CVE-2013-2159

Monkey HTTP Daemon: broken user name authentication...

Synology SSL VPN Client Man-in-the-Middle Attack Vulnerability

Synology SSL VPN Client is a VPN client software for connecting to internal encrypted networks from Synology. A security vulnerability exists in the HTTP daemon in Synology SSL VPN Client versions prior to 1.2.4-0224, which stems from the program's failure to enforce proper restrictions on the...

CVE-2018-8929

Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload...

Input validation

Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload...

CVE-2018-8929

Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload...

CVE-2018-8929

Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload...

CVE-2018-8929

Synology SSL VPN Client (HTTP daemon) prior to version 1.2.4-0224 is affected by CVE-2018-8929 due to improper restriction of the communication channel to intended endpoints, enabling remote attackers to conduct man-in-the-middle attacks with a crafted payload. The vulnerability is documented acr...

REMOTE CODE EXECUTION (CVE-2017-13772) WALKTHROUGH ON A TP-LINK ROUTER

INTRODUCTION In this post, I will be discussing my recent findings while conducting vulnerability research on a home router: TP-Link’s WR940N home WiFi router. This post will outline the steps taken to identify vulnerable code paths, and how we can exploit those paths to gain remote code executio...

The vulnerability of the httpd component in the OpenBSD operating system, which allows a hacker to cause a service failure.

The vulnerability of the httpd component in the OpenBSD operating system is related to resource management errors. Exploiting this vulnerability allows a malicious actor to trigger a service failure memory consumption by using specially crafted requests, utilizing the HTTP Range header...

Design/Logic Flaw

The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service memory consumption and process crash via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972...

CVE-2017-5997

The CVE-2017-5997 issue affects SAP Kernel’s Message Server HTTP daemon (SAP Kernel versions 7.21–7.49). The root cause is improper memory/resource handling when processing requests with a group parameter sized between 4 KB and 65 KB, which can lead to memory exhaustion and a denial of service (p...

mod_cluster: Protocol parsing logic error

An error was found in protocol parsing logic of modcluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process...

Dlink DWR-932B router is explosion multiple security vulnerabilities-vulnerability warning-the black bar safety net

Foreword According to security experts the latest discovery, the Dlink DWR-932B router in the presence of a large number of security vulnerabilities, including back doors, the back door account, the weak WPS, as well as a remote code execution vulnerability and so on. If you're on IOT Security...

D-Link DWR-932B Backdoors / Default WPS PIN

D-Link DWR-932B suffers from backdoor accounts, default WPS PIN, weak WPS PIN generation, and various other bad security practices and issues. Advisory Information Title: Multiple vulnerabilities found in the Dlink DWR-932B backdoor, backdoor accounts, weak WPS, RCE ... Advisory URL:...

D-Link DWR-932B Backdoors / Default WPS PIN

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: Multiple vulnerabilities found in the Dlink DWR-932B backdoor, backdoor accounts, weak WPS, RCE ... Advisory URL: https://pierrekim.github.io/advisories/2016-dlink-0x00.txt Blog URL:...

Trend Micro - Multiple HTTP Problems with CoreServiceShell.exe

Exploit for windows platform in category web applications Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=775 The main component of Trend Micro Antivirus is CoreServiceShell.exe, which runs as NT AUTHORITY\SYSTEM. The CoreServiceShell includes an HTTP daemon, which is used for...

Trend Micro - 'CoreServiceShell.exe' Multiple HTTP s

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=775 The main component of Trend Micro Antivirus is CoreServiceShell.exe, which runs as NT AUTHORITY\SYSTEM. The CoreServiceShell includes an HTTP daemon, which is used for redirecting network content inspection among other things...

Trend Micro - CoreServiceShell.exe Multiple HTTP s

Trend Micro - CoreServiceShell.exe Multiple HTTP s Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=775 The main component of Trend Micro Antivirus is CoreServiceShell.exe, which runs as NT AUTHORITY\SYSTEM. The CoreServiceShell includes an HTTP daemon, which is used for...

Gentoo Security Advisory GLSA 201309-17

Gentoo Linux Local Security Checks GLSA 201309-17 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...