EMC CMCNE FileUploadController Information Disclosure (CVE-2014-2276)

An information disclosure vulnerability has been reported in EMC Connectrix Manager Converged Network Edition. The vulnerability is due to insufficient input validation in the FileUploadController servlet when processing certain HTTP requests. A remote unauthenticated attacker can exploit this...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.2 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.2 and fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact...

HULK Denial of Service Tool

Hulk is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...

Anonymous DoSer Denial of Service Tool

Anonymous DoSer is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...

CVE-2014-2112

The SSL VPN aka WebVPN feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service memory consumption via crafted HTTP requests, aka Bug ID CSCuf51357...

Code injection

The SSL VPN aka WebVPN feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service memory consumption via crafted HTTP requests, aka Bug ID CSCuf51357...

GoldenEye Denial of Service Tool

GoldenEye is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...

Cisco IOS Software SSL VPN Denial of Service Vulnerability

A vulnerability in the Secure Sockets Layer SSL VPN subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a failure to process certain types of HTTP requests. To exploit the vulnerability, an attacke...

innoEDIT 6.2 RCE Vulnerability - Active Check

innoEDIT is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

WordPress Pingback Distributed Denial of Service

The XMLRPC Pingback function in WordPress can be used to force WordPress servers into sending HTTP requests to other servers. Remote attackers can leverage this function to conduct DDoS attacks by sending specially crafted HTTP requests to legitimate WordPress servers...

Updated lighttpd package fixes security vulnerabilities

SQL injection vulnerability in lighttpd before 1.4.35 when modmysqlvhost is in use, due to insufficient validation of hostnames in HTTP requests CVE-2014-2323. Possible path traversal vulnerabilities in lighttpd before 1.4.35 when either modevhost or modsimplevhost are in use, due to insufficient...

osCMax 2.5 - Cross-Site Request Forgery

osCMax 2.5 - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/66272/info osCmax is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions...

osCMax 2.5 - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/66272/info osCmax is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks...

Cisco Prime Data Center Network Manager DownloadServlet Information Disclosure (CVE-2013-5487)

An information disclosure vulnerability exists in Cisco Prime Data Center Network Manager. The vulnerability is due to lack of authentication and insufficient input validation in DownloadServlet when processing HTTP requests. A remote unauthenticated attacker can download arbitrary files from...

Symantec Endpoint Protection Manager XML External Entity Denial Of Service (CVE-2013-5014)

A XML external entity XXE vulnerability exists in Symantec Endpoint Protection Manager SEPM. This is due to an incorrectly configured XML parser in the management console that readily processes XML external entities. A remote unauthenticated attacker may exploit this vulnerability via specially...

SEC Consult SA-20140228-1 :: Authentication bypass (SSRF) and local file disclosure in Plex Media Server

SEC Consult Vulnerability Lab Security Advisory 20140228-1 ======================================================================= title: Authentication bypass SSRF and local file disclosure product: Plex Media Server vulnerable version: =0.9.9.2.374-aa23a69 fixed version: =0.9.9.3 impact: Critic...

Design/Logic Flaw

core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information vi...

Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities

Summary This is a light weight CRM which simplifies process of managing staff, client and projects. Description Multiple stored XSS and CSRF vulnerabilities exist when parsing user input to several POST parameters. The application allows users to perform certain actions via HTTP requests without...

NetGear DGN2200 N300 Wireless Router Multiple Vulnerabilities

This host has NetGear DGN2200 N300 Wireless Router and is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2014-0253

CVE-2014-0253 affects multiple .NET Framework versions (1.1 SP1, 2.0 SP2, 3.5/3.5.1, 4, 4.5, 4.5.1). The issue is improper handling of TCP connection states, allowing a remote attacker to cause a denial of service by sending crafted HTTP requests that trigger persistent resource consumption, resu...