Legal Robot: CORS (Cross-Origin Resource Sharing)

Title: CORS Cross-Origin Resource Sharing Category: Others Affected URL: https://app.legalrobot.com/sockjs/info?cb=pcgb37npst Description: The application implements an HTML5 cross-origin resource sharing CORS policy for this request which allows access from any domain. Allowing access from all...

SimplePHPQuiz - Blind SQL Injection

Exploit for php platform in category web applications Exploit Title: SimplePHPQuiz - Blind SQL Injection Date: 2016-08-23 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/valokafor/SimplePHPQuiz Software Link:...

CVE-2016-6330

The server in Red Hat JBoss Operations Network JON, when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an...

Command injection

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance ASA Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute...

CVE-2016-1457

The CVE-2016-1457 issue affects Cisco Firepower Management Center (FMC) 4.x–5.x before 5.3.1.2 and 5.4.x before 5.4.0.1, and Cisco ASA 5500-X Series with FirePOWER Services in the same ranges. A remote authenticated user can execute arbitrary root commands by sending crafted HTTP requests due to ...

CVE-2016-1458

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance ASA Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before...

CVE-2016-1457

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance ASA Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.3 Service Pack 1 security update

Updated packages that provide Red Hat JBoss Web Server 3.0.3 Service Pack 1 and fixes two security issues and a bug with ajp processors are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

Cisco Firepower Management Center Remote Command Execution Vulnerability

A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance ASA 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability is due...

Cisco Firepower Management Center Remote Command Execution Vulnerability

A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance ASA 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability is due...

Cisco Firepower Management Center Privilege Escalation Vulnerability

A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance ASA 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device. The vulnerability is due to...

Scientific Linux Security Update : php on SL7.x x86_64 (20160811) (httpoxy)

Security Fixes : - It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker- controlled proxy via a malicious HTTP request. CVE-2016-5385 Bug Fix...

Harvest: Unauthorized access to all the actions of invoices by PM (Access control Issues)

Hi Team, Description : Project ManagerFull access Can't access the projects and invoices which are not assigned to him.But this can be bypassed and following action Can be done by Any project manager : 1. Mark as send 2.Mark as draft 3.Mark as closed 4.Mark as open Any manager Can change above...

Scientific Linux Security Update : php on SL6.x i386/x86_64 (20160811) (httpoxy)

Security Fixes : - It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker- controlled proxy via a malicious HTTP request. CVE-2016-5385...

Microsoft Edge GetRefererUrl Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Microsof...

NUUO 3.0.8 Add Admin Cross Site Request Forgery

i? input type="hidden" name="add...

NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery (Add Admin)

NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery Add Admin input type="hidden" name="password2" value=...

MongoDB phpMoAdmin Unauthenticated Remote Code Execution (CVE-2015-2208)

A remote code execution vulnerability exists in MongoDB administration tool for PHP. The vulnerability is due to insufficient validation of user supplied input when processing HTTP requests. A remote authenticated attacker could exploit this vulnerability by sending a malicious request...

phpMyAdmin Multiple Information Disclosure Vulnerabilities

phpMyAdmin is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability

A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. The vulnerability is due to improper input validation of HTTP requests. A...