4752 matches found
Critical Holes in OAuth, OpenID Could Leak Information, Redirect Users
UPDATE — A serious vulnerability in the OAuth and OpenID protocols could lead to complications for those who use the services to log in to websites like Facebook, Google, LinkedIn, Yahoo, and Microsoft among many others. OpenID and OAuth are commonly used authorization protocols. The protocols ar...
WhoIsConnectedSniffer - Network discovery tool that listens to network packets on your network
WhoIsConnectedSniffer is a network discovery tool that listens to network packets on your network adapter using a capture driver WinpCap or MS network monitor and accumulates a list of computer and devices currently connected to your network. WhoIsConnectedSniffer uses various protocols to detect...
Mail Server In a Box
Mail-Box : Mass electronic surveillance by governments revealed over the last year has spurred a new movement to re-decentralize the web, that is, to empower netizens to be their own service providers again. SMTP, the protocol of email, is decentralized in principle but highly centralized in...
OpenICS ICS Protocol Decoder Builds Data Dictionaries
Industrial control system security has been called archaic, laughable and even non-existent. Most ICS and SCADA systems weren’t built with the Internet in mind, much less security, but yet they are at the forefront of manufacturing, building automation and critical infrastructure operations...
ALPINE-CVE-2014-0138
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses 1 SCP, 2 SFTP, 3 POP3, 4 POP3S, 5 IMAP, 6 IMAPS, 7 SMTP, 8 SMTPS, 9 LDAP, and 10 LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015...
CVE-2014-0138
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses 1 SCP, 2 SFTP, 3 POP3, 4 POP3S, 5 IMAP, 6 IMAPS, 7 SMTP, 8 SMTPS, 9 LDAP, and 10 LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015...
TLS and DTLS Heartbeat Extension
The Heartbeat Extension allows keep-alive functionality for TLS/DTLS protocols. Heartbeat consists of two message types, HeartbeatRequest and HeartbeatResponse...
Plex Media Server 0.9.9.10 CSRF / Disclosure
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Plex Media Server vulnerable version: confirmed in 0.9.9.10 fixed version: none impact: High homepage: http://www.plex.tv found:...
Fedora Update for openssl FEDORA-2014-4910
Check for the Version of openssl OpenVAS Vulnerability Test Fedora Update for openssl FEDORA-2014-4910 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
[SECURITY] Fedora 19 Update: openssl-1.0.1e-37.fc19.1
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...
Millions of Vulnerable Routers aiding Massive DNS Amplification DDoS Attacks
The Distributed Denial of Service DDoS attack is becoming more sophisticated and complex with the increase in the skills of attackers and so, has become one of favorite weapon for the cyber criminals to temporarily suspend or crash the services of a host connected to the Internet and till now...
Cisco IOS Software High Priority Queue Denial of Service Vulnerability
A vulnerability in the packet driver code of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a reload of the affected device, resulting in a denial of service DoS condition. The vulnerability is due to how the packet driver code handles packets that belong to protocols...
[SECURITY] Fedora 19 Update: curl-7.29.0-17.fc19
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
Multiple Antivirus Products RAR Parser MZ Character Sequence Security Bypass - Ver2 (CVE-2012-1443)
A security bypass vulnerability has been reported in multiple antivirus products. An attacker could exploit this vulnerability via a RAR file with an initial MZ character sequence. Successful exploitation of this vulnerability would allow remote attackers to bypass security tests and protocols on...
wrong reuse of connections
libcurl can in some circumstances reuse the wrong connection when asked to do transfers using other protocols than HTTP and FTP. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...
CURL-CVE-2014-0138 wrong reuse of connections
libcurl can in some circumstances reuse the wrong connection when asked to do transfers using other protocols than HTTP and FTP. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...
[SECURITY] Fedora 20 Update: asterisk-11.8.1-1.fc20
Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware...
RedHat Update for gnutls RHSA-2014:0247-01
Check for the Version of gnutls OpenVAS Vulnerability Test RedHat Update for gnutls RHSA-2014:0247-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
[Ncrack] High-Speed Network Authentication Cracker
Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a...
CVE-2013-6949
The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device...