ManageEngine NetFlow Analyzer And IT360 DisplayChartPDF Directory Traversal (CVE-2014-5446)

A directory traversal vulnerability exists in ManageEngine Netflow Analyzer and IT360. The vulnerability is due to lack of authentication and insufficient input validation on the filename parameter sent to the DisplayChartPDF servlet in HTTP requests. A remote unauthenticated attacker can downloa...

CVE-2014-3629: Apache Qpid's qpidd can be induced to make http requests

Apache Software Foundation - Security Advisory Apache Qpid's qpidd can be induced to make http requests CVE-2014-3629 CVS: 3 Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Qpid's qpidd up to and including version 0.30, where xml exchange module is loaded Descriptio...

MGASA-2014-0493 Updated wordpress package fixes security vulnerabilities

XSS in wptexturize via comments or posts, exploitable for unauthenticated users CVE-2014-9031. XSS in media playlists CVE-2014-9032. CSRF in the password reset process CVE-2014-9033. Denial of service for giant passwords. The phpass library by Solar Designer was used in both projects without...

Snowfox CMS 1.0 Cross Site Request Forgery

input type="hidden" name="userGroups...

CVE-2014-2681

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

CVE-2014-2681

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

CVE-2014-2681

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

Apache HTTPD mod_proxy_ajp Denial Of Service (CVE-2011-3348)

A denial of service vulnerability has been identified in Apache httpd. The vulnerability is due to an error while processing crafted HTTP requests by modproxyajp when used with modproxybalancer. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP...

CVE-2014-8652

Elipse E3 3.x and earlier allows remote attackers to cause a denial of service application crash and plant outage via a rapid series of HTTP requests to index.html on TCP port 1681...

Code injection

Elipse E3 3.x and earlier allows remote attackers to cause a denial of service application crash and plant outage via a rapid series of HTTP requests to index.html on TCP port 1681...

CVE-2014-8652

Elipse E3 3.x and earlier allows remote attackers to cause a denial of service application crash and plant outage via a rapid series of HTTP requests to index.html on TCP port 1681...

CVE-2014-8652

Elipse E3 3.x and earlier is affected by CVE-2014-8652. The issue allows remote attackers to cause a denial of service (application crash and plant outage) by sending a rapid series of HTTP requests to index.html on TCP port 1681. The Exploit/Malware entries corroborate a Windows-based PoC/DoS te...

CVE-2014-2177

The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126...

CVE-2014-8474

CA Cloud Service Management CSM before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity reference...

Xxe

CA Cloud Service Management CSM before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity reference...

CVE-2014-8474

CA Cloud Service Management CSM before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity reference...

NAT-PMP Security Vulnerability Affects 1.2M Routers

Vulnerabilities in embedded devices, in particular small office and home office routers, have been relentless. Another serious issue was discovered this week that affects more than 1.2 million such devices due to improper NAT-PMP protocol implementations, most of which run counter to the...

Hastymail2 call_user_func_array() Command Injection (CVE-2011-4542)

A command injection vulnerability exists in Hastymail 2.1.1. The vulnerability is due to improper sanitization of special elements used in a request to the server. Remote attacker can exploit this vulnerability by sending malicious HTTP requests to the target server...

ManageEngine Multiple Products multipartRequest Directory Traversal (CVE-2014-6036)

A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation on parameters sent to "/servlets/multipartRequest" in HTTP requests. A remote unauthenticated attacker can delete...

[SECURITY] [DLA 58-2] apt regression fix

Package : apt Version : 0.8.10.3+squeeze6 CVE ID : CVE-2014-6273 This update fixes a regression introduced in 0.8.10.3+squeeze5 where apt would send invalid HTTP requests when sending If-Range queries. Thanks to Steven McDonald who reported1 the regression and to Michael Vogt for having uploaded ...