CVE-2016-5573

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

Atlassian Confluence Server < 5.2 Multiple Vulnerabilities

Binary data 9639.prm...

Cisco Cloud Services Platform 2.x < 2.1.0 Multiple Vulnerabilities

According to its self-reported version number, the remote Cisco Cloud Services Platform CSP device is 2.x prior to 2.1.0. It is, therefore, affected by the following vulnerabilities : - A command injection vulnerability exists in the web-based GUI due to improper sanitization of user-supplied...

Cisco Unified Communications Manager iFrame Data Clickjacking Vulnerability

The Cisco Unified Communications Manager CUCM may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. Protection mechanisms should be used to prevent this type of attack. The vulnerability is due to a lack of proper...

Updated python-twisted-web packages fix a security vulnerability

It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote...

MGASA-2016-0340 Updated python-twisted-web packages fix a security vulnerability

It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote...

Cisco Prime Infrastructure Authentication Bypass API Vulnerability (cisco-sa-20160629-piauthbypass) - Active Check

A vulnerability in the application programming interface API of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to access and control the API resources. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and ar...

CentOS Update for python-twisted-web CESA-2016:1978 centos6

Check the version of python-twisted-web SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882570";...

CentOS 6 / 7 : python-twisted-web (CESA-2016:1978)

An update for python-twisted-web is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Important: Red Hat Security Advisory: python-twisted-web security update

An update for python-twisted-web is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

IBM Security Guardium Database Activity Monitor Privilege Gain Vulnerability

IBM Security Guardium Database Activity Monitor is a database activity monitor product from IBM USA. A security vulnerability exists in IBM Security Guardium Database Activity Monitor, which can be exploited by remote attackers to send HTTP requests with administrator privileges...

Unspecified Vulnerability in IBM Tealeaf Customer Experience Replay Serve

IBM Tealeaf Customer Experience is a SaaS Software-as-a-Service based analytics solution for web and mobile applications from IBM, USA. The solution helps clients improve the overall user experience by analyzing and understanding data, and supports the adoption of advanced user interfaces for ric...

Nagios Network Analyzer Report Generator Command Injection

A command injection vulnerability exists in Nagios Network Analyzer. The vulnerability is due to improper validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability by sending maliciously crafted HTTP requests to the target server. Successful exploitation...

Micro Focus NetIQ Sentinel Server SentinelContext Authentication Bypass (CVE-2016-1605)

The vulnerability is due to a flaw in SentinelContext Java class that allows a user to retrieve a valid authentication cookie from the vulnerable server by providing "admin" user name in an HTTP request. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP...

Code injection

Cisco AsyncOS through 9.5.0-444 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service link saturation by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219...

Micro Focus NetIQ Sentinel Server ReportViewServlet Directory Traversal (CVE-2016-1605)

The vulnerability is due to insufficient validation of fileName parameter within the ReportViewServlet servlet. A remote, authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation allows the attacker to read the content ...

CVE-2016-1469

The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service device outage via a series of malformed HTTP requests, aka Bug ID CSCut67385...

CVE-2016-1469

The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service device outage via a series of malformed HTTP requests, aka Bug ID CSCut67385...

Cisco Small Business 220 Series Smart Plus Switches Web Interface Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business 220 Series Smart Plus Sx220 Switches could allow an unauthenticated, remote attacker to cause the web-based management interface of an affected device to stop responding, resulting in a partial denial of service DoS...

ZKTeco ZKBioSecurity 3.0 - Cross-Site Request Forgery (Add Superadmin)

Exploit for jsp platform in category web applications !-- ZKTeco ZKBioSecurity 3.0 CSRF Add Superadmin Exploit Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel:...