EUVD-2019-2640

Malware in sbrugna...

CVE-2025-27457 CVE-2025-27457

All communication between the VNC server and clients is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data...

perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library

A flaw was found in the FCGI library. In affected versions, specially crafted nameLen or valueLen values in data sent to the IPC socket may result in a heap-based buffer overflow, which can cause an application crash or other undefined behavior. This occurs in ReadParams in fcgiapp.c...

CVE-2024-8773

SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch [email protected], which make ...

CVE-2023-25946

Authentication bypass vulnerability in Qrio Lock Q-SL2 firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions...

Authentication flaw

Authentication bypass vulnerability in Qrio Lock Q-SL2 firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions...

CVE-2023-25946

Authentication bypass vulnerability in Qrio Lock Q-SL2 firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions...

CVE-2016-8754

Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH...

Using Metasploit/NetRipper sniffing encrypted puTTY/Outlook account-vulnerability warning-the black bar safety net

! /Article/UploadPic/2015-8/2015819145144782.jpg This year,the 2 3 annual Defcon conference in the USA Las Vegas Grand opening,and NetRipper it is in the current Defcon General Assembly for the first time available. NetRipper is a tool for Windows operating system vulnerabilities using the tool,i...

OpenSSL Heartbleed 漏洞 (心脏出血)

OpenSSL“心脏出血”漏洞是一个非常严重的问题。这个漏洞使攻击者能够从内存中读取多达64 KB的数据。一些安全研究员表示：无需任何特权信息或身份验证，我们就可以从我们自己的（测试机上）偷来X.509证书的私钥、用户名与密码、聊天工具的消息、电子邮件以及重要的商业文档和通信等数据。这一切是如何发生的呢？让我们一起从代码中一探究竟吧。0x01 Bug请看ssl/dlboth.c，漏洞的补丁从这行语句开始：int dtls1processheartbeatSSL s unsigned char p = &s-s3-rrec.data0, pl; unsigned short hbtype;...

Stellar Wind Surveillance program under Obama administration

According to secret documents obtained by the Guardian, Obama administration permitted the National Security Agency to surveillance the Emails and Internet metadata of all Americans. This secret warrant less surveillance program, collectively known by the NSA code name Stellar Wind, was launched ...

Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol

Overview When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data. Impact A remote attacker could insert arbitrary data on the top of communication data. Solution Please refer to the 'Vendor Information' section for the officia...