220 matches found
ALPINE-CVE-2017-6474
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes...
DEBIAN-CVE-2017-6473
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets...
DEBIAN-CVE-2017-6468
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records...
ALPINE-CVE-2017-6473
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets...
UBUNTU-CVE-2017-5596
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow...
Check Out My TeePublic Designs
Over the years fans of this blog have asked if I would consider selling merchandise with the TaoSecurity logo. When I taught classes for TaoSecurity from 2005-2007 I designed T-shirts for my students and provided them as part of the registration package. This weekend I decided to exercise my...
Sniffles - Packet Capture Generator for IDS and Regular Expression Evaluation
Sniffles is a tool for creating packet captures that will test IDS that use fixed patterns or regular expressions for detecting suspicious behavior. Sniffles works very simply. It takes a set of regular expressions or rules and randomly chooses one regular expression or rule. It then generates...
Skydive - An Open Source Real-Time Network Topology and Protocols Analyzer
Skydive is an open source real-time network topology and protocols analyzer. It aims to provide a comprehensive way of understanding what is happening in the network infrastructure. Skydive agents collect topology informations and flows and forward them to a central agent for further analysis. Al...
Open Source Real Time Network Analyzer: skydive
Open Source Real Time Network Topology and Protocols Analyzer Skydive is an open source real-time network topology and protocols analyzer. It aims to provide a comprehensive way of understanding what is happening in the network infrastructure. Skydive agents collect topology informations and flow...
MS Virtual Machine 2000/3100/3200/3300 Series com.ms.activeX.ActiveXComponent Arbitrary Program Execution
No description provided by source. source: http://www.securityfocus.com/bid/1754/info If a malicious website operator were to embed a specially crafted java object into a HTML document, it would be possible to execute arbitrary programs on a target host viewing the webpage through either Microsof...
[Xplico 1.1.0] Open Source Network Forensic Analysis Tool (NFAT)
The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols, all HTTP contents, each VoIP call SIP, FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is ...
WebCookiesSniffer - New cookies sniffer/viewer utility
WebCookiesSniffer - New cookies sniffer/viewer utility WebCookiesSniffer is a new packet sniffer utility that captures all web site cookies sent between the web browser and the web server and displays them in a simple cookies table. The upper pane of WebCookiesSniffer displays the cookie string...
wireshark: heap-based buffer overflow in wireshark < 1.2 when reading malformed capture files
Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted capture file...
Security fix for the ALT Linux 9 package wireshark version 0.99.7-alt1
Dec. 23, 2007 Sir Raorn 0.99.7-alt1 - 0.99.7 + CVE-2007-6451 + CVE-2007-6450 + CVE-2007-6441 + CVE-2007-6439 + CVE-2007-6438 + CVE-2007-6121 + CVE-2007-6120 + CVE-2007-6119 + CVE-2007-6118 + CVE-2007-6117 + CVE-2007-6116 + CVE-2007-6115 + CVE-2007-6114 + CVE-2007-6113 + CVE-2007-6112 +...
aolXSS.txt
Title: AOL Multiple Cross Site Scripting Author: Simo Ben youssef aka 6mOHaCk Discovered: 26 December 2005 Published: 7 January 2006 MorX Security Research Team http://www.morx.org Service: Web Vendor: AOL.com Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks Severity:...
Kismet: Multiple vulnerabilities
Background Kismet is an 802.11 Layer 2 wireless network detector, sniffer, and intrusion detection system. Description Kismet is vulnerable to a heap overflow when handling pcap captures and to an integer underflow in the CDP protocol dissector. Impact With a specially crafted packet an attacker...
GLSA-200508-10 : Kismet: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200508-10 Kismet: Multiple vulnerabilities Kismet is vulnerable to a heap overflow when handling pcap captures and to an integer underflow in the CDP protocol dissector. Impact : With a specially crafted packet an attacker could...
security flaw
Multiple stack-based buffer overflows in 1 modalias and 2 modrewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service crash or execute arbitrary code via a regular expression with more than 9 captures...
security flaw
Multiple stack-based buffer overflows in 1 modalias and 2 modrewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service crash or execute arbitrary code via a regular expression with more than 9 captures...
DEBIAN-CVE-2003-0542
Multiple stack-based buffer overflows in 1 modalias and 2 modrewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service crash or execute arbitrary code via a regular expression with more than 9 captures...