PT-2014-4430 · Imapsync · Imapsync

Name of the Vulnerable Software and Affected Versions: imapsync versions prior to 1.584 Description: The issue allows remote attackers to obtain credentials by sniffing the network when a certificate verification failure occurs. This happens because imapsync attempts a cleartext login when runnin...

CentOS Update for openssl CESA-2014:0015 centos6

Check for the Version of openssl OpenVAS Vulnerability Test CentOS Update for openssl CESA-2014:0015 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

DEBIAN-CVE-2013-4353

The ssl3takemac function in ssl/s3both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service NULL pointer dereference and application crash via a crafted Next Protocol Negotiation record in a TLS handshake...

openssl: crash when using TLS 1.2 caused by use of incorrect hash algorithm

The sslgetalgorithm2 function in ssl/s3lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service daemon crash via crafted traffic from a TLS 1.2 client...

TYPO3 File Abstraction Layer Multiple Vulnerabilities

TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...

DEBIAN-CVE-2013-4550

Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a...

Fedora Update for mod_nss FEDORA-2013-22787

Check for the Version of modnss OpenVAS Vulnerability Test Fedora Update for modnss FEDORA-2013-22787 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Fedora Update for mod_nss FEDORA-2013-22786

Check for the Version of modnss OpenVAS Vulnerability Test Fedora Update for modnss FEDORA-2013-22786 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

[SECURITY] Fedora 19 Update: mod_nss-1.0.8-27.fc19

The modnss module provides strong cryptography for the Apache Web server via the Secure Sockets Layer SSL and Transport Layer Security TLS protocols using the Network Security Services NSS security library...

DEBIAN-CVE-2011-4971

Multiple integer signedness errors in the 1 processbinsaslauth, 2 processbincompletesaslauth, 3 processbinupdate, and 4 processbinappendprepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service crash via a large body length value in a packet...

[SECURITY] Fedora 18 Update: php-symfony2-BrowserKit-2.2.10-1.fc18

BrowserKit simulates the behavior of a web browser. The component only provides an abstract client and does not provide any "default" back-end for the HTTP layer...

[SECURITY] Fedora 18 Update: php-symfony2-HttpFoundation-2.2.10-1.fc18

The HttpFoundation Component defines an object-oriented layer for the HTTP specification. In PHP, the request is represented by some global variables $GET, $POST, $FILE, $COOKIE, $SESSION... and the response is generated by some funct ions echo, header, setcookie, .... The Symfony2 HttpFoundation...

Jumbotcms 6. x by injection by pass the backend certification authority-vulnerability warning-the black bar safety net

Jumbotcms is a widely used open source. NET CMS program, jumbotcms using Microsoft's recommended multi-layer security architecture, widely used, Safety coefficient is high. It appears the problem is mainly the new modified permissions to the authentication aspects and injection By injection to ge...

KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates

Overview KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates. Yamano Yasuaki of NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-mindd...

python: hostname check bypassing vulnerability in SSL module

The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

[Tundeep v0.2a] Layer 2 VPN/Injection tool

Tundeep is a layer 2 VPN/injection tool that resides almost entirely in user space on the victim aside from the pcap requirement. This can be handled via a silent install however. The tool will build on Linux and Windows victims. Windows compilation is achieved using Cygwin. The attacker must be ...

Eclipse.org SQL Injection

Vulnerability: Eclipse.org Error Based SQL Injection Authors: Shahmeer Amir And Rafay Baloch Company: RHA INFOSEC Website: http://services.rafayhackingarticles.net Url...

Cisco IOS Software SSL VPN Interface Queue Wedge Denial of Service Vulnerability

A vulnerability in the Datagram Transport Layer Security DTLS function of the Cisco IOS Software SSL VPN feature could allow an authenticated, remote attacker to cause the SSL VPN gateway interface to stop processing traffic when the queue is full, resulting in a denial of service DoS condition...

DEBIAN-CVE-2013-4476

Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controll...

[SECURITY] Fedora 20 Update: libuv-0.10.18-1.fc20

libuv is a new platform layer for Node. Its purpose is to abstract IOCP on Windows and libev on Unix systems. We intend to eventually contain all plat form differences in this library...