[Zarp v0.1.2] The Python Network Attack Tool

Zarp is a network attack tool centered around the exploitation of local networks. This does not include system exploitation, but rather abusing networking protocols and stacks to take over, infiltrate, and knock out. Sessions can be managed to quickly poison and sniff multiple systems at once,...

Malware threat to Opera users, Trojan signed with a stolen certificate

On June 19, Browser maker Opera admitted that, it discovered an attack on its internal network infrastructure and windows users may have been tricked into installing a Trojan signed with a stolen Opera certificate. "On June 19th we uncovered, halted and contained a targeted attack on our internal...

Reputation.com Notifies Customers of Network Attack

A company known for burying bad information to improve its customers’ online images let everyone know this week its network was hacked. Reputation.com sent e-mails to thousands of customers in more than 100 countries to let them know of the attack. In a message sent earlier this week, the company...

CVE-2012-3886

AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a 1 brute-force attack or 2 rainbow-table attack...

EasyVista single sign-on authentication bypass vulnerability

Overview EasyVista contains an authentication bypass vulnerability in the EasyVista single sign-on feature. Description EasyVista contains an authentication bypass vulnerability in the EasyVista single sign-on feature that does not use encoded values. If an attacker can obtain the login names for...

Print of one malicious document can expose your whole LAN

Print of one malicious document can expose your whole LAN This year at Chaos Communications Congress 28C3 Ang Cui presents Print Me If You Dare, in which he explained how he reverse-engineered the firmware-update process for HPs hundreds of millions of printers and In Andrei Costin's presentation...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, whic...

Moderate: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Updated kernel packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.0 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring...

Ubuntu 10.04 LTS : linux-mvl-dove vulnerabilities (USN-1162-1)

Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. CVE-2010-4243 Alexander Duyck discovered that the Intel Gigabit Ethernet driver...

Report: L3 Warns Employees Of Attacks Using Compromised SecurID Tokens

Executives at U.S. defense contractor L-3 Communications warned employees in April about an attempt by unknown assailants to compromise the company’s network using forged SECURID tokens from RSA. The report, if accurate would be the second attack on a leading defense contractor with links back to...

Gadu-Gadu 10.5 - Remote Code Execution

Gadu-Gadu 10.5 - Remote Code Execution source: https://www.securityfocus.com/bid/48030/info Gadu-Gadu is prone to a remote code-execution vulnerability. Successful exploits will allow remote attackers to execute arbitrary code within the context of the affected application. Gadu-Gadu 10.5 is...

The Decline and Fall of Slammer?

Me and Slammer Helkern go back a long way… to 25 January 2003 to be precise. It was a baptism of fire for me in my new role as a virus analyst at Kaspersky Lab. It was a weekend and I was alone, in charge of monitoring the incoming flow of suspicious files. I had barely been at the company a mont...

[SECURITY] [DSA 2161-1] OpenJDK security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2161-1 [email protected] http://www.debian.org/security/ Florian Weimer February 13, 2011 http://www.debian.org/security/faq -...

DSA-2161-1 openjdk-6 - denial of service

Bulletin has no description...

CVE-2010-3492

The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to condu...

Sync Breeze Server 2.2.30 Buffer Overflow

!/usr/bin/python Exploit Title: Sync Breeze Server v2.2.30 Remote BOF Exploit Date: 10/10/2010 Author: Xsploited Security aka xsploitedsec URL: http://www.x-sploited.com/ Contact: xsploitedsecurity at x-sploited.com Software Link: http://www.syncbreeze.com/setups/syncbreezesrvsetupv2.2.30.exe...

SAP RFC SDK — Format String

Application: RFC SDK SAP AG Versions Affected: RFC SDK 6.40 7.11 Vendor URL: Bugs: Format String Vulnerability Exploits: YES Reported: 15.12.2009 Vendor response: 18.12.2009 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Alexey Sintsov Description SAP...

Re: Assurent VR - Oracle BEA WebLogic Server Apache Connector Buffer Overflow

Hello Assurent & Oracle, On Tue, 13 Jan 2009, [email protected] wrote: : Oracle BEA WebLogic Server Apache Connector Buffer Overflow : : Reference: http://www.bea.com/weblogic/server/ : : 2. Vulnerability Summary : : A remotely exploitable vulnerability has been discovered in t...

No Ding for? Teach you interdiction the latest Office vulnerability-vulnerability warning-the black bar safety net

Friends in a 3D training computer training company when the network management internship, a temporary home for a few days, find me instead of his work for a few days. This company belongs to the medium scale, through a router to form the LAN, probably a 2 0 0 more than one PC, 10M fiber access,...

Apple Mac OS X防火墙误导性配置漏洞

BUGTRAQ ID: 26461 CVECAN ID: CVE-2007-4702 Apple Mac OS X是苹果家族机器所使用的操作系统。 Mac OS X的应用防火墙设置存在误导性的功能描述，可能由于错误的安全认识导致信息泄露。 Mac OS X的应用防火墙的“阻断所有入站连接”设置允许任何以root用户权限（UID 0）运行的进程接收入站连接，也允许mDNSResponder接收连接，这可能导致非预期的暴露网络服务，远程攻击者可以破坏防火墙的安全策略执行某些网络攻击。 Apple Mac OS X 10.5 Apple MacOS X Server 10.5...