58 matches found
CVE-2018-2944
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products subcomponent: Monitoring and Diagnostics. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwar...
CVE-2018-2729
Vulnerability in the Oracle Financial Services Funds Transfer Pricing component of Oracle Financial Services Applications subcomponent: User Interface. Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via...
CVE-2017-10058
Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware subcomponent: Analytics Web Administration. Supported versions that are affected are 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows high privileged attacker...
CVE-2016-8300
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications subcomponent: Product / Instrument Search. Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Difficult to exploit vulnerability allows low privileged attacker with network acce...
ALPINE-CVE-2016-8606
The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...
Nextcloud: Slow Http attack on nextcloud(DOS)
@drosera has reported a slow HTTP attack on nextcloud.com leading to DoS. We've meanwhile mitigated the issue. On request of the reporter, this issue is only disclosed limitedly...
Cisco FireSIGHT Management Center SSL HTTP Attack Detection Vulnerability
A vulnerability in HTTP attack detection within decrypted SSL traffic of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to bypass HTTP attack detection. The traffic is SSL and the application is configured to decrypt the SSL connection and detect HTTP-based...
CVE-2015-6427
Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437...
CVE-2015-6427
Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437...
Cisco FireSIGHT Management Center SSL HTTP Attack Detection Vulnerability
A vulnerability in HTTP attack detection within decrypted SSL traffic of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to bypass HTTP attack detection. The traffic is SSL and the application is configured to decrypt the SSL connection and detect HTTP-based...
Discuz! 多个版本HTTP host头攻击漏洞
简要描述: 怎么没人提交此类漏洞?那就让我先来吧! 详细说明: http://drops.wooyun.org/papers/1383 首先向James Kettle致敬 下面以Discuz! X3.2为例,作个演示 漏洞证明: 以http://bbs.locojoy.com/为例, 1.易得其ip为 115.29.162.113 2.向hosts添加条目 115.29.162.113 www.evil.com 3.访问http://www.evil.com 找回密码,输入攻击目标的email,提交 4.受害人收到email...
Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service Exploit
No description provided by source. !usr/bin/perl -w Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0478 http://www.securityfocus.com/bid/33604/discuss $$$$$This was strictly written for educational purpose. Use it at your own risk.$$$$$ $$$$$Author will not bare any...
More Sophisticated DDoS Attack a New Threat to Apache Servers
A once flawed DDoS attack targeting the world’s most widely used Web servers has improved its cryptography and attack capabilities to become a more serious threat. MP-DDoser, also known as “IP-Killer,” uses a relatively new low-bandwidth, “asymmetrical” HTTP attack to inflict a denial-of-service...
Squid Denial Of Service
!usr/bin/perl -w Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0478 http://www.securityfocus.com/bid/33604/discuss $$$$$This was strictly written for educational purpose. Use it at your own risk.$$$$$ $$$$$Author will not bare any responsibility for any damages...
Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack Advisory ID: cisco-sa-20060126-vpn http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml Revision 2.0 Last Updated 26 April 2006 1600 UTC GMT For Public...
Re: [VulnWatch] Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack
With respect to: http://archives.neohapsis.com/archives/vulnwatch/2006-q1/0036.html I'm the person who discovered this particular Cisco VPN vulnerability and divulged some details at the end of my talk at Shmoocon - not "Schmoocon" as the original advisory spells it. The exploit involves sending ...
[Full-disclosure] Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack Advisory ID: cisco-sa-20060126-vpn http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml Revision 1.0 For Public Release 2006 January 26 1700 UTC GMT...
CVE-2001-0669
Various Intrusion Detection Systems IDS including 1 Cisco Secure Intrusion Detection System, 2 Cisco Catalyst 6000 Intrusion Detection System Module, 3 Dragon Sensor 4.x, 4 Snort before 1.8.1, 5 ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and 6 ISS RealSecure Server Sensor 5.5 and 6...