EUVD-2022-30256

Malicious code in bioql PyPI...

Versatile Quantum-Safe Hybrid Key Exchange and Its Application to MACsec

Advancements in quantum computing pose a significant threat to most of the cryptography currently deployed. Fortunately, cryptographic building blocks to mitigate the threat are already available; mostly based on post-quantum and quantum cryptography, but also on symmetric cryptography techniques...

Mitsubishi Electric MELSEC-F Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Corporation Equipment : MELSEC-F Series Vulnerability : Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote...

D-Link DIR-823G Buffer Error Vulnerability

The D-Link DIR-823G is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-823G v1.0.2B05, which stems from a parameter TXPower and GuardInt found to contain a stack overflow via SetWLanRadioSecurity...

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Weak Password Requirements (CVE-2023-2060)

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or passwo...

CVE-2022-36159

The CVE-2022-36159 issue affects Contec FXA3200 firmware version 1.13 and earlier, where a hard-coded root password stored in /etc/shadow is weak and crackable. An attacker with adjacent access could use this credential to reach the Wireless LAN Manager interface, enable Telnet, sniff traffic, or...

CVE-2022-2556

The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for...

CVE-2021-0203

On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group RTG, Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Storm Control enables the device to monitor traffic levels and to drop broadcast, multicas...

CVE-2021-0203 Junos OS: EX and QFX5K Series: Storm Control does not work as expected when Redundant Trunk Group is configured

On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group RTG, Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Storm Control enables the device to monitor traffic levels and to drop broadcast, multicas...

Mitsubishi Electric MELSEC iQ-R Series (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R series Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-324-05...

JVN#44764844: MELSEC iQ-R Series CPU Modules vulnerable to uncontrolled resource consumption

MELSEC iQ-R series CPU modules provided by Mitsubishi Electric Corporation contain an uncontrolled resource consumption vulnerability CWE-400. According to the developer, in case of "To Use or Not to Use Web Server Settings" in the parameter of CPU modules are set to "Not Use", this issue does no...

Security Bulletin: SSL/TLS side channel timing vulnerability on WebSphere DataPower (CVE-2014-0852)

Summary DataPower appliances might be subject to side channel timing based attacks. Vulnerability Details CVE ID: CVE-2014-0852 DESCRIPTION: DataPower appliances might be subject to side channel timing based attacks resulting in the decryption of an SSL/TLS secured transaction. The attack can onl...

PWR-Q200 vulnerable to DNS cache poisoning attacks

Overview PWR-Q200 provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is a mobile WiFi router. PWR-Q200 is vulnerable to DNS cache poisoning attacks as DNS queries are done with a fixed source port CWE-330. Toshifumi Sakaguchi reported this vulnerability to IPA. JPCERT/CC coordinated with...

ARP Firewall: SCUTUM

SCUTUM is an ARP firewall that prevents your computer from being arp spoofed. Scutum controls “arptables” in your computer so it accepts ARP packets only from the gateway. This way, people with malicious intentions cannot spoof your arp table. Scutum also prevents other people from detecting your...

[SECURITY] Fedora 26 Update: ettercap-0.8.2-8.20170306git60aca9.fc26

Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols even ciphered ones and includes many feature for network and ho st analys...

[SECURITY] Fedora 23 Update: xsupplicant-2.2.0-13.fc23

This software allows a GNU/Linux or BSD workstation to authenticate with a RADIUS server using 802.1x and various EAP protocols. The intended use is for computers with wireless LAN connections to complete a strong authentication before joining the network...

Linksys E-series Unauthenticated Remote Code Execution Exploit

Linksys E-Series unauthenticated remote command execution exploit that leverages the same vulnerability as used in the "Moon" worm. !/usr/bin/php ?php / Exploit for 0day linksys unauthenticated remote code execution vulnerability. Currently only working over the LAN. I think there may be an...

Multipurpose Sniffer: Ettercap

Ettercap is a multipurpose sniffer / interceptor/logger for switched LAN Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN . It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems...

broadcast-pc-anywhere NSE Script

Sends a special broadcast probe to discover PC-Anywhere hosts running on a LAN. Script Arguments broadcast-pc-anywhere.timeout specifies the amount of seconds to sniff the network interface. default varies according to timing. -T3 = 5s Example Usage nmap --script broadcast-pc-anywhere Script Outp...

New hung it to the way ARP spoofing hung it to the roost area network-vulnerability warning-the black bar safety net

Web hang Horse the most difficult is to spread a small website, easy to invasion but the access number is not much, harvest the broiler also is not very much. Therefore, a new kind of hung it to the way the epidemic began--a local area network ARP spoofing hung it, as long as the local area netwo...