601 matches found
CVE-2015-1595
The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream...
Host Based Intrusion Detection System: Samhain
The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. samhain is a file and host integrity and intrusion alert system...
nss: Do not allow p-1 as a public DH value (MFSA 2014-12)
It was found that NSS accepted weak Diffie-Hellman Key exchange DHKE parameters. This could possibly lead to weak encryption being used in communication between the client and the server...
McKesson Pathways Homecare 6.5 Weak Username and Password Encryption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3653/info McKesson Pathways Homecare is a client/server application which is used to track patient information, billing information and medical records for home care patients. The administrative username and password are...
IBM Network Station Manager 2.0 R1 Race Condition Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/900/info IBM's Network Station Manager is a client/server application which facilitates management for IBM Network Stations. It is possible to locally gain root priviliges on hosts running the NetStation daemon. NetStatio...
NetSaro Enterprise Messenger 2.0 - Multiple Vulnerabilities
No description provided by source. =================================================== Secur-I Research Group Security Advisory SV-2011-004 =================================================== Title: NetSaro Enterprise Messenger v2.0 Multiple Vulnerabilities Product: Enterprise Messenger Server...
EasyCafe 2.1/2.2 Security Restriction Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19401/info EasyCafe is prone to a vulnerability that lets attackers bypass security restrictions. This issue occurs because the application fails to prevent an attacker from gaining unauthorized access to a client compute...
Mah-Jong 1.4 Client/Server Remote sscanf() Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8557/info A remote buffer overflow vulnerability when calling the sscanf function has been reported to affect the mah-jong game client and server programs. The issue occurs within seperate source files, however the code...
Network Audio System: Multiple vulnerabilities
Background Network Audio System is a network transparent, client/server audio transport system. Description Multiple vulnerabilities have been discovered in Network Audio System. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly...
X.Org X Server: Multiple vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could execute arbitrary...
[SECURITY] Fedora 20 Update: community-mysql-5.5.37-1.fc20
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...
Symantec Endpoint Protection Manager 12.1.x - SEH Overflow POC
===================================================================================== This POC code overwrite EIP with "CCCCCCCC" About KCS Key: That key is used to obfuscate traffic between client and server. The key is generated during SEPM installation. We need that key to talk with the SEPM...
SmartSniff - Capture TCP/IP packets on your network adapter
SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode for text-based protocols, like HTTP...
[DNmap] Distributed Nmap Framwork
DNmap is a distributed nmap framwork using a client/server architecture. The server reads the commands from a file and send them to each client. The client execute the nmap command and send the results back. Download DNmap...
CVE-2014-1242
Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream...
ISC DHCP: Denial of service
Background ISC DHCP is a Dynamic Host Configuration Protocol DHCP client/server. Description ISC DHCP is vulnerable to a memory exhaustion attack involving regular expressions sent by DHCP clients. Impact A remote attacker could send a specially crafted request from a malicious or spoofed client,...
CVE-2013-6427
upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing HPLIP 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream...
CVE-2013-6427
upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing HPLIP 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream...
USN-2027-1: SPICE vulnerability
Tomas Jamrisko discovered that SPICE incorrectly handled long passwords in SPICE tickets. An attacker could use this issue to cause the SPICE server to crash, resulting in a denial of service...
[SECURITY] Fedora 20 Update: community-mysql-5.5.34-1.fc20
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...