Pidgin libpurple STUN Response Length NULL Write Vulnerability

Talos Vulnerability Report VRT-2014-0202 Pidgin libpurple STUN Response Length NULL Write Vulnerability May 11, 2015 Description A exploitable NULL write vulnerability exists in Pidgin’s implementation of the STUN protocol in the libpurple library. An attacker who can control the response to a ST...

Pidgin libpurple MSN Message Parsing NULL Dereference Denial of Service Vulnerability

Talos Vulnerability Report VRT-2014-0201 Pidgin libpurple MSN Message Parsing NULL Dereference Denial of Service Vulnerability May 11, 2015 Description A exploitable denial of service vulnerability exists in Pidgin’s implem ntation of the MSN Messenger protocol in the libpurple library. An attack...

Pidgin libpurple Mxit Emoticon ASN Length Denial of Service Vulnerability

Talos Vulnerability Report VRT-2014-0203 Pidgin libpurple Mxit Emoticon ASN Length Denial of Service Vulnerability November 6, 2014 CVE Number CVE-2014-3695 Description An exploitable denial of service vulnerability exists in Pidgin’s implementation of the Mxit protocol in the libpurple library. ...

Snort <= 2.8.5 - IPv6 DoS

No description provided by source. ============================================= - Date: October 22th, 2009 - Discovered by: Laurent Gaffi - Severity: Low ============================================= I. VULNERABILITY ------------------------- Snort = 2.8.5 IPV6 Remote DoS II. DESCRIPTION...

Sourcefire 3D Sensor & Defense Center 4.8.x Privilege Escalation Vuln

No description provided by source. Affected product ---------------- Sourcefire 3D Sensor and Defense Center 4.8.x Tested on 4.8.0.3 and 4.8.0.4, 3D Sensor 2500 & DC 1000 All 4.8.x releases, up to and including 4.8.1, confirmed vulnerable by sourcefire. Vulnerability details ---------------------...

Pidgin for Windows URL Handling Remote Code Execution Vulnerability

Talos Vulnerability Report VRT-2013-1003 Pidgin for Windows URL Handling Remote Code Execution Vulnerability January 26, 2014 CVE Number CVE-2013-6486 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of HTTP URL handling. An attacker can supply a...

Pidgin libpurple SIP/SIMPLE Content-Length Integer Overflow Vulnerability

Talos Vulnerability Report VRT-2013-1004 Pidgin libpurple SIP/SIMPLE Content-Length Integer Overflow Vulnerability January 26, 2014 CVE Number CVE-2013-6490 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of SIP/SIMPLE message handling. An attacker...

Martin Roesch on Snort's History and the Sourcefire Acquisition

Dennis Fisher talks with Martin Roesch, the author of the Snort IDS and founder of Sourcefire, about the evolution of Snort from a side project to an open-source security powerhouse to the technological basis for a hugely successful company. Download: digitalunderground119 Subscribe to the Digita...

Sourcefire Snort rule20275eval Buffer Overflow

A buffer overflow vulnerability has been reported in a pre-compiled Snort rule distributed by Sourcefire. The vulnerability is due to a stack buffer overflow in rule 3:20275.A remote attacker can exploit this issue by sending a malicious response packet containing a overly long message to the...

OpenVAS Command Injection

OpenVAS Security Advisory OVSA20121112 Date: 12th November 2012 Product: OpenVAS Manager Risk: Medium Summary It has been identified that OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied data when processing OMP requests. It has been identified th...

Al Huger on Malware Attribution and Why Defense is So Hard

Dennis Fisher talks with Al Huger of Sourcefire about the difficulty of tracking down the source of a malware infection, whether organizations should care about attribution after discovering an attack and why playing defense is so difficult. Download: digitalunderground103 Podcast audio courtesy ...

Snort 2 DCE/RPC preprocessor Buffer Overflow

Exploit for multiple platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core...

Snort 2 DCE/RPC Preprocessor Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Snort 2 DCE/RPC preprocessor Buffer...

Sourcefire Defense Center - multiple vulnerabilities.

Hi list, -- Product description from vendor site: The Sourcefire Defense CenterR management console is the "nerve center" of the Sourcefire 3DR System. It provides a powerful, easy-to-use interface for categorizing events, generating recurring reports, scheduling automated IPS, NGIPS, and NGFW...

Snort 2 DCE/RPC preprocessor Buffer Overflow

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

Snort 2 - DCE/RPC Preprocessor Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Snort 2 DCE/RPC preprocessor Buffer...

Sourcefire Defense Center multiple security vulnerabilities

Crossite scripting, unauthorized access...

Sourcefire Defense Center Multiple Security Vulnerabilities

Sourcefire Defense Center is prone to multiple security vulnerabilities, including multiple arbitrary-file-download vulnerabilities, an arbitrary-file-deletion vulnerability, a security- bypass vulonerability, and an HTML-injection vulnerability. Exploiting these vulnerabilities may allow an...

Sourcefire Defense Center File Download / Cross Site Scripting

-- Product description from vendor site: The Sourcefire Defense CenterR management console is the "nerve center" of the Sourcefire 3DR System. It provides a powerful, easy-to-use interface for categorizing events, generating recurring reports, scheduling automated IPS, NGIPS, and NGFW detection...

Sourcefire Defense Center < 4.10.2.3 Multiple Vulnerabilities - Active Check

Sourcefire Defense Center is prone to multiple vulnerabilities, including multiple arbitrary file download vulnerabilities, an arbitrary file deletion vulnerability, a security bypass vulnerability, and an HTML injection vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text...