CVE-2015-8023

The CVE-2015-8023 entry concerns strongSwan’s EAP-MSCHAPv2 server in the eap-mschapv2 plugin. A flaw in validating local state allows remote attackers to bypass authentication by sending an empty Success message in response to an initial Challenge. Affected range is strongSwan 4.2.12–5.x before 5...

Debian DSA-3398-1 : strongswan - security update

Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite. Due to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without...

[SECURITY] Fedora 23 Update: opensmtpd-5.7.3p1-1.fc23

OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defi ned by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. Started out of dissatisfaction with other implementations, OpenSMTP...

CVE-2001-1473

The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows th...

OpenSMTPD after the release of the heavy interest with vulnerability-vulnerability warning-the black bar safety net

Affected system: opensmtpd opensmtpd Description: -------------------------------------------------------------------------------- CVECAN ID: CVE-2 0 1 5-7 6 8 7 OpenSMTPD is an RFC 5 3 2 1 definition of server-side SMTP Protocol is free to implement. OpenSMTPD in PROCLKA achieve on there after...

[SECURITY] [DSA 3371-1] spice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3371-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 09, 2015 https://www.debian.org/security/faq -...

Oracle: Security Advisory (ELSA-2013-2546)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED11 Security Update : wireshark (SUSE-SU-2015:1676-2)

Wireshark has been updated to 1.12.7. FATE319388 The following vulnerabilities have been fixed : - Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 CVE-2015-6241 - Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 CVE-2015-6242 - Wireshark could cras...

RHEL 5 / 6 / 7 : openldap (RHSA-2015:1840)

Updated openldap packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Bash: How to open TCP/UDP sockets

How to open TCP/UDP sockets using a built-in feature in Bash ? Bash shell has a built-in feature that allows to open TCP/UDP sockets using a simple syntax. This is very useful when tools like netcat are not installed or we don’t have the permission to use it. The syntax is $ exec...

VNC denial of service vulnerability(CVE-2 0 1 5-5 2 3 9)analysis-vulnerability warning-the black bar safety net

Qemu is a processor simulation software, can provide user-mode simulation and system mode simulation. When in the user mode of the simulation state will be used when dynamic translation technology allows a cpu to build the process in another cpu. VNC Virtual Network Computing is an excellent remo...

New OAuth book: OAuth 2 in Action

Justin Richer and myself have been writing a book about OAuth. It gives a deep look at the OAuth 2.0 protocol including hands on examples and practical implementation vulnerabilities to avoid. You can preorder the book today or you can download the first chapter for free on the publisher’s websit...

Amazon Linux: Security Advisory (ALAS-2013-217)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2014-377)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

New Versions of Carbanak Banking Malware Seen Hitting Targets in U.S. and Europe

New variants of the notorious Carbanak Trojan have surfaced in Europe and the United States, and researchers say that the malware now has its own proprietary communications protocol and the samples seen so far have been digitally signed. Carbanak has been in use for several years, and researchers...

DLA-304-1 openslp-dfsg - security update

Bulletin has no description...

UPnP IGD SOAP Port Mapping Utility

Manage port mappings on UPnP IGD-capable device using the AddPortMapping and DeletePortMapping SOAP requests This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'nokogiri' class MetasploitModule 'UPnP IGD SOAP Por...

RHEL 7 : MRG (RHSA-2015:0660)

Updated qpid-cpp packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG Messaging 2.5 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base score...

freeSSHd 1.3.1 - Denial of Service Vulnerability

Exploit for windows platform in category dos / poc ''' Exploit title: freesshd 1.3.1 denial of service vulnerability Date: 28-8-2015 Vendor homepage: http://www.freesshd.com Software Link: http://www.freesshd.com/freeSSHd.exe Version: 1.3.1 Author: 3unnym00n Details:...

BitTorrent Patches DDoS Vulnerability

BitTorrent today announced that a patch has been rolled out in the libuTP protocol used by many of its clients, fixing a vulnerability that allows attackers to carry out distributed reflective denial of service attacks. The issue was revealed in a paper and presentation at the recent USENIX...