16 matches found
Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop', 'Description' = %q This module exploits a denial of service flaw in the Microsoft...
Citrix Systems Secure Access å®å Øę¼ę“
Citrix Systems Secure Access is a secure access solution from Citrix Systems, Inc. A security vulnerability exists in Citrix Systems Secure Access versions prior to 23.5.1.3 that originates from the installation of a standard user account access endpoint from a vulnerable client that can escalate...
PT-2022-26113 Ā· NextcloudĀ +1 Ā· Nextcloud Desktop ClientĀ +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client version 3.6.0 Description: The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or...
CVE-2017-17023
The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering www.ncp-e.com. The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows...
Security Bulletin: DS8870 Release 7.x affected by a vulnerability in OpenSSL (CVE-2014-0224)
Summary Security vulnerabilities have been discovered in OpenSSL which impact the management port on DS8870 R7.x Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and server...
Buffer overflow
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format ARF files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitati...
CVE-2017-2780
An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially...
CVE-2017-2782
An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially...
FileZilla FTP Client Remote Denial of Service Vulnerability
FileZilla FTP Client is a free FTP client software. The software supports intermittent file transfers, site management, and encryption. FileZilla FTP Client suffers from a remote denial of service vulnerability. An attacker can exploit this vulnerability to crash the affected application and deny...
Drupal 4.0 News Message HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5801/info Problems with Drupal could allow an attacker to execute arbitrary script code in a vulnerable client. Drupal fails to sufficiently filter potentially malicious HTML code from news posts. As a result, when a user...
SecureCRT <= 4.0 Beta 2 SSH1 Buffer Overflow
No description provided by source. $Id: securecrtssh1.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...
Internet Explorer Data Stream Handling Memory Corruption (MS08-024; CVE-2008-1085)
Microsoft Internet Explorer IE is a web browser application that supports a wide range of WWW standard protocols and content formats. Besides HTML page and graphic images, various non-HTML content can be downloaded using IE. These contents, however, cannot be processed natively by IE. A set of...
Telnet Client Information Disclosure Vulnerability
Overview A vulnerability in the handling of the NEW-ENVIRON command allows a malicious telnet server to gain information from a client's environment variables. Description The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telne...
Mtp-Target 1.2.2 Client - Remote Format String
Mtp-Target 1.2.2 Client - Remote Format String source: https://www.securityfocus.com/bid/13460/info A remote format string vulnerability affects Mtp-Target Client. This issue is due to a failure of the application to securely call a formatted printing function. An attacker may leverage this issue...
Gearbox Software Halo Game 1.x - Client Remote Denial of Service
source: https://www.securityfocus.com/bid/11724/info The Halo game client is reported prone to a remote denial of service vulnerability. It is reported that when using the in game browser to view a server list, a malicious reply from a server may crash the affected client. A remote attacker may...
NPDS 4.8 - News Message HTML Injection
NPDS 4.8 - News Message HTML Injection source: https://www.securityfocus.com/bid/5797/info Problems with NPDS could make it possible to execute arbitrary script code in a vulnerable client. NPDS does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user...