Red Hat JBoss EAP - Deserialization of Untrusted Data

Red Hat JBoss EAP - Deserialization of Untrusted Data Security Advisory @ Mediaservice.net Srl 05, 23/11/2016 Data Security Division Title: Red Hat JBoss EAP deserialization of untrusted data Application: JBoss EAP 5.2.X and prior versions Description: The application server deserializes untruste...

slowloris - Low bandwidth DoS tool

Slowloris is basically an HTTP Denial of Service attack that affects threaded servers. It works like this: 1. We start making lots of HTTP requests. 2. We send headers periodically every 15 seconds to keep the connections open. 3. We never close the connection unless the server does so. If the...

Atlassian Crucible Server < 3.10.0 Multiple Vulnerabilities

Binary data 9782.prm...

WININET CHttpHeaderParser::ParseStatusLine Out-Of-Bounds Read

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the eight entry in that series, although this particular vulnerability does not just affect web-browsers, but all applications that use WININET to make HTTP requests...

Atlassian JIRA 6.4.x < 6.4.10 CSRF / XSRF (Bar Mitzvah)

Binary data 9736.prm...

Atlassian JIRA 6.1.x < 6.1.5 Mutliple CSRF / XSRF

Binary data 9733.prm...

CURL-CVE-2016-8621 curl_getdate read out of bounds

The curlgetdate converts a given date string into a numerical timestamp and it supports a range of different formats and possibilities to express a date and time. The underlying date parsing function is also used internally when parsing for example HTTP cookies possibly received from remote serve...

InfraPower PPS-02-S Q213V1 Cross Site Request Forgery

InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Summary: InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the...

InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Summary: InfraPower Manager PPS-02-S is a FREE built-in GUI o...

InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery

InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Summary: InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the...

InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery

InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Summary: InfraPower Manager PPS-02-S is a FREE built-in GUI...

Amazon Linux: Security Advisory (ALAS-2016-725)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2016-741)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors...

CVE-2016-0239

IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors...

CVE-2016-0239

IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors...

CVE-2016-0239

CVE-2016-0239 affects IBM Security Guardium Database Activity Monitor (versions 9.0, 9.1, 9.5 before p700; 10.0, 10.0.1 before p100). A remote authenticated attacker can issue an HTTP request with administrator privileges due to an improper authorization vulnerability. IBM’s bulletin lists remedi...

CVE-2016-0239

IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors...

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...