637 matches found
CVE-2015-0725
Cisco Videoscape Distribution Suite Service Broker aka VDS-SB, when a VDSM configuration on UCS is used, and Videoscape Distribution Suite for Internet Streaming aka VDS-IS or CDS-IS before 3.3.1 R7 and 4.x before 4.0.0 R4 allow remote attackers to cause a denial of service device reload via a...
Code injection
Cisco Videoscape Distribution Suite Service Broker aka VDS-SB, when a VDSM configuration on UCS is used, and Videoscape Distribution Suite for Internet Streaming aka VDS-IS or CDS-IS before 3.3.1 R7 and 4.x before 4.0.0 R4 allow remote attackers to cause a denial of service device reload via a...
CVE-2013-1753
The gzipdecode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service memory consumption via a crafted HTTP request...
CVE-2015-0745
CVE-2015-0745 affects Cisco Headend System Release. The issue stems from improper input validation of HTTP request headers, allowing remote unauthenticated attackers to craft requests (via URL manipulation) to read temporary script or archive files and obtain sensitive information. Impact is info...
CVE-2015-0701
Cisco UCS Central Software before 1.31a allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961...
Cross site request forgery (csrf)
EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request...
Symantec Data Center Security Server SQLi (SYM15-001)
The remote Symantec Data Center Security Server running on the remote host is affected by a SQL injection vulnerability in the '/sis-ui/authenticate' script on the web console interface. A remote attacker, using a crafted HTTP request, can exploit this to execute SQL queries, allowing the...
Apache HTTP Server mod_dav MERGE Request Denial of Service - Ver2 (CVE-2013-1896)
A denial of service vulnerability has been reported in the moddav component of Apache HTTP Server. The vulnerability is due to a NULL pointer dereference when processing a MERGE request with a URI whose source href points to a non-DAV configured URI. A remote attacker can send a crafted HTTP...
Cross site request forgery (csrf)
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request...
CVE-2014-0754
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103...
Cart Engine 3.0 XSS / Open Redirect / SQL Injection
=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...
CVE-2014-3306
The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808...
EFS Software Easy File Management Web Server UserID Buffer Overflow
A stack buffer overflow vulnerability exist in Easy File Management Web Server. The vulnerability is due to an boundary error when handling UserID cookie. An unauthenticated remote attacker could exploit this vulnerability by sending a crafted HTTP request to the vulnerable server...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to inject arbitrary web script or HTML via a crafted HTTP request to a 1 ColdFusion or 2 JavaScript component...
Directory traversal
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-16...
CVE-2013-2808
Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote...
CVE-2013-2808
Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote...
CVE-2013-2808
Philips Xper vulnerability CVE-2013-2808 is a heap-based buffer overflow in Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Flex Cardio XperConnect broker environments. The issue allows remote execution of code via a cra...
Canon Wireless Printer Denial Of Service
The HTTP management interface on several models of Canon Wireless printers allows for a Denial of Service DoS condition via a crafted HTTP request. Note: if this module is successful, the device can only be recovered with a physical power cycle. This module requires Metasploit:...
Apache HTTP Server mod_rewrite Log File Manipulation Vulnerability
A vulnerability in the dorewritelog function of Apache HTTP Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper handling of certain escape sequences by the affected software. An unauthenticated, remote attacker could...