2293 matches found
Immunity Canvas: MS14_025
Name| ms14025 ---|--- CVE| CVE-2014-1812 Exploit Pack| CANVAS Description| ms14025 Notes| CVE Name: CVE-2014-1812 VENDOR: Microsoft Commandline: runmodule ms14-025 References: https://technet.microsoft.com/library/security/ms14-025 CVE Url:...
SSL/TLS: NNTP 'STARTTLS' Command Detection
Checks if the remote NNTP server supports SSL/TLS with the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SSL/TLS: LDAP 'Start TLS OID' Detection
Checks if the remote LDAP server supports SSL/TLS with the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SSL/TLS: XMPP 'STARTTLS' Extension Detection
Checks if the remote XMPP server/client supports SSL/TLS with the Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
SSL/TLS: IMAP 'STARTTLS' Command Detection
Checks if the remote IMAP server supports SSL/TLS with the Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...
w3af Security Scanner
w3af is a vulnerability scanning product. Remote attackers can use w3af to detect vulnerabilities on a target server...
3Com Web Management Interface Default Credentials
The remote 3Com Web Management Interface that uses a set of known, default credentials. Knowing these, an attacker can gain control of the device. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid73190;...
OpenVAS Security Scanner
OpenVAS is a vulnerability scanning product. Remote attackers can use OpenVAS to detect vulnerabilities on a target server...
CoinThief Bitcoin Trojan Found on Popular Download Sites
Phony Bitcoin ticker apps hosted on popular sites Download.com and MacUpdate.com are fronts for the OSX/CoinThief Trojan, which was built to steal Bitcoin wallet credentials and keys, and to date has drained a small number of accounts. SecureMac lead developer Nicholas Ptacek said new variants of...
Mac OSX Bitcoin Trojan malware Steals Wallet Credentials
A small number of Bitcoin wallets have been raided by a newly discovered Trojan that gobbles up credentials used to guard the digital currency. OSX/CoinThief.A was found in the wild by a security consultancy specializing in Apple security called SecureMac; the malware was spreading on GitHub via ...
Out-of-bounds
The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service out-of-bounds write operation and application crash by triggering a socket read error...
pidgin: Heap-based buffer overflow when parsing chunked HTTP responses
Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service application crash or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data...
Patched Microsoft Office 365 XSS Vulnerability Disclosed
A researcher in the UK disclosed the details of a serious cross-site scripting vulnerability in Office 365 that would allow an attacker with a mailbox on Office 365 to gain administrator rights over the Microsoft Web-based application in an organization. An exploit in an enterprise environment...
Narrative Authentication System an Alternative to Passwords
Remember the age of text-based gaming where natural language phrasing would help you maneuver a character through scenes in a virtual world? In a gaming context, that has long been a dinosaur, replaced by intricate and massive online role-playing games. But researchers from Carleton University in...
cpio: Arbitrary code execution
Background GNU cpio copies files into or out of a cpio or tar archive. Description Cpio contains a heap-based buffer overflow in the rmtread function in lib/rtapelib.c. Impact A remote server could sending more data than was requested, related to archive filenames that contain a : colon character...
SSL/TLS: Certificate Not Valid Yet
The remote server SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.103956";...
CVE-2013-6628
net/socket/sslclientsocketnss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by...
Mednafen: Arbitrary code execution
Background Mednafen is an advanced NES, GB/GBC/GBA, TurboGrafx 16/CD, NGPC and Lynx emulator. Description An unspecified vulnerability has been discovered in Mednafen when using network play. Impact A remote server could execute arbitrary code with the privileges of the process. Workaround There ...
davfs2 1.4.6 / 1.4.7 Privilege Escalation
davfs2 1.4.6/1.4.7 local privilege escalation exploit Bug Description: davfs2 is a Linux utility which allows OS users to mount a remote webdav server as a local partition. The bug is well documented at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723034. Basically the program "mount.davfs"...
davfs2 1.4.6/1.4.7 - Local Privilege Escalation
davfs2 1.4.6/1.4.7 local privilege escalation exploit Bug Description: davfs2 is a Linux utility which allows OS users to mount a remote webdav server as a local partition. The bug is well documented at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723034. Basically the program "mount.davfs"...