Jetty HttpParser Error Remote Memory Disclosure

The remote instance of Jetty is affected by a remote memory disclosure vulnerability in the HttpParser module due to incorrect handling of illegal characters in header values. When an illegal character is encountered in an HTTP request, Jetty writes a response in a shared buffer that was used in ...

Amazon Fire TV YouTube Remote Control

This module acts as a simple remote control for the Amazon Fire TV's YouTube app. Tested on the Amazon Fire TV Stick. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Amazon Fire TV YouTube Remo...

Cisco Adaptive Security Appliance WebVPN Embedded Web Server Denial of Service Vulnerability

A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to force the ASA to stop accepting new SSL connections. The vulnerability is due to a memory leak in the WebVPN embedded web server. An attacker could exploit this...

CVE-2015-0619

Memory leak in the embedded web server in the WebVPN subsystem in Cisco Adaptive Security Appliance ASA Software allows remote attackers to cause a denial of service memory consumption and SSL outage via multiple crafted HTTP requests, aka Bug ID CSCue05458...

Command injection

The web framework on Cisco Unified IP 9900 phones with firmware 9.4.1 and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424...

Cisco Unified IP Phone 9900 Series Arbitrary File Upload Vulnerability

A vulnerability in the web framework of Cisco Unified IP Phone 9900 Series could allow an unauthenticated, remote attacker to upload arbitrary files to the phone. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafte...

CVE-2014-8839

Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL...

Ubuntu: Security Advisory (USN-2474-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service reboot via malformed HTTP requests...

CVE-2014-8478

The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service reboot via malformed HTTP requests...

Apache Traffic Server HTTP TRACE Request Remote DoS Vulnerability

Apache Traffic Server is prone to a remote denial of service DoS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ManageEngine Multiple Products File Attachment Directory Traversal (CVE-2014-5301)

A directory traversal vulnerability exists in ManageEngine ServiceDesk Plus, AssetExplorer, SupportCenter and IT360. The vulnerability is due to insufficient input validation of the "module" parameter sent in HTTP requests to the server. A remote authenticated attacker can upload or delete...

Ubuntu 14.04 LTS : curl vulnerability (USN-2474-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2474-1 advisory. Andrey Labunets discovered that curl incorrectly handled certain URLs when using a proxy server. If a user or automated system were tricked into using a specially...

ManageEngine Multiple Products WsDiscoveryServlet Directory Traversal (CVE-2014-5302)

A directory traversal vulnerability exists in ManageEngine ServiceDesk Plus, AssetExplorer and IT360. The vulnerability is due to lack of authentication and insufficient input validation on the "computerName" parameter sent in HTTP requests to the WsDiscoveryServlet. A remote unauthenticated...

CVE-2014-8027

The RBAC component in Cisco Secure Access Control System ACS allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034...

Design/Logic Flaw

The RBAC component in Cisco Secure Access Control System ACS allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034...

CVE-2014-8027

CVE-2014-8027 affects Cisco Secure Access Control System (ACS) RBAC, where improper privilege validation allows an authenticated, remote attacker to perform Create/Read/Update/Delete on Network Identity Groups via crafted HTTP requests, escalating to Network Device Administrator privileges. The i...

CVE-2014-8027

The RBAC component in Cisco Secure Access Control System ACS allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034...

Wifiphisher Wi-Fi Hacking Tool Automates Wi-Fi Phishing

A new Wi-Fi attack tool has been made available on GitHub that automates phishing attacks over WPA networks, putting credentials and other supposedly secret data at risk. The tool, called wifiphisher, jams Wi-Fi access points with deauthentication packets and then mimics the target access point...

ManageEngine NetFlow Analyzer And IT360 Multiple servlets Arbitrary File Download (CVE-2014-5445)

An arbitrary file download vulnerability exists in ManageEngine Netflow Analyzer and IT360. The vulnerability is due to lack of authentication and insufficient input validation of the schFilePath parameter sent to servlets in HTTP requests. A remote unauthenticated attacker can download arbitrary...