CVE-2011-5078

The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD 3 and 7.0 before ESD 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP...

Default credentials

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 aka TIA portal; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account...

CVE-2011-4509

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 aka TIA portal; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account...

CodeMeter < 4.30.498.504 Virtual Directory Traversal Arbitrary File Access

According to its self-reported version, the CodeMeter WebAdmin server running on the remote host is prior to 4.30d 4.30.498.504. It is, therefore, affected by a directory traversal vulnerability due to a failure to properly sanitize HTTP requests for files in virtual directories. An...

Multiple vulnerabilities in 11in1

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in 11in1, which can be exploited to perform Local File Inclusion and Сross-Site Request Forgery CSRF attacks. 1 Local File Inclusion in 11in1: CVE-2012-0996 Input passed via the "class" GET parameter to index.php an...

Splunk Search Jobs Remote Code Execution

Added: 01/13/2012 CVE: CVE-2011-4642 BID: 51061 OSVDB: 77695 Background Splunk collects, indexes and harnesses the massive volumes of valuable machine data generated by your complex IT infrastructure, whether physical, virtual or in the cloud. Problem Splunk allows users to perform search actions...

Splunk Search Jobs Remote Code Execution

Added: 01/13/2012 CVE: CVE-2011-4642 BID: 51061 OSVDB: 77695 Background Splunk collects, indexes and harnesses the massive volumes of valuable machine data generated by your complex IT infrastructure, whether physical, virtual or in the cloud. Problem Splunk allows users to perform search actions...

Fedora 16 : ruby-1.8.7.357-1.fc16 (2011-17542)

A security flaw was found on the previous ruby that with some series of strings which was specially crafted to intentionally collide their hash values with each other, rails applications may fall into denial of services when such strings are used in HTTP requests CVE-2011-4815. This new ruby will...

CSRF (Cross-Site Request Forgery) in DClassifieds

High-Tech Bridge SA Security Research Lab has discovered vulnerability in DClassifieds, which can be exploited to perform Сross-Site Request Forgery CSRF attacks. 1 Cross-site request forgery CSRF in DClassifieds: CVE-2012-0990 The application allows authorized users to perform certain actions vi...

CVE-2009-5110

dhttpd allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...

CVE-2009-5111

GoAhead WebServer allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...

CVE-2009-5110

dhttpd allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...

CVE-2007-6750

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the modreqtimeout module in versions before 2.2.15...

Design/Logic Flaw

GoAhead WebServer allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...

CVE-2009-5111

GoAhead WebServer allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...

CVE-2009-5111

Affected product: GoAhead WebServer. Vulnerability arises from handling of partial HTTP requests, enabling remote attackers to cause a denial of service (daemon outage) as demonstrated by Slowloris. Exploitation details and practical impact are stated; no patch/version or remediation is provided ...

CVE-2009-5110

dhttpd allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...

CVE-2011-5009

The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service NULL pointer dereference via 1 a crafted Content-Length in an HTTP POST or 2 an invalid HTTP request method...

Null pointer dereference

The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service NULL pointer dereference via 1 a crafted Content-Length in an HTTP POST or 2 an invalid HTTP request method...

Novell GroupWise Internet Agent HTTP Interface Stack Buffer Overflow (CVE-2011-0334)

A remote code execution vulnerability has been reported in Novell GroupWise Internet Agent GWIA. The vulnerability is due to insufficient bounds validation while parsing GET or POST Request-URIs from HTTP requests. A remote attacker could exploit this vulnerability by sending a specially crafted...