Design/Logic Flaw

An MS-MPC or MS-MIC Service PIC may crash when large fragmented packets are passed through an Application Layer Gateway ALG. Repeated crashes of the Service PC can result in an extended denial of service condition. The issue can be seen only if NAT or stateful-firewall rules are configured with...

CVE-2017-2346 MS-MPC or MS-MIC crash when passing large fragmented traffic through an ALG

An MS-MPC or MS-MIC Service PIC may crash when large fragmented packets are passed through an Application Layer Gateway ALG. Repeated crashes of the Service PC can result in an extended denial of service condition. The issue can be seen only if NAT or stateful-firewall rules are configured with...

Domain Name Permutation Engine: dnstwist

Domain Name Permutation Engine Domain name permutation engine for detecting typo squatting, phishing and corporate espionage See what sort of trouble users can get in trying to type your domain name. Find similar-looking domains that adversaries can use to attack you. Can detect typosquatters,...

Samba Vulnerability: Dancing Its Way to a Network Near You

OverviewToday, a new vulnerability affecting the widely used Samba software was released. Samba is the SMB/CIFS protocol commonly used in NIX operating systems. CVE-2017-7494 has the potential to impact many systems around the world. This vulnerability could allow a user to upload a shared librar...

Juniper Networks Junos OS Input Validation Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system designed for the company's hardware systems. The OS provides a secure programming interface and the Junos SDK. A vulnerability exists in the IPv6 ND packet processing in Juniper Networks Junos OS versions 15.1 and 16.1 on th...

CVE-2017-3825

A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint CE Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service DoS condition. The vulnerability is due to...

CVE-2017-2340

On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in processing IPv6 ND packets originating from subscribers and destined to M/MX series routers can...

Juniper Junos for M/MX Series Routers IPv6 Neighbor Discovery DoS (JSA10786)

According to its self-reported version and configuration, the remote Juniper Junos M/MX Series device is affected by a denial of service vulnerability in a Packet Forwarding Engine PFE when processing IPv6 neighbor discovery ND packets that originate from subscribers and are destined to M/MX seri...

CVE-2017-7457

XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure...

Xxe

XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure...

CVE-2017-7457

XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure...

CVE-2017-7457

XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure...

CVE-2017-7457

CVE-2017-7457 affects Moxa MX-AOPC Server 1.5 (MX-AOPC UA Server). The vulnerability is an XML External Entity (XXE) injection via ".AOP" files, leading to remote file disclosure. Root cause is improper handling of external entities in MX-AOPC Server file types. Public references in the connected...

mx-3.cz XSS vulnerability

Vulnerable URL: http://www.mx-3.cz/go.php?mode=print=en"';--=search.php=cartid2479192| Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 22758774 VIP website status:| No Check mx-3.cz...

Moxa MX AOPC-Server 1.5 - XML External Entity Injection

Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt + ISR: ApparitionSec Vendor: ============ www.moxa.com Product: ======================= MX-AOPC UA SERVER - 1.5 Moxa's MX-AOPC...

Moxa MX-AOPC UA Server 1.5 XML Injection

Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt + ISR: ApparitionSec Vendor: ============ www.moxa.com Product: ======================= MX-AOPC UA SERVER - 1.5 Moxa's MX-AOPC...

Moxa MX AOPC-Server v1.5 XML External Entity Exploit

Exploit for windows platform in category remote exploits + Credits: John Page AKA HYP3RLINX Vendor: ============ www.moxa.com Product: ======================= MX-AOPC UA SERVER - 1.5 Moxa's MX-AOPC UA Suite is the first OPC UA server for industrial automation supporting both push and pull...

lanif.infotec.mx XSS vulnerability

Vulnerable URL: http://lanif.infotec.mx/swagenda/index.php?fecha= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...

How I snooped into your private Slack messages [Slack Bug bounty worth $2,500]

When researching about MX records of slack.com, I noticed that they used a 3rd party email service. In that service, however slack.com was already claimed. After a little more research, I found that all the sub-domains of slack.com like teamname.slack.com also had MX set to the same service. Thes...

mx-3.cz XSS vulnerability

Vulnerable URL: http://mx-3.cz/go.php?page=home.htm"=en Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 22104794 VIP website status:| No Check mx-3.cz SSL connection:| Grade: F...