CVE-2019-0388

CVE-2019-0388 affects the SAP UI5 HTTP Handler and is due to insufficient URL validation, enabling an attacker to manipulate content. The vulnerability is addressed by fixes in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 v2.0. Exploitation details are not provided in the connected ...

SAP UI5 HTTP Handler CVE-2019-0388 Unspecified Content Spoofing Vulnerability

Description SAP UI5 HTTP Handler is prone to an unspecified content-spoofing vulnerability. Attackers can exploit this issue to manipulate and spoof content, which may aid in further attacks. Technologies Affected SAP SAPUI5 SAP UI 7.5 SAP UI 7.51 SAP UI 7.52 SAP UI 7.53 SAP UI 7.54 Recommendatio...

openSUSE Security Update : znc (openSUSE-2019-571)

This update for znc fixes the following issues : - Update to version 1.7.1 - CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 - CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...

openSUSE Security Update : znc (openSUSE-2018-819)

This update for znc fixes the following issues : - Update to version 1.7.1 - CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 - CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...

Security update for znc (moderate)

This update for znc fixes the following issues: - Update to version 1.7.1 CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...

Security update for znc (moderate)

This update for znc fixes the following issues: - Update to version 1.7.1 CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...

CVE-2018-3628

Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet...

Buffer overflow

Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet...

CVE-2018-3628

Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet...

Kaseya Virtual System Administrator Authenticated Remote File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is required to exploit this vulnerability. The specific flaw exists within the json.ashx HTTP handler, which does not restrict destination file...

CVE-2014-7999

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565...

CVE-2014-7994

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID...

Code injection

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565...

Design/Logic Flaw

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012...

CVE-2014-7994

CVE-2014-7994 affects Cisco Meraki MS, MR, and MX devices with firmware prior to 2014-09-24. An attacker who knows a cross-device secret and a per-device secret can trigger arbitrary commands by sending a request to an unspecified HTTP handler on the local network. Root cause: flawed authenticati...

CVE-2014-7999

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565...

CVE-2014-7993

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012...

CVE-2014-7993

Cisco Meraki HTTP Handler Local Information Disclosure vulnerability (CVE-2014-7993) affects Cisco Meraki MS, MR, and MX devices with firmware prior to 2014-09-24. An HTTP handler that does not require requests to originate from the Meraki cloud allows LAN-adjacent attackers to obtain sensitive c...

Cisco Meraki HTTP Handler Local Information Disclosure Vulnerability

A vulnerability in an HTTP handler in Cisco Meraki firmware occurs because the handler does not require requests to come only from the Meraki cloud. This vulnerability could allow a LAN-based attacker to obtain sensitive credential information. An unauthenticated, remote attacker on an adjacent...

HttpCombiner ASP.NET - Remote File Disclosure Vulnerability

No description provided by source. Exploit Title: HttpCombiner ASP.NET Remote File Disclosure Vulnerability Google Dork: filetype:txt intext:HttpCombiner.ashx Date: 2014-10-10 Exploit Author: Hoang Anh Thai Vendor Homepage:...