HTTPNetworkSniffer - Http Sniffer Utility

HTTPNetworkSniffer is a packet sniffer tool that captures all HTTP requests/responses sent between the Web browser and the Web server and displays them in a simple table. For every HTTP request, the following information is displayed: Host Name, HTTP method GET, POST, HEAD, URL Path, User Agent,...

CVE-2013-3046

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests...

Design/Logic Flaw

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests...

CVE-2013-3046

The CVE-2013-3046 entry concerns IBM Sametime Meeting Server (versions 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1) failing to send the HSTS Strict-Transport-Security header. The root cause is the absence of HSTS protection, which could allow MITM attackers to hijack sessions or obtain sensitive data...

CVE-2013-3046

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests...

User Cake - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/67604/info User Cake is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. An attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected...

User Cake - Cross-Site Request Forgery

User Cake - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/67604/info User Cake is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. An attacker can exploit this issue to perform unauthorized actions in the context of a...

Medium: tomcat6

Issue Overview: It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker...

CA Erwin Web Portal Multiple Directory Traversal Vulnerabilities (CVE-2014-2210)

Multiple directory traversal vulnerabilities have been reported in CA ERwin Web Portal. The vulnerabilities are due to lack of authentication and insufficient input validation in the FileAccessServiceProvider and ProfileIconServlet servlets when processing HTTP requests. By sending crafted HTTP...

TOA - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/67291/info TOA is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application...

TOA - Cross-Site Request Forgery

TOA - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/67291/info TOA is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the...

Synology DiskStation Manager SLICEUPLOAD Code Execution (CVE-2013-6955)

An arbitrary file upload vulnerability exists in Synology DiskStation Manager. The vulnerability exists in webman/imageSelector.cgi. A remote unauthenticated attacker can append data to files by sending specially crafted HTTP requests to the server and execute arbitrary code through that...

tomcat6 security update

CentOS Errata and Security Advisory CESA-2014:0429 Updated tomcat6 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

Moderate: Red Hat Security Advisory: tomcat6 security update

Updated tomcat6 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Sixnet Sixview 2.4.1 - Web Console Directory Traversal

Exploit Title: Sixnet sixview web console directory traversal Date: 2014-04-21 Exploit Author: daniel svartman Vendor Homepage: www.sixnet.com Software Link: Not available, hardware piece - appliance Version: 2.4.1 Tested on: Sixnet Sixview web console Linux based appliance CVE : 2014-2976 PoV,...

Design/Logic Flaw

Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service web-interface outage via crafted HTTP requests to port 1 4999 or 2 80...

CVE-2014-2733

Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service web-interface outage via crafted HTTP requests to port 1 4999 or 2 80...

CVE-2014-2286

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service stack consumption and possibly execute arbitrary code via an...

OTRS Help Desk Multiple Vulnerabilities

OTRS Help Desk is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:otrs:otrs"; if description...

MediaWiki < 1.19.14 / 1.21.8 / 1.22.5 ChangePassword XSRF

According to its version number, the instance of MediaWiki running on the remote host is affected by a cross-site request forgery vulnerability. A flaw exists with Special:ChangePassword within the includes/specials/SpecialChangePassword.php script where HTTP requests do not require explicit...