CVE-2018-6260

NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector...

CVE-2018-17613

CVE-2018-17613 affects Telegram Desktop (tdesktop) 1.3.16 alpha. When “Use proxy” is enabled, it transmits credentials and application data in cleartext over the SOCKS5 protocol. The description does not provide exploit details, affected versions beyond 1.3.16 alpha, or any remediation in place w...

CVE-2017-15896

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption...

CVE-2017-0602

An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions:...

[SECURITY] Fedora 23 Update: kf5-knewstuff-5.24.0-1.fc23

KDE Frameworks 5 Tier 3 module for downloading and sharing additional application data like plugins, themes, motives, etc...

Microsoft Windows Cipher Suites For FalseStart MiTM Vulnerability (3155527)

This host is missing a security update according to Microsoft Security Advisory 3155527 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'openssl' class Metasploit3 'Java Secure Socket Extension JSSE SKIP-TLS MITM Proxy', 'Description' = %q This module exploits an incomplete...

OpenSSL Alternative Chains Certificate Forgery MITM Proxy

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'openssl' class Metasploit3 'OpenSSL Alternative Chains Certificate Forgery MITM Proxy', 'Description' = %q This module exploits a logic error ...

Vulnerability in OpenSSL - Invalid free in DTLS

This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014. If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a...

Hogstorps Guestbook 2.0 Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18205/info Hogstorps guestbook is prone to an access-authorization vulnerability. The issue occurs because the affected script fails to prompt for authentication credentials. An attacker can exploit this issue to delete a...

EagleGet 1.1.8.1 - Denial of Service Exploit

No description provided by source. Exploit Title: EagleGet 1.1.8.1 DoS Exploit Date: 03 April 2014 Exploit Author: Interference Security Vendor Homepage: http://www.eagleget.com/ Software Link: http://www.eagleget.com/download/ Version: 1.1.8.1 Tested on: Microsoft Windows XP SP3 print Crash PoC...

EagleGet 1.1.8.1 - Denial of Service

EagleGet 1.1.8.1 - Denial of Service Exploit Title: EagleGet 1.1.8.1 DoS Exploit Date: 03 April 2014 Exploit Author: Interference Security Vendor Homepage: http://www.eagleget.com/ Software Link: http://www.eagleget.com/download/ Version: 1.1.8.1 Tested on: Microsoft Windows XP SP3 print " Crash...

Design/Logic Flaw

IBM WebSphere Application Server WAS 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users ...

SugarCRM Community Edition - Multiple Information Disclosure Vulnerabilities

SugarCRM Community Edition - Multiple Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/55347/info SugarCRM Community Edition is prone to multiple information-disclosure vulnerabilities because it fails to restrict access to certain application data. Attackers can...

CVE-2012-3368

Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach...

PHPCollab 2.5 - uploadfile.php Crafted Request Arbitrary Non-PHP File Upload

PHPCollab 2.5 - uploadfile.php Crafted Request Arbitrary Non-PHP File Upload source: https://www.securityfocus.com/bid/53675/info phpCollab is prone to an unauthorized-access and an arbitrary-file-upload vulnerabilities. Attackers can leverage these issues to gain unauthorized access to applicati...

phpCollab 2.5 - Direct Request Multiple Protected Page Access

phpCollab 2.5 - Direct Request Multiple Protected Page Access source: https://www.securityfocus.com/bid/53675/info phpCollab is prone to an unauthorized-access and an arbitrary-file-upload vulnerabilities. Attackers can leverage these issues to gain unauthorized access to application data and to...

Changing from a single-user to a multi-user installation on Windows (rev2) – Opera Security Advisories

Changing from a single-user to a multi-user installation on Windows rev2 – Opera Security Advisories OPCOM Team | January 5, 2012 If you received the error message “There was a problem initializing Opera Mail. Engine Init Failed”, it may mean that you have a stand-alone USB installation of Opera...

PYSEC-2011-2

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

INSECT Pro 2.7 - Penetration testing tool download

INSECT Pro 2.7 - Penetration testing tool download INSECT Pro 2.7 - Ultimate is here! This penetration security auditing and testing software solutionis designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active...