Microsoft Internet Explorer MHTML Content Blocks Information Disclosure - Ver2 (CVE-2011-0096)

MHTML MIME Encapsulation of Aggregate HTML is an Internet standard that defines the MIME structure that is used to wrap HTML content. An information disclosure vulnerability has been reported in Microsoft Windows MHTML protocol. The vulnerability is due to the way MHTML interprets MIME-formatted...

PHP multipart/form-data remote DOS vulnerability-vulnerability warning-the black bar safety net

PHP parse multipart/form-datahttp request the body part of the request header, the duplicate copy of the string resulting in DOS. A remote attacker by sending a maliciously constructed multipart/form-data requests, causing the server CPU resource is exhausted, so a remote DOS Server. Affect range...

Cisco Wide Area Application Services Server Message Block Protocol Module Denial of Service Vulnerability

A vulnerability in the Server Message Block Protocol SMB module of Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause a reload of the SMB module. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by...

Debian Security Advisory DSA 3253-1 (pound - security update)

Pound, a HTTP reverse proxy and load balancer, had several issues related to vulnerabilities in the Secure Sockets Layer SSL protocol. For Debian 7 wheezy this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default CVE-2009-355...

Apache Subversion Spoofing Vulnerability (May 2015)

Apache Subversion is prone to a spoofing vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:subversion";...

[SECURITY] Fedora 20 Update: tor-0.2.5.12-1.fc20

Tor is a connection-based low-latency anonymous communication system. Applications connect to the local Tor proxy using the SOCKS protocol. The local proxy chooses a path through a set of relays, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the...

RHEL 5 : openssl (RHSA-2015:0800) (FREAK)

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

Tor onions-the underlying Protocol of the presence of DoS vulnerability, the Black Market suffer for it-vulnerability warning-the black bar safety net

Two of the the Black Market suffered a severe DoS attack According to the Tor network underground Black Market of Middle Earth the operators revealed that his website recently suffered a serious DoS（denial of service）attack. Coincidentally, 2 0 1 4 years 1 2 months, another Black Market Agora of...

Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol

The Cisco IOS Software implementation of the Common Industrial Protocol CIP feature contains the following vulnerabilities when processing crafted CIP packets that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition: Cisco IOS Software UDP CIP Denial of...

[SECURITY] Fedora 22 Update: nx-libs-3.5.0.29-1.fc22

NX is a software suite which implements very efficient compression of the X11 protocol. This increases performance when using X applications over a network, especially a slow one. This package provides the core nx-X11 libraries customized for nxagent/x2goagent...

AIX 7.1 TL 3 : tcpdump (IV67588)

CVE-2014-8769 tcpdump is vulnerable to a denial of service, caused by the improper handling of input by the application decoder for the Ad hoc On-Demand Distance Vector AODV protocol. By sending specially-crafted data, a remote attacker could exploit this vulnerability to cause the application to...

Mozilla Firefox WebRTC Man-in-the-Middle Attack (CVE-2015-0834)

A security bypass vulnerability has been reported in Mozilla Firefox browser. The vulnerability is due to a weakness in the WebRTC protocol. The vulnerability can be exploited through the use of a man-in-the-middle attack. Successful exploitation would allow attackers to decrypt online traffic...

[SECURITY] Fedora 22 Update: duplicity-0.6.25-3.fc22

Duplicity incrementally backs up files and directory by encrypting tar-format volumes with GnuPG and uploading them to a remote or local file server. In theory many protocols for connecting to a file server could be supported; so far ssh/scp, local file access, rsync, ftp, HSI, WebDAV and Amazon ...

mono -- TLS bugs

The Mono project reports: Mono’s implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. Details of this vulnerability are discussed in SKIP-TLS post. Mono’s implementation of SSL/TLS also contained...

SMB Version Detection

Fingerprint and display version information about SMB servers. Protocol information and host operating system if available will be reported. Host operating system detection requires the remote server to support version 1 of the SMB protocol. Compression and encryption capability negotiation is on...

CVE-2014-9042

CVE-2014-9042 is an XSS in the import functionality of the ownCloud bookmarks app, affecting versions prior to 5.0.18, 6.x prior to 6.0.6, and 7.x prior to 7.0.3. The vulnerability allows remote authenticated users to inject arbitrary script/HTML by importing a link with an unspecified protocol. ...

Memcached Extractor

This module extracts the slabs from a memcached instance. It then finds the keys and values stored in those slabs. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Memcached Extractor',...

Apple Airport ACPP Authentication Scanner

This module attempts to authenticate to an Apple Airport using its proprietary and largely undocumented protocol known only as ACPP. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require...

CVE-2014-6176

IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which...

Mozilla to Support Certificate Transparency in Firefox

Mozilla is planning to add support for Certificate Transparency checks in Firefox in the near future, but the company says that the feature won’t be turned on by default at first. Certificate Transparency is a proposal from engineers at Google that would help resolve some of the issues with...