TLS response timings can indicate network contents

When Opera receives incorrectly encrypted network data, Opera will detect this, and let the sender know that the data was not understood. Such encrypted error responses are marginally faster than regular responses. An attacker with access to the network, can by replacing network data measure...

[SECURITY] Fedora 16 Update: bacula-5.0.3-33.fc16

Bacula is a set of programs that allow you to manage the backup, recovery, and verification of computer data across a network of different computers. It is based on a client/server architecture and is efficient and relatively easy to use, while offering many advanced storage management features...

DARPA Seeking Help With Targeted Attack Analysis

The networks of government agencies and the military are under constant attack from a variety of sources, and the U.S., like most other countries, relies on those networks to not just run daily operations, but to support missions around the world. In the face of those attacks, the Department of...

CVE-2012-0681

Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network...

CVE-2012-0681

Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network...

SAP Crystal Reports buffer overflow

Buffer overflow on network data parsing...

Fedora Update for bacula FEDORA-2012-10929

Check for the Version of bacula OpenVAS Vulnerability Test Fedora Update for bacula FEDORA-2012-10929 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call...

samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call...

How Facebook and Facial Recognition Are Creating a Minority Report-Style Privacy Meltdown

Researchers at the annual Black Hat Briefings in Las Vegas have demonstrated how cloud computing, facial recognition technology, Facebook, a freely available personal information can be used to match faces in a crowd to detailed online profiles. The demonstration brings us closer to the brink of ...

Heap Offset Overflow in Citrix ICA Clients

===============================ADVISORY=============================== Systems Affected: Citrix ICA Client Severity: High Category: Heap Offset Overflow Author: Context Information Security Ltd Reported to vendor: 20th February 2008 Advisory Issued: 4th August 2010...

Microsoft Outlook Express and Windows Mail Integer Overflow (MS10-030; CVE-2010-0816)

Windows Mail formerly Outlook Express is an online communication tool for use with Windows. A remote code execution vulnerability has been reported in the way that Windows Mail Client handles specially crafted mail responses. The vulnerability is caused when a common library used by Outlook Expre...

Microsoft Windows Outlook Express and Windows Mail Integer Overflow

No description provided by source. Application: Microsoft Outlook Express Microsoft Windows Mail Platforms: Windows 2000 Windows XP Windows Vista Windows server 2003 Windows Server 2008 SR2 Exploitation: Remote Exploitable CVE Number: CVE-2010-0816 Discover Date: 2009-09-11 Author: Francis...

{PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow

Application: Microsoft Outlook Express Microsoft Windows Mail Platforms: Windows 2000 Windows XP Windows Vista Windows server 2003 Windows Server 2008 SR2 Exploitation: Remote Exploitable CVE Number: CVE-2010-0816 Discover Date: 2009-09-11 Author: Francis Provencher Protek Research Lab's Website:...

Microsoft DirectPlay Denial of Service (CVE-2004-0202)

DirectPlay is a network protocol component of the DirectX game library. It provides networking functionality for developers who wish to develop networked applications, generally multi-player games. There exists a denial of service vulnerability in the IDirectPlay4 application programming interfac...

Omni-NFS Multiple Stack Buffer Overflow Vulnerabilities

Omni-NFS is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied network data before copying it into an insufficiently sized memory buffer. The issues affect both server and client. Exploiting these issues allows...

Design/Logic Flaw

stardict 3.0.1, when Enable Net Dict is configured, sends the contents of the clipboard to a dictionary server, which allows remote attackers to obtain sensitive information by sniffing the network...

Mandriva Update for tomboy MDVSA-2008:064 (tomboy)

Check for the Version of tomboy OpenVAS Vulnerability Test Mandriva Update for tomboy MDVSA-2008:064 tomboy Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Mandriva Update for tomboy MDVSA-2008:064 (tomboy)

Check for the Version of tomboy OpenVAS Vulnerability Test Mandriva Update for tomboy MDVSA-2008:064 tomboy Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Debian Security Advisory DSA 1084-1 (typespeed)

The remote host is missing an update to typespeed announced via advisory DSA 1084-1. Niko Tyni discovered a buffer overflow in the processing of network data in typespeed, a game for testing and improving typing speed, which could lead to the execution of arbitrary code. For the old stable...