RedHat Update for wget RHSA-2016:2587-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : wget (RHSA-2016:2587)

An update for wget is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: Red Hat Security Advisory: wget security and bug fix update

An update for wget is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Architecture-Independent Meterpreter Stage, Reverse HTTPS Stager (Multiple Architectures)

Handle Meterpreter sessions regardless of the target arch/platform. Tunnel communication over HTTPS This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 0 include Msf::Payload::Stager...

OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

SSL 64-bit Block Size Cipher Suites Supported (SWEET32)

The remote host supports the use of a block cipher with 64-bit blocks in one or more cipher suites. It is, therefore, affected by a vulnerability, known as SWEET32, due to the use of weak 64-bit block ciphers. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerabilit...

Design/Logic Flaw

A vulnerability in the local Certificate Authority CA feature of Cisco ASA Software before 9.61.5 could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker...

CVE-2016-6431

Cisco ASA Software before 9.6(1.5) is affected in the local Certificate Authority (CA) enrollment feature. A crafted HTTPS enrollment request to the ASA interface (where local CA allows user enrollment) can be exploited by an unauthenticated remote attacker to cause a reload of the device. Affect...

CVE-2016-6431

A vulnerability in the local Certificate Authority CA feature of Cisco ASA Software before 9.61.5 could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker...

Windows Meterpreter Shell, Reverse HTTPS Inline (x64)

Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 204892 include Msf::Payload::TransportConf...

Zizai Tech Nut contains multiple vulnerabilities

Overview Zizai Tech Nut contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-313: Cleartext Storage in a File or on Disk - CVE-2016-6547The Nut mobile app stores the account password used to authenticate to the cloud API in...

AVTECH video surveillance equipment authentication bypass and other vulnerabilities

Authentication bypass vulnerability There are two ways to achieve authentication bypass: The first one is. cab way, the cab file format is a video player plug-in, stored in the web root directory, it may need to verify directly be accessed and downloaded, and the device end only through the strst...

CVE-2016-7152

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack...

MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)

The version of MySQL running on the remote host is 5.6.x prior to 5.6.34. It is, therefore, affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in s3srvr.c, sslsess.c, and t1lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An...

RedHat Update for java-1.8.0-openjdk RHSA-2016:2079-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WineBottler 1.8-rc4 Man-In-The-Middle / Code Execution Vulnerability

WineBottler versions 1.8-rc4 and below suffer from a man-in-the-middle vulnerability that can allow for remote code execution. Man in the Middle Remote Code Execution Vulnerability in WineBottler and its Bundles Metadata =================================================== Release Date: 17-10-2016...

Cisco ASA Software Local Certificate Authority Denial of Service Vulnerability

A vulnerability in the local Certificate Authority CA feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit...

PT-2016-6905 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco ASA Software versions prior to 9.61.5 Description: A vulnerability in the local Certificate Authority CA feature could allow an unauthenticated, remote attacker to cause a reload of the affected system. The issue is due to improper...

CVE-2016-5597

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

nazwa.pl XSS vulnerability

Vulnerable URL: https://www.nazwa.pl/vps/ Details: Description| Value ---|--- Patched:| Yes, at 01.11.2016 Latest check for patch:| 01.11.2016 03:04 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 7715 VIP website status:| Yes Check nazwa.pl SSL connection:|...