Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability

A vulnerability in the application programming interface API of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to access and control the API resources. The vulnerability is due to improper input validation of HTTP...

Cisco Prime Infrastructure and Evolved Programmable Network Manager Authenticated Remote Code Execution Vulnerability

A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to upload arbitrary files and execute commands as the prime web user. The prime web user does not have the full privileges of root...

sNews CMS 1.7.1 CSRF / Cross Site Scripting / Code Execution

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt + ISR: APPARITIONSEC Vendor: ============ snewscms.com Product: ================ sNews CMS v1.7.1 Vulnerability Type: =================================== Persistent...

Nagios XI Incident Manager Integration Component SQL Injection

A SQL injection vulnerability has been reported in the Nagios Incident Manager IM integration component of Nagios XI. The vulnerability is due to insufficient parameter validation when processing HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a special...

Oracle Application Testing Suite Authentication Bypass (CVE-2016-0492)

An authentication bypass vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests. A remote attacker can exploit this vulnerability by sending crafted request to the vulnerable server...

Hyperoptic (Tilgin) Router HG23xx CSRF / Cross Site Scripting

Hyperoptic Tilgin Router HG23xx Multiple XSS And CSRF Vulnerabilities Vendor: Hyperoptic Ltd. | Tilgin AB Product web page: http://www.hyperoptic.com http://www.tilgin.com Affected version: HG2330, HG2302 and HG2301 Summary: Tilgin's HG23xx family of products offers a flexible and high capacity...

Oracle Application Testing Suite ActionServlet Authentication Bypass (CVE-2016-0487)

An authentication bypass vulnerability has been reported in the Oracle Application Testing Suite. The vulnerability is due to insufficient input validation by the ActionServlet servlet when processing HTTP requests. A remote, unauthenticated attacker could exploit this vulnerability by sending a...

Drale DBTableViewer 100123 - Blind SQL Injection

Drale DBTableViewer v100123 - Blind SQL Injection Exploit Title: drale DBTableViewer - SQL InjectionBlind/Error Base Date: 2016-06-08 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://drale.com/ Software Link:...

Drale DBTableViewer 100123 - Blind SQL Injection

Drale DBTableViewer 100123 - Blind SQL Injection Drale DBTableViewer v100123 - Blind SQL Injection Exploit Title: drale DBTableViewer - SQL InjectionBlind/Error Base Date: 2016-06-08 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://drale.com/ Software Link:...

Centreon 'POST' Parameter Multiple Vulnerabilities

Centreon is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:centreon:centreon"; ifdescription...

CVE-2016-3088

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request...

AjaxExplorer 1.10.3.2 - Multiple Vulnerabilities

Exploit for php platform in category web applications + Credits: hyp3rlinx + ISR: apparitionsec Vendor: ========== sourceforge.net smsid download linx: sourceforge.net/projects/ajax-explorer/files/ Product: ======================= AjaxExplorer v1.10.3.2 Manage server files through simple windows...

squid security update

CentOS Errata and Security Advisory CESA-2016:1138 An update for squid is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

ManageEngine Firewall Analyzer runQuery guest user SQL Injection

An SQL injection vulnerability exists in ManageEngine Firewall Analyzer. This vulnerability is due to the use of hardcoded credentials and insufficient validation of request parameters in HTTP requests to the runQuery servlet. By sending crafted requests to an affected server, a remote attacker c...

SolarWinds SRM Profiler SQL Injection (CVE-2016-4350)

An SQL injection vulnerability has been reported in SolarWinds Storage Manager Resource Monitor, Profiler Module. This vulnerability is due to insufficient validation in several parameters when processing HTTP requests. A remote, authenticated attacker could exploit this vulnerability by sending ...

Cisco Web Security Appliance Multiple DoS Vulnerabilities

According to its self-reported version, the Cisco Web Security Appliance WSA running on the remote host is affected by the following vulnerabilities : - A denial of service vulnerability exists in Cisco AsyncOS due to improper validation of packets when parsing HTTP POST requests. An...

CVE-2016-1382

Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance WSA devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service proxy-process reload via a crafted request, aka Bug ID CSCuu02529...

Design/Logic Flaw

Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance WSA devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service proxy-process reload via a crafted request, aka Bug ID CSCuu02529...

IBM Connections File Upload Vulnerability

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A file upload...

Trend Micro Antivirus Password Manager Code Injection

A code injection vulnerability exists in the Trent Micro Password Manager. The vulnerability is due to the Nodejs server incorrectly validating HTTP requests to the "/api/showSB" URI. A remote attacker could exploit this vulnerability by enticing a user to visit a maliciously crafted web page...