Vulnerability analysis cisco analysis tools-vulnerability warning-the black bar safety net

cisco Auditing: A small security audit tools, scanning Cisco router General vulnerabilities, such as default passwords, SNMP community strings and some of the old IOS bugs. CAT-h xx. xx. xx. xx. cisco-global-exploiter:cisco vulnerability penetration testing, there are 14 different vulnerabilities...

fingerprint-strings NSE Script

Prints the readable strings from service fingerprints of unknown services. Nmap's service and application version detection engine sends named probes to target services and tries to identify them based on the response. When there is no match, Nmap produces a service fingerprint for submission...

DEBIAN-CVE-2016-9373

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private...

UBUNTU-CVE-2016-9373

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private...

php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used

The graphemestripos function in ext/intl/grapheme/graphemestring.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a negative offset...

CVE-2015-8969

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library...

mod_nss: Invalid handling of +CIPHER operator

A flaw was found in the way modnss parsed certain OpenSSL-style cipher strings. As a result, modnss could potentially use ciphers that were not intended to be enabled...

Low: Red Hat Security Advisory: mod_nss security, bug fix, and enhancement update

An update for modnss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

USN-3116-1 dbus vulnerabilities

It was discovered that DBus incorrectly validated the source of ActivationFailure signals. A local attacker could use this issue to cause a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2015-0245 It was discovered that DBus incorrectly handled certain...

Oracle E-Business Multiple Vulnerabilities (October 2016 CPU)

The version of Oracle E-Business installed on the remote host is missing the October 2016 Oracle Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the OpenSSL subcomponent in the EVPEncodeUpdate function within file...

CVE-2016-4303

The parsestring function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service crash or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow...

CVE-2016-4303

The parsestring function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service crash or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow...

CVE-2016-4303

The parsestring function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service crash or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow...

CVE-2016-0248

IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors...

CVE-2016-0248

IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors...

DEBIAN-CVE-2016-5017

Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string...

Apache Zookeeper Buffer Overflow Vulnerability

Apache Zookeeper is a software project of the U.S. Apache Apache Software Foundation, which can provide open source distributed configuration services, synchronization services, and naming registry for large-scale distributed computing. A buffer overflow vulnerability exists in the C cli shell in...

International Components for Unicode Stack Buffer Overflow Vulnerability

International Components for Unicode ICU is the U.S. IBM and other companies to develop a C / C + + and Java programming languages provide a complete set of Unicode data manipulation function library, but also an open-source project to support the internationalization of software. A stack buffer...

H2O use of externally-controlled format string

Overview H2O is an open source web server software. H2O uses externally-controlled format strings CWE-134 in the code which output error logs. Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information...

rubygem-actionview: cross-site scripting flaw in Action View

It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting XSS attack...