[SECURITY] Fedora 17 Update: perl-CGI-3.52-218.fc17

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...

[SECURITY] Fedora 18 Update: perl-CGI-3.59-235.fc18

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...

CVE-2012-5568

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...

Design/Logic Flaw

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...

CVE-2012-5568

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...

CVE-2012-5568

CVE-2012-5568 affects Apache Tomcat 7.0.x and enables a remote-denial-of-service via Slowloris-style partial HTTP requests. The vulnerability allows an attacker to keep connections open and exhaust resources, with a CVSS v2 base score of 5.0 in the initial metric (note: other sources list base sc...

CVE-2012-5568

Removed by vendor...

[SECURITY] Fedora 17 Update: perl-CGI-3.51-7.fc17

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...

[SECURITY] Fedora 18 Update: perl-CGI-3.51-10.fc18

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...

[Cookie Cadger] v.0.9

An auditing tool for Wi-Fi or wired Ethernet connections Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests. Cookie Cadger works on Windows, Linux, or Mac, and requires Java 7. Using Cookie Cadger requires having “tshark” – a utility which i...

[Burp Suite] Free Edition v1.5

Burp Suite helps you secure your web applications by finding the vulnerabilities they contain. Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking ...

ManageEngine DeviceExpert 5.6 ScheduleResultViewer FileName Traversal

This module exploits a directory traversal vulnerability found in ManageEngine DeviceExpert's ScheduleResultViewer Servlet. This is done by using "..\..\..\..\..\..\..\..\..\.." in the path in order to retrieve a file on a vulnerable machine. Please note that the SSL option is required in...

TVMOBiLi Media Server Multiple Remote DoS Vulnerabilities

High-Tech Bridge Security Research Lab has discovered 2 remote DoS vulnerabilities in TVMOBiLi Media server, which could be exploited to crash remote server with malicious HTTP requests. 1 Improper Handling of Length Parameter Inconsistency in TVMOBiLi: CVE-2012-5451 1.1 The vulnerability exists...

Beacon : A new advance payload for Cobalt Strike

Raphael Mudge Creator of Cobalt Strike announced Another Advance Payload for Cobalt Strike called "Beacon". In a conversation with The Hacker News Raphael said "A big gap in the penetration tester's toolbox are covert command and control options, especially for long engagements. Beacon is a new...

SAP NetWeaver J2EE Engine - Partial HTTP requests DoS

Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1986725 Author: Igor Ilyin, Alexey...

SAP NetWeaver Management Console (gSOAP) - Partial HTTP requests DoS

Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1986725 Author: Igor Ilyin, Alexey...

WordPress Sexy Add Template Plugin - Cross Site Request Forgery

Sexy Add Template plugin is prone to a cross-site request forgery vulnerability because the application fails to properly validate HTTP requests. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's...

WordPress Core 3.4.2 - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/55660/info WordPress is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user...

WordPress 3.4.2 - Cross-Site Request Forgery

WordPress 3.4.2 - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/55660/info WordPress is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain...

WordPress Plugin Sexy Add Template - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/55666/info The Sexy Add Template plugin for WordPress is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain actions in...