[SECURITY] Fedora 22 Update: php-pecl-http-2.5.6-1.fc22

The HTTP extension aims to provide a convenient and powerful set of functionality for major applications. The HTTP extension eases handling of HTTP URLs, dates, redirects, headers and messages in a HTTP context both incoming and outgoing. It also provid es means for client negotiation of preferre...

Multiple CCTV-DVR Vendors - Remote Code Execution

!/usr/bin/python Blog post: http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html ''' Vendors List Ademco ATS Alarmes technolgy and ststems Area1Protection Avio Black Hawk Security Capture China security systems Cocktail Service Cpsecured CP PLUS Digital Eye'z no website...

AnonStress Denial Of Service Tool

AnonStress is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...

Xoops 2.5.7.2 - Directory Traversal Bypass

Exploit for php platform in category web applications + Credits: John Page aka hyp3rlinx Vendor: ============= xoops.org Product: ================ Xoops 2.5.7.2 Vulnerability Type: =========================== Directory Traversal Bypass Vulnerability Details: ===================== Xoops 2.5.7.2 ha...

XOOPS 2.5.7.2 - Directory Traversal Bypass

XOOPS 2.5.7.2 - Directory Traversal Bypass + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/XOOPS-DIRECTORY-TRAVERSAL.txt Vendor: ============= xoops.org Product: ================ Xoops 2.5.7.2 Vulnerability Type:...

Apache Tomcat Web Manager Scanning Attempt

Remote attackers can send HTTP requests as a method of scanning for Apache Tomcat servers, in order to later exploit vulnerabilities in these servers to compromise the server's security...

PHP Proxy Server Scanning Attempt

Remote attackers can send HTTP requests as a method of scanning for the existence of specific proxy servers with known vulnerabilities, in order to later exploit these vulnerabilities to compromise the server's security...

http-apache-server-status NSE Script

Attempts to retrieve the server-status page for Apache webservers that have modstatus enabled. If the server-status page exists and appears to be from modstatus the script will parse useful information such as the system uptime, Apache version and recent HTTP requests. References: Script Argument...

Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability

A vulnerability in the web-based administration interface of Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA could allow an unauthenticated, remote attacker to cause the device to become unresponsive and restart, creating a denial of service DoS condition. The...

MyBB < 1.6.17 Multiple Vulnerabilities

Binary data 9123.prm...

CVE-2016-0706

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended...

CVE-2016-0706

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended...

CVE-2016-0706

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended...

CVE-2016-0706

CVE-2016-0706 affects Apache Tomcat. Root cause: StatusManagerServlet not on RestrictedServlets.properties, enabling remote authenticated users to bypass SecurityManager and read arbitrary HTTP requests, potentially exposing session IDs. Affected versions include Tomcat 6.x before 6.0.45, 7.x bef...

Apache Tomcat Security Manager Bypass Vulnerability - 01 (Feb 2016) - Windows

Apache Tomcat is prone to a security manager bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"...

Imgur: SSRF and local file read in video to gif converter

Video to gif converter on http://imgur.com/vidgif uses Lavf/55.48.100 with network options enabled. It makes possible SSRF by uploading specially crafted playlist. For example we can use mp4 file http://yngwie.ru/1.mp4 EXTM3U EXT-X-MEDIA-SEQUENCE:0 EXTINF:10.0, http://yngwie.ru/2.mp4 EXT-X-ENDLIS...

dotDefender Firewall 5.00.12865/5.13-13282 - Cross-Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DOT-DEFENDER-CSRF.txt Vendor: ================== www.applicure.com Product: ===================== dotDefender Firewall Versions: 5.00.12865 / 5.13-13282 dotDefender is a Web application...

dotDefender Firewall 5.00.12865 / 5.13-13282 - Cross-Site Request Forgery

Exploit for php platform in category web applications + Credits: hyp3rlinx Vendor: ================== www.applicure.com Product: ===================== dotDefender Firewall Versions: 5.00.12865 / 5.13-13282 dotDefender is a Web application firewall WAF for preventing hacking attacks like XSS, SQL...

Apple CUPS Web Interface URL Handling Cross-Site Scripting - ver 2 (CVE-2014-2856; CVE-2015-1159)

A Cross-Site Scripting vulnerability exists in the Apple CUPS Web Interface. The vulnerability is due to insufficient input validation while handling HTTP requests. A remote attacker can exploit this vulnerability by enticing a user to click on a link containing script code in the URL...

Cisco Small Business 500 Series Switches Denial of Service Vulnerability

A vulnerability in the web-based GUI of the Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient handling of HTTP requests. An attacker...