Microsoft Windows CSRSS Security Feature Bypass Vulnerability

The Client-Server Run-time Subsystem CSRSS in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application...

The vulnerability of the client-server data processing and technical operations control application Proficy HMI/SCADA CIMPLICITY, related to the transmission of data in an open format, allows attackers to perform spoofing attacks.

The vulnerability of the client-server data processing and technical operations control application Proficy HMI/SCADA CIMPLICITY lies in the transmission of data in an open manner. Exploiting this vulnerability can allow attackers to carry out spoofing attacks...

Microsoft Patch Tuesday March 2022

Hello everyone! I am glad to greet you from the most sanctioned country in the world. Despite all the difficulties, we carry on. I even have some time to release new episodes. This time it will be about Microsoft Patch Tuesday for March 2022. Alternative video link for Russia: I do the analysis a...

Critical Security Patches Issued by Microsoft, Adobe and Other Major Software Firms

Microsoft's Patch Tuesday update for the month of March has been made officially available with 71 fixes spanning across its software products such as Windows, Office, Exchange, and Defender, among others. Of the total 71 patches, three are rated Critical and 68 are rated Important in severity...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Article Journal: https://www.researchgate.net/publication/373214...

What is XMPP ❓ — Extensible Messaging & Presence Protocol

What is XMPP ❓ — Extensible Messaging & Presence Protocol Introduction In the early 2000s, when the idea of chat applications was shaping, XMPP was allowing developers to construct interactive chat applications. Since its genesis, this protocol has come a long way and is now included in the tech...

Siemens SINUMERIK 信任管理问题漏洞

Siemens SINUMERIK Edge is a combination of hardware and software that provides a machine-oriented system platform for applications that facilitate digital production support and optimization.SINUMERIK Edge Certificate Improper Validation VulnerabilityAffected software does not properly validate...

nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)

A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS,...

AirStrike - Automatically Grab And Crack WPA-2 Handshakes With Distributed Client-Server Architecture

Tool that automates cracking of WPA-2 Wi-Fi credentials using client-server architecture Requirements Airstrike uses Hashcat Brain Architecture, aircrack-ng suite, entr utility and some helper scripts. You can use install.sh script to download all dependencies if you're on system which has an...

nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)

A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS,...

What is Graphql ❓ Definition with Example

Anyone who is involved in app development will be familiar with GraphQL, a highly useful query language making tons of things right for app developers and security managers. When handled perfectly and diligently, GraphQL holds the power to empower the traditional process of data retrievals,...

Design/Logic Flaw

SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client...

Telegram 加密问题漏洞

Telegram is an instant messaging mobile application. Telegram suffers from a security vulnerability that stems from a vulnerability that can be exploited by an attacker to cause the server to receive messages in a different order than the client sends them...

UBUNTU-CVE-2021-36082

ntop nDPI 3.4 has a stack-based buffer overflow in processClientServerHello...

libX11 Insufficient Length Check / Injection

Hello list, A missing length check in libX11 causes data from LookupColor requests mess up the client-server communication protocol and inject malicious X server requests. The flaw is comparable to SQLi injecting commands into database connections granting an attacker access to all features of th...

[SECURITY] Fedora 34 Update: mariadb-10.5.10-1.fc34

MariaDB is a community developed fork from MySQL - a multi-user, multi-thre aded SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...

[SECURITY] Fedora 34 Update: community-mysql-8.0.24-1.fc34

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

[SECURITY] Fedora 32 Update: community-mysql-8.0.24-1.fc32

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

CVE-2021-23002

When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of th...

[SECURITY] Fedora 34 Update: openssh-8.5p1-2.fc34

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...