4422 matches found
VMWare Zimbra Mailer Release 8.6.0.GA Replay Attack
Hi@all, VMWare Zimbra Mailer Release 8.6.0.GA, latest patch and prior versions with DKIM implementation are vulnerable to longterm Mail Replay attacks. If the expiration header is not set, the signature never expires. This means, that the e-mail, perhaps catched while performing a man in the midd...
SEE - Sandboxed Execution Environment
Sandboxed Execution Environment SEE is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors Qemu, VirtualBox, LXC can be employed to run the Test Environments...
[SECURITY] Fedora 23 Update: ntp-4.2.6p5-36.fc23
The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl...
CVE-2015-7078
creationtimestamp| type| source ---|---|--- 2016-01-28 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39370...
CVE-2016-0006
creationtimestamp| type| source ---|---|--- 2016-01-25 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39311...
Apache Server ETag Header Information Disclosure
The remote web server is affected by an information disclosure vulnerability due to the ETag header providing sensitive information that could aid an attacker, such as the inode number of requested files. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid88098;...
java-1.8.0-openjdk security update
1:1.8.0.71-1.b15 - Add patch to turn off strict overflow on IndicRearrangementProcessor,2.cpp - Resolves: rhbz1295751 1:1.8.0.71-0.b15 - January 2016 security update to u71b15. - Improve verbosity and helpfulness of tarball generation script. - Update patch documentation using version originally...
Open Source Database Fuzzing: FuzzDB
FuzzDB is the most comprehensive Open Source database of malicious inputs, predictable resource names, greppable strings for server response messages, and other resources like web shells. It’s like an application security scanner, without the scanner. What’s in FuzzDB? Predictable Resource...
Network Protocol Fuzzing: boofuzz
Boofuzz is a fork of and the successor to the Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility, with the eventual goal of being able to fuzz literally anything. Sulley has been the preeminent open source fuzzer for some time, but has fallen out of maintenance...
CVE-2015-8635
creationtimestamp| type| source ---|---|--- 2016-01-11 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39220...
Emerson ControlWave® Micro Quick 弱口令
参考链接: http://www.documentation.emersonprocess.com/groups/public/documents/usersguide/d301425x012.pdf...
B&B ELECTRONICS XR5i v2E/XR5i v2/XR5i/XR5i SL 弱口令
参考链接: http://www.cd.lucom.de/vpn-industrie-router/dokumentation/handbuch/xr5iv2e-guide.pdf...
B&B ELECTRONICS UR5i v2 弱口令
参考链接: http://www.cd.lucom.de/vpn-industrie-router/dokumentation/handbuch/ur5iv2-guide.pdf...
HackerOne: Signals get affected once reports closed as self
According to your documentation "https://hackerone.com/blog/introducing-signal-and-impact" Examples ActivityReputation Report Self close as N/A : 0 . its means Signals are not affected . But our case signal affected by self-closed reports Signals doesn't take the 0 baseline into consideration for...
Scientific Linux Security Update : pcs on SL7.x x86_64 (20151119)
A flaw was found in a way Rack processed parameters of incoming requests. An attacker could use this flaw to send a crafted request that would cause an application using Rack to crash. CVE-2015-3225 The pcs package has been upgraded to upstream version 0.9.143, which provides a number of bug fixe...
CVE-2015-8422
creationtimestamp| type| source ---|---|--- 2015-12-18 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39046...
CVE-2015-8352
creationtimestamp| type| source ---|---|--- 2015-12-17 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39017...
CVE-2015-8729
creationtimestamp| type| source ---|---|--- 2015-12-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39001...
CVE-2015-8731
creationtimestamp| type| source ---|---|--- 2015-12-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38996...
CVE-2015-8740
creationtimestamp| type| source ---|---|--- 2015-12-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39003...