Debian DSA-3796-1 : apache2 - security update

Several vulnerabilities were discovered in the Apache2 HTTP server. - CVE-2016-0736 RedTeam Pentesting GmbH discovered that modsessioncrypto was vulnerable to padding oracle attacks, which could allow an attacker to guess the session cookie. - CVE-2016-2161 Maksim Malyutin discovered that malicio...

[SECURITY] [DSA 3796-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3796-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 26, 2017 https://www.debian.org/security/faq -...

EasyCom SQL iPlug Denial Of Service Exploit

EasyCom SQL iPlug suffers from a denial of service vulnerability. + Credits: John Page AKA Hyp3rlinX + Website: hyp3rlinx.altervista.org Vendor: ================ easycom-aura.com Product: =========== SQL iPlug EasycomPHP4.0029.iC8im2.exe SQL iPlug provides System i applications real-time access t...

Design/Logic Flaw

IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference : 1998648...

CVE-2016-8986

IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference : 1998648...

CVE-2016-8986

IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference : 1998648...

EasyCom For PHP 4.0.0 - Denial of Service Exploit

Exploit for windows platform in category dos / poc + Credits: John Page AKA Hyp3rlinX + Website: hyp3rlinx.altervista.org Vendor: ================ easycom-aura.com Product: =========== SQL iPlug EasycomPHP4.0029.iC8im2.exe SQL iPlug provides System i applications real-time access to heterogeneous...

Ubuntu 14.04 LTS : Tomcat vulnerability (USN-3204-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3204-1 advisory. It was discovered that Tomcat incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to cause Tomcat to consume resources,...

USN-3204-1: Tomcat vulnerability

It was discovered that Tomcat incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to cause Tomcat to consume resources, resulting in a denial of service...

Lyst: SSRF at iris.lystit.com

Server Side Request Forgery Host: iris.lystit.com Route: /models Summary This vulnerability allows unauthenticated attacker to make arbitrary server-side HTTP GET requests, e.g. issue HTTP-requests to internal hosts and resources, limitedly scan ports, potentially bypass some restrictions for...

Cisco Prime Collaboration Assurance Directory Listing Unauthorized Access Vulnerability

A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could...

CVE-2017-5168

An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a...

Path traversal

An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a...

SonicDICOM PACS 2.3.2 CSRF Add Admin Exploit

Exploit for windows platform in category web applications SonicDICOM PACS 2.3.2 CSRF Add Admin Exploit Vendor: JIUN Corporation Product web page: https://www.sonicdicom.com Affected version: 2.3.2 and 2.3.1 Summary: SonicDICOM is PACS software that combines the capabilities of DICOM Server with w...

SonicDICOM PACS 2.3.2 - Cross-Site Request Forgery (Add Admin)

SonicDICOM PACS 2.3.2 CSRF Add Admin Exploit Vendor: JIUN Corporation Product web page: https://www.sonicdicom.com Affected version: 2.3.2 and 2.3.1 Summary: SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Desc: The application...

HP Smart Storage Administrator 2.30.6.0 - Remote Command Injection Exploit

Exploit for multiple platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "HP Smart Storage Administrator Remote Command Injection", 'Description' = ...

TrueConf Server 4.3.7 Cross Site Scripting / Open Redirect / CSRF

TrueConf Server v4.3.7 Multiple Remote Web Vulnerabilities Vendor: TrueConf LLC Product web page: https://www.trueconf.com Affected version: 4.3.7.12255 and 4.3.7.12219 Summary: TrueConf Server is a powerful, high-quality and highly secured video conferencing software server. It is specially...

TrueConf Multiple Vulnerabilities (Jan 2017)

TrueConf is prone to multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Advantech WebAccess SQLi

Binary data scadaadvantechwebaccesscve-2017-5154.nbin...

TrueConf Server 4.3.7 - Multiple Vulnerabilities

TrueConf Server v4.3.7 Multiple Remote Web Vulnerabilities Vendor: TrueConf LLC Product web page: https://www.trueconf.com Affected version: 4.3.7.12255 and 4.3.7.12219 Summary: TrueConf Server is a powerful, high-quality and highly secured video conferencing software server. It is specially...