VulnCheck KEV: CVE-2014-0253

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service ASP.NET daemon hang via crafted HTTP requests that trigger persistent resource consumption for a 1 stale or...

CVE-2014-1699

Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service monitoring-service outage via malformed HTTP requests to port 4999...

Code injection

Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service monitoring-service outage via malformed HTTP requests to port 4999...

CVE-2014-1699

CVE-2014-1699 affects Siemens SIMATIC WinCC OA before version 3.12 P002 January. The vulnerability resides in the integrated Web server on port 4999/TCP and stems from improper input validation, allowing remote attackers to trigger a denial of service (monitoring-service outage) by sending malfor...

CVE-2014-1699

Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service monitoring-service outage via malformed HTTP requests to port 4999...

CVE-2014-1664

The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file...

Authentication flaw

The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file...

CVE-2014-1664

The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file...

[Netsparker v3.2] Web Application Security Scanner

Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker. It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting XSS, Remote Code Executi...

CVE-2013-0340

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...

Xxe

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...

Xxe

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...

CVE-2013-0340

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...

CVE-2013-0339

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...

CVE-2013-0340

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...

CVE-2013-0339

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...

MGASA-2014-0007 Updated nodejs package fixes security vulnerabilities

A denial of service flaw was found in the way Node.js handled pipelined HTTP requests. A remote attacker could use this flaw to send an excessive amount of HTTP requests over a network connection, causing Node.js to use an excessive amount of memory and possibly exit when all available memory is...

ProjectForge跨站请求伪造和跨站脚本漏洞

ProjectForge是一个基于Web的项目管理解决方案包括:工时表Timesheet、费用管理、项目甘特图,控制和管理工程分解结构。 1 某些未明输入在用于JSON自动完成响应前未能正确过滤，攻击者可以在用户访问恶意数据时，利用漏洞在用户浏览器会话上下文中注入任意HTML和脚本代码。 2程序允许用户不进行适当的有效性检查，通过HTTP请求执行某些操作。当登录的用户访问特制的网页时，攻击者可以执行某些未指定的操作。 0 ProjectForge 5.x ProjectForge 5.3版本以修复此漏洞，建议用户下载使用： http://www.projectforge.org/...

JForum adminUsers Module - Cross-Site Request Forgery

JForum adminUsers Module - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/64540/info JForum is prone to a cross-site request-forgery vulnerability because the application does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform...

JForum 'adminUsers' Module - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/64540/info JForum is prone to a cross-site request-forgery vulnerability because the application does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the...