client is a Linux client software for SSL VPN Virtual Private Network products...

Nortel SSL VPN Linux Client <= 6.0.3 - Local Privilege Escalation Exploit

No description provided by source. !/bin/sh Nortel SSL VPN Linux Client race condition Jon Hart [email protected] The Linux client that is utilized by versions priot to 6.05 of the Nortel SSL VPN appliance suffers from a number of problems that, in combination, allow an unprivileged local user to...

Snoopy - A distributed tracking and data interception framework

Snoopy is a distributed tracking and profiling framework which can perform interesting tracking and profiling of mobile users through the use of WiFi. There have been recent initiatives from numerous governments to legalise the monitoring of citizens’ Internet based communications web sites...

Skype v5.6.59.x - Memory Corruption Vulnerability

Title: ====== Skype v5.6.59.x - Memory Corruption Vulnerability Date: ===== 2012-02-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=315 VL-ID: ===== 315 Introduction: ============= Skype is a software application that allows users to make voice and video calls and...

Fedora Update for ocsinventory-agent FEDORA-2010-16334

Check for the Version of ocsinventory-agent OpenVAS Vulnerability Test Fedora Update for ocsinventory-agent FEDORA-2010-16334 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

[SECURITY] Fedora 13 Update: ocsinventory-agent-1.1.2.1-1.fc13

Open Computer and Software Inventory Next Generation is an application designed to help a network or system administrator keep track of computer configuration and software installed on the network. It also allows deploying softwares, commands or files on Windows and Linux client computers...

CVE-2009-5007

The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files...