Design/Logic Flaw

Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 allows remote attackers to cause a denial of service memory consumption and dropped connections via a recursive href in an HTML page, which triggers a large number of HTTP RW pipeline pre-fetch requests...

ymlp.com validated-email grabber from online newsletter company

Obtains email addresses from subscribers to mailinglists of clients of ymlp.com. This is 73 lines of proof-of-concept-Java 7 source code 1 file that does 10 http requests to ymlp.com to obtain one email-address. The emailaddress is printed to stdout along with logging information. This is repeate...

Amazon Linux AMI : httpd24 (ALAS-2013-194)

Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the...

Amazon Linux AMI : httpd (ALAS-2013-193)

Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the...

[CookieCatcher] Session Hijacking Tool

CookieCatcher is an open source application which was created to assist in the exploitation of XSS Cross Site Scripting vulnerabilities within web applications to steal user session IDs aka Session Hijacking. The use of this application is purely educational and should not be used without proper...

AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities

Multiple vulnerabilities have been found in AVTECH AVN801 DVR and potentially other devices sharing the affected firmware that could allow a remote attacker to exploit multiple buffer overflows resulting in arbitrary code execution or bypass CAPTCHA functionality for logging into the administrati...

DeWeS 0.4.2 - Directory Traversal Vulnerability

Exploit for windows platform in category web applications High-Tech Bridge Security Research Lab discovered path traversal vulnerability in DeWeS web server that is supplied in package with Twilight CMS Windows version, which can be exploited to read arbitrary files on vulnerable system. 1 Path...

Twilight CMS DeWeS Web Server <= 0.4.2 Directory Traversal Vulnerability - Active Check

Twilight CMS with DeWeS Web Server is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Xxe

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

CVE-2013-4701

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

CVE-2013-4701

The CVE-2013-4701 issue affects the PHP OpenID Library up to version 2.2.2 and earlier, where Auth/Yadis/XML.php processes XRDS data containing an external entity declaration. This XXE flaw enables a remote attacker to read arbitrary files, make HTTP requests to internal/intranet hosts, or trigge...

[The Burp SessionAuth] Extension for Detection of Possible Privilege escalation vulnerabilities

Normally a web application should identify a logged in user by data which is stored on the server side in some kind of session storage. However, in web application audits someone can often observe that internal user identifiers are transmitted in HTTP requests as parameters or cookies. Applicatio...

OpenNetAdmin 'ona.log' File Remote PHP Code Execution Vulnerability

OpenNetAdmin is prone to a remote PHP code-execution vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

CORE-2013-0708 - Hikvision IP Cameras Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Hikvision IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: Hikvision IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0708 Advisory URL:...

CVE-2013-2796

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an...

Xxe

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an...

CVE-2013-2796

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an...

FluxBB 1.5.3 Multiple Remote Vulnerabilities

No description provided by source. !-- FluxBB 1.5.3 Multiple Remote Vulnerabilities Vendor: FluxBB Product web page: http://www.fluxbb.org Affected version: 1.5.3 Summary: FluxBB is fast, light, user-friendly forum software for your website. Desc: FluxBB suffers from a cross-site scripting,...

FluxBB 1.5.3 XSS / CSRF / URL Redirection

...

FluxBB 1.5.3 - Multiple Vulnerabilities

Exploit for php platform in category web applications !-- FluxBB 1.5.3 Multiple Remote Vulnerabilities Vendor: FluxBB Product web page: http://www.fluxbb.org Affected version: 1.5.3 Summary: FluxBB is fast, light, user-friendly forum software for your website. Desc: FluxBB suffers from a cross-si...