FreeBSD, NetBSD Security Vulnerabilities

Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure

Aptina AR0130 960P 1.3MP Camera - Remote Configuration...

SecuSTATION IPCAM-130 HD Camera Remote Configuration Disclosure

...

CVE-2012-5363

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than...

CVE-2012-5365

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing...

CVE-2012-5363

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than...

CVE-2012-5365

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing...

Information disclosure

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing...

Design/Logic Flaw

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than...

CVE-2012-5363

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than...

CVE-2012-5365

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing...

OpenSMTPD 6.6.1 Local Privilege Escalation

...

OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution

...

OpenSMTPD 6.4.0 6.6.1 - Local Privilege Escalation + Remote Code Execution

OpenSMTPD 6.4.0 6.6.1 - Local Privilege Escalation + Remote Code...

OpenSMTPD 6.6.1 - Local Privilege Escalation Exploit

...

Cisco Discovery Protocol (CDP) enabled devices are vulnerable to denial-of-service and remote code execution

Overview Cisco Discovery Protocol (CDP) is a proprietary layer-2 networking protocol that Cisco devices use to gather information about devices connected to the network. Armis Security found that CDP supported devices are vulnerable to heap overflow in Cisco IP Cameras (CVE-2020-3110), stack...

OpenSMTPD vulnerable to local privilege escalation and remote code execution

Overview Qualys Research Labs found that the smtp_mailaddr() function in OpenSMTPD version 6.6 does not properly sanitize user input, which could allow a local attacker to escalate their privileges, and allow either a local or remote attacker to execute arbitrary code as root. Description...

Aircrack-ng 1.6 - Complete Suite Of Tools To Assess WiFi Network Security

Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools. Attacking: Replay attacks, deauthentication, fake access points and...

Common Desktop Environment 2.3.1 Buffer Overflow Exploit

A buffer overflow in the CheckMonitor() function in the Common Desktop Environment 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious...

Common Desktop Environment 2.3.1 Buffer Overflow

...

CVE-2011-2480

Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to...

CVE-2011-2480

Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to...

Information disclosure

Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to...

CVE-2011-2480

Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to...

CVE-2011-2480

Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to...

Nostromo - Directory Traversal Remote Command Execution (Metasploit)

...

Nostromo 1.9.6 Directory Traversal / Remote Command Execution

...

Nostromo 1.9.6 Directory Traversal / Remote Command Execution Exploit

This Metasploit module exploits a remote command execution vulnerability in Nostromo versions 1.9.6 and below. This issue is caused by a directory traversal in the function http_verify in nostromo nhttpd allowing an attacker to achieve remote code execution via a crafted HTTP...

Nostromo Directory Traversal Remote Command Execution

This module exploits a remote command execution vulnerability in Nostromo <= 1.9.6. This issue is caused by a directory traversal in the function http_verify in nostromo nhttpd allowing an attacker to achieve remote code execution via a crafted HTTP...

CVE-2019-15901

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on certain platforms: Linux and possibly NetBSD) with a single setuid(2) call. This resulted in neither.....

CVE-2019-15901

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on certain platforms: Linux and possibly NetBSD) with a single setuid(2) call. This resulted in neither.....

Design/Logic Flaw

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on certain platforms: Linux and possibly NetBSD) with a single setuid(2) call. This resulted in neither.....

CVE-2019-15901

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on certain platforms: Linux and possibly NetBSD) with a single setuid(2) call. This resulted in neither.....

WordPress Core 5.2.3 - Cross-Site Host Modification

...

WordPress 5.2.3 - Cross-Site Host Modification

WordPress 5.2.3 - Cross-Site Host...

WordPress 5.2.3 - Cross-Site Host Modification Exploit

Exploit for php platform in category web...

WordPress 5.2.3 Remote Cross Site Host Modification

...

Cisco Email Security Virtual Appliance C370 IronPort Header Injection

...

Cisco Email Security Virtual Appliance C600V IronPort Header Injection

...

OpenSSH < 5.9 Multiple DoS

The version of OpenSSH running on the remote host is prior to version 5.9. Such versions are affected by multiple denial of service vulnerabilities: A denial of service vulnerability exists in the gss-serv.c 'ssh_gssapi_parse_ename' function. A remote attacker may be able to trigger this...

Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks

Overview The encryption key length negotiation process in Bluetooth BR/EDR Core v5.1 and earlier is vulnerable to packet injection by an unauthenticated, adjacent attacker that could result in information disclosure and/or escalation of privileges. This can be achieved using an attack referred to.....

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Overview Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. Description The Security Considerations section of RFC7540 discusses some of the considerations needed for HTTP/2 connections as they demand more resources to operate than HTTP/1.1 connections.....

NewStart CGSL MAIN 4.05 : openssh-latest Multiple Vulnerabilities (NS-SA-2019-0146)

The remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by multiple vulnerabilities: scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded...

honggfuzz vulnerability mining technology principle analysis-vulnerability warning-the black bar safety net

Google AFL(WinAFL), the libfuzzer and honggfuzz is the most famous of the three based on code coverage fuzzer is. Online on the AFL(WinAFL)analysis of the articles more, and on the latter two Analysis Articles less. Before the spring brother has written about honggfuzz article: honggfuzz...

Lynis 2.7.5 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

Denial Of Service (DoS)

openssl is vulnerable to denial of service (DoS). The vulnerabaility exists through a memory leak in...

NAXSI - An Open-Source, High Performance, Low Rules Maintenance WAF For NGINX

NAXSI means Nginx Anti XSS & SQL Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing 99% of known patterns involved in website vulnerabilities. For...

Broadcom WiFi chipset drivers contain multiple vulnerabilities

Overview The Broadcom wl driver and the open-source brcmfmac driver for Broadcom WiFi chipsets contain multiple vulnerabilities. The Broadcom wl driver is vulnerable to two heap buffer overflows, and the open-source brcmfmac driver is vulnerable to a frame validation bypass and a heap buffer...

WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant

Overview Multiple vulnerabilities have been identified in WPA3 protocol design and implementations of hostapd and wpa_supplicant, which can allow a remote attacker to acquire a weak password, conduct a denial of service, or gain complete authorization. These vulnerabilities have also been referred....

VPN applications insecurely store session cookies

Overview Multiple Virtual Private Network (VPN) applications store the authentication and/or session cookies insecurely in memory and/or log files. Description Virtual Private Networks (VPNs) are used to create a secure connection with another network over the internet. Multiple VPN applications...

[SECURITY] [DLA 1749-1] golang security update

Package : golang Version : 2:1.3.3-1+deb8u2 CVE ID : CVE-2019-9741 Debian Bug : #924630 It was discovered that there was a CRLF injection attack in the Go programming language runtime library. Passing \r\n to http.NewRequest could allow execution of arbitrary HTTP headers...