Oracle ATS DownloadServlet exportFileName Directory Traversal (CVE-2016-0486)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter exportFileName. A remote unauthenticated attacker can exploit this vulnerability by...

Oracle ATS DownloadServlet TMAPReportImage Directory Traversal (CVE-2016-0480)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter TMAPReportImage. A remote unauthenticated attacker can exploit this vulnerability by...

Oracle ATS DownloadServlet scheduleReportName Directory Traversal (CVE-2016-0481)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter scheduleReportName. A remote unauthenticated attacker can exploit this vulnerability...

Oracle Application Testing Suite DownloadServlet scenario Directory Traversal (CVE-2016-0477)

A directory traversal vulnerability exists in the in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/olt/download" URI. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious...

Cisco Wireless LAN Controller Denial of Service Vulnerability (CNVD-2016-02517)

The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. A denial of service vulnerability in the Bonjour Task Manager for Cisco Wireless LAN Controller WLC Software allows remote attackers ...

The vulnerability of the Cisco Evolved Programmable Network Manager and the Cisco Prime Infrastructure network lifecycle management software allows attackers to circumvent existing RBAC restrictions and increase their privileges.

The vulnerability of the Cisco Evolved Programmable Network Manager and the Cisco Prime Infrastructure network lifecycle management software is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing RBAC restrictions and increase their...

Gateway Edge Service: Zuul

Zuul is a gateway service that provides dynamic routing, monitoring, resiliency, security, and more. Zuul is the front door for all requests from devices and web sites to the backend of the Netflix streaming application. As an edge service application, Zuul is built to enable dynamic routing,...

Hikvision Digital Video Recorder - Cross-Site Request Forgery

Hikvision Digital Video Recorder - Cross-Site Request Forgery 3tes2ttest2password...

Hikvision Digital Video Recorder - Cross-Site Request Forgery

3tes2ttest2b...

Hikvision Digital Video Recorder Cross-Site Request Forgery

Summary Hikvision is the global leader of video surveillance products and solutions, manufactures a wide range of top-quality, reliable, and professional solutions. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity chec...

CVE-2015-6313

Cisco TelePresence Server 4.12.29 through 4.24.17 on 7010; Mobility Services Engine MSE 8710; Multiparty Media 310, 320, and 820; and Virtual Machine VM devices allows remote attackers to cause a denial of service memory consumption or device reload via crafted HTTP requests that are not followed...

Code injection

Cisco TelePresence Server 4.12.29 through 4.24.17 on 7010; Mobility Services Engine MSE 8710; Multiparty Media 310, 320, and 820; and Virtual Machine VM devices allows remote attackers to cause a denial of service memory consumption or device reload via crafted HTTP requests that are not followed...

CVE-2015-6313

Cisco TelePresence Server 4.12.29 through 4.24.17 on 7010; Mobility Services Engine MSE 8710; Multiparty Media 310, 320, and 820; and Virtual Machine VM devices allows remote attackers to cause a denial of service memory consumption or device reload via crafted HTTP requests that are not followed...

The vulnerability of the server operating system OS X Server, which allows a perpetrator to obtain confidential configuration information

The vulnerability of the Web Server component in the OS X Server operating system arises from an improper restriction on access to the .DSStore and .htaccess files. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain confidential configuration information through...

Amazon Linux AMI : tomcat6 (ALAS-2016-681)

A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application in a getResource, getResourceAsStream, or...

MOBOTIX Video Security Cameras - Cross-Site Request Forgery (Add Admin)

Add admin user Testingus: ---...

MOBOTIX Video Security Cameras - Cross-Site Request Forgery (Add Admin)

Exploit for hardware platform in category web applications !-- MOBOTIX Video Security Cameras CSRF Add Admin Exploit Vendor: MOBOTIX AG Product web page: https://www.mobotix.com Affected version: Model: D22M-Secure, HW: T2r1.1.AA, 520 MHz, 128 MByte RAM, SW: MX-V3.5.2.23.r3 Model: Q24M-Secure, HW...

MOBOTIX Video Security Cameras CSRF Add Admin Exploit

Summary MOBOTIX is a German System Manufacturer of Professional Video Management VMS and Smart IP Cameras. These cameras support all standard features of MOBOTIX IP cameras like automatic object detection, messaging via network and onboard or network recording. The dual lens thermal system suppor...

MOBOTIX Video Security Cameras Cross Site Request Forgery

Add admin user Testingus: ------------------------- fo...

Medium: tomcat7

Issue Overview: ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt...