FluxBB 1.5.3 - Multiple Vulnerabilities

FluxBB 1.5.3 - Multiple Vulnerabilities !-- FluxBB 1.5.3 Multiple Remote Vulnerabilities Vendor: FluxBB Product web page: http://www.fluxbb.org Affected version: 1.5.3 Summary: FluxBB is fast, light, user-friendly forum software for your website. Desc: FluxBB suffers from a cross-site scripting,...

FluxBB 1.5.3 - Multiple Vulnerabilities

!-- FluxBB 1.5.3 Multiple Remote Vulnerabilities Vendor: FluxBB Product web page: http://www.fluxbb.org Affected version: 1.5.3 Summary: FluxBB is fast, light, user-friendly forum software for your website. Desc: FluxBB suffers from a cross-site scripting, cross-site request forgery and URL...

Mandriva Linux Security Advisory : squid (MDVSA-2013:199)

Multiple vulnerabilities has been discovered and corrected in squid : Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger...

Windu CMS 2.2 Cross Site Request Forgery Vulnerability

Windu CMS version 2.2 suffers from a cross site request forgery vulnerability. Windu CMS 2.2 CSRF Add Admin Exploit form method="POST" action="http://localhost/winducms/a...

Cisco Unified MeetingPlace Web Conferencing Authorization Bypass Vulnerability

A vulnerability in the web framework of Cisco Unified MeetingPlace Web Conferencing Server could allow an unauthenticated, remote attacker to bypass certain access-control settings which may lead to the disclosure of information due to the attacker accessing restricted pages. The vulnerability is...

Updated squid packages fix security vulnerabilities

Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid...

MGASA-2013-0228 Updated squid packages fix security vulnerabilities

Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid...

Updated squid packages fix security vulnerability

Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid...

FreeBSD : squid -- denial of service (30a04ab4-ed7b-11e2-8643-8c705af55518)

Squid project reports : Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted HTTP requests This problem allows any client who can generate HTTP requests to perform a denial of service attack on the Squid service. %NASLMINLEVEL 70300 ...

Cisco Unified Communications Domain Manager Memory Exhaustion Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager could allow an authenticated, remote attacker to exhaust available memory and crash several critical processes. The vulnerability is due to improper memory allocation when the affected system receives crafted HTTP...

squid -- denial of service

Squid project reports: Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted HTTP requests This problem allows any client who can generate HTTP requests to perform a denial of service attack on the Squid service...

CVE-2013-4685

Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 8491...

Buffer overflow

Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 8491...

CVE-2013-4685

Juniper Junos OS contains a buffer overflow in flowd when processing HTTP messages (CVE-2013-4685). Affected are SRX devices with Captive Portal and UAC enforcer role across listed revisions: 10.4 before 10.4S14; 11.4 before 11.4R7; 12.1 before 12.1R6; and 12.1X44 before 12.1X44-D15. The vulnerab...

CVE-2013-4685

Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 8491...

Zoom X4/X5 ADSL Modem and Router -Unauthenticated Remote Root Command Execution

Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Note: A similar vulnerability was reported several years ag...

activemq: Unauthenticated access to web console

The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests...

CVE-2013-2199

The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery SSRF issue, a similar vulnerability to CVE-2013-0235...

CVE-2013-0235

The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery SSRF issue...

CVE-2013-2199

The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery SSRF issue, a similar vulnerability to CVE-2013-0235...