Denial of service

The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

Denial Of Service (DoS)

actionpack is vulnerable to denial of service. An attacker can inject a malicious Accept header into the mime type parser in Action Dispatch causing it to go into a catastrophic backtracking in the regular expression engine...

Trump campaign website defaced with “site seizure” notice

By Waqas According to researchers, one probability is that the attackers used compromised credentials to sign into the Expression Engine used by the Trump campaign website. This is a post from HackRead.com Read the original post: Trump campaign website defaced with "site seizure" notice...

CVE-2020-3408 Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability

A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability occurs because the regular expression regex engine that...

Remote Code Execution

sonatype nxrm is vulnerable to remote code execution. The EL expression engine to process EL expressions is not wrapped by the standard delimiters $, allowing an attacker with any type of account on NXRM to execute arbitrary code by crafting a malicious request to NXRM...

WAFW00F v1.0.0 - Detect All The Web Application Firewall!

WAFW00F identifies and fingerprints Web Application Firewall WAF products. How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of potentially...

FreeBSD : apache -- multiple vulnerabilities (f38187e7-2f6e-11e8-8f07-b499baebfeaf)

The Apache httpd reports : Out of bound write in modauthnzldap with AuthLDAPCharsetConfig enabled CVE-2017-15710 modsession: CGI-like applications that intend to read from modsession's 'SessionEnv ON' could be fooled into reading user-supplied data instead. CVE-2018-1283 modcachesocache: Fix...

Expression Engine 3.4.2: Code Reuse Attack

RIPS Analysis The analysis with RIPS took about 4 minutes. Overall, the code of Expression Engine seems to be very robust. Still our analysis results point out some vulnerabilities. RIPS detected mainly possibilities for a malicious user to embed HTML and JavaScript code via the administration...

UBUNTU-CVE-2016-1688

The regexp aka regular expression implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service out-of-bounds read via crafted JavaScript code...

DEBIAN-CVE-2016-3191

The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based...

DEBIAN-CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

Scientific Linux Security Update : ruby on SL3.x, SL4.x, SL5.x i386/x86_64

The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. CVE-2008-3905 Ruby's XML document parsing module REXML was prone to a denial of service...

Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities - Windows

Mozilla Firefox is prone to memory corruption and integer underflow vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Vulnerability in plugins for Typepad, RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS, PHP-Fusion, Magento and Sweetcron

Hello 3APA3A! I want to warn you about Cross-Site Scripting vulnerability in multiple plugins for different engines it's combinations of my three publications which I've made earlier at my site. In plugins for Typepad, RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS,...

WP-Cumulus Variants Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting vulnerability in multiple plugins for different engines it's combinations of my two publications which I've made last week at my site. In plugins for RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS, PHP-Fusion,...

RedHat Update for ruby RHSA-2008:0897-01

Check for the Version of ruby OpenVAS Vulnerability Test RedHat Update for ruby RHSA-2008:0897-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

CentOS Update for irb CESA-2008:0897 centos4 x86_64

Check for the Version of irb OpenVAS Vulnerability Test CentOS Update for irb CESA-2008:0897 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

CentOS Update for irb CESA-2008:0897 centos4 i386

Check for the Version of irb OpenVAS Vulnerability Test CentOS Update for irb CESA-2008:0897 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CentOS Update for irb CESA-2008:0896 centos3 i386

Check for the Version of irb OpenVAS Vulnerability Test CentOS Update for irb CESA-2008:0896 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

RHEL 2.1 : ruby (RHSA-2008:0895)

Updated ruby packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming....