TP-Link C2 and C20i Command Injection Vulnerability

TP-Link is a Chinese manufacturer of network equipment such as routers and IOT devices. A command injection vulnerability exists in the http management interface of the TP-Link C2 and C20i. An attacker can exploit this vulnerability to inject arbitrary shell commands and gain root privileges...

CVE-2016-6461

A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected Releases: 9.16.10. Known Fixed Releases:...

PT-2016-6933 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA version 9.16.10 Description: A vulnerability in the HTTP web-based management interface could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system...

Sonatype Nexus Repository Manager Java Object Deserialization RCE

The Sonatype Nexus Repository Manager server application running on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit...

Red Hat JBoss Operations Network Java Object Deserialization RCE

The remote Red Hat JBoss Operations Network server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Jython library. An unauthenticated, remote attacker can exploit this, by sending specially crafted Java objects to the HTT...

VLC Media Player < 2.2.2 Multiple Vulnerabilities

Binary data 9267.prm...

Apple Fixed Cookie Theft Bug in iOS 9.2.1

When Apple pushed out iOS 9.2.1 earlier this week, it fixed a nasty bug that lingered in the wild for nearly three years and could have let an attacker steal cookies and impersonate victims. The problem stems from the little windows that pop up when you connect to a public WiFi network according ...

VideoLAN VLC Media Player Web Interface 2.2.1 - Metadata Title Cross-Site Scripting

Andrea Sindoni - @invictus1306 XSS vulnerability via metadata 1. Introduction Affected Product: VLC 2.2.1 / WEB INTERFACE Vulnerability Type: XSS 2. Vulnerability Description XSS vulnerability via metadata title 3. Proof of Concept 3.1 Launch: vlc.exe --http-host=127.0.0.1 --http-port=8080...

CVE-2015-4555

Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified...

4 TOTOLINK Router Models - CSRF and XSS Vulnerabilities

4 TOTOLINK router models suffer from cross site request forgery and cross site scripting vulnerabilities. Advisory Information Title: 4 TOTOLINK router models vulnerable to CSRF and XSS attacks Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x01.txt Blog URL:...

Security update for xen (important)

Xen was updated to 4.4.2 to fix multiple vulnerabilities and non-security bugs. The following vulnerabilities were fixed: CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu XSA-128 boo931625 CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests XSA-129...

SUSE SLED12 / SLES12 Security Update : Xen (SUSE-SU-2015:0613-1)

The XEN hypervisor received updates to fix various security issues and bugs. The following security issues were fixed : - CVE-2015-2151: XSA-123: A hypervisor memory corruption due to x86 emulator flaw. - CVE-2015-2045: XSA-122: Information leak through version information hypercall. -...

Cayman 3220-H DSL Router 1.0/GatorSurf 5.3 DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1219/info Large usernames or passwords sent to the router's HTTP interface restart the router. Router log will show restart not in response to admin command Open the router interface with your browser. Username:...

Majordomo2 - Directory Traversal (SMTP/HTTP)

No description provided by source. Original Advisory: https://sitewat.ch/en/Advisory/View/1 Credit: Michael Brooks https://sitewat.ch Vulnerability: Directory Traversal Software: Majordomo2 Identifier:CVE-2011-0049 Vendor: http://www.mj2.org/ Affected Build: 20110121 and prior Google...

Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Webshell

No description provided by source. Title: Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell. Vulnerability Information: - CVE: CVE-2014-1982 - Type of Vulnerability: - CWE-78 : OS Command Injection - CWE-306 : Missing Authentication for Critical Functio...

alt-n worldclient standard 2.1 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1462/info The HTTP interface for WorldClient 2.1 is vulnerable to a directory traversal. By requesting a URL composed of the filename and ..\ it is possible for a remote user to retrieve and dowload any file of known...

openSUSE Security Update : vlc (openSUSE-SU-2014:0315-1)

VLC was updated to version 2.1.3 bnc864422 : + Core : - Fix broken behaviour with SOCKSv5 proxies - Fix integer overflow on error when using vlcreaddir + Access : - Fix DVB-T2 tuning on Linux. - Fix encrypted DVD playback. - Fix v4l2 frequency conversion. + Decoders : - Fix numerous issues M2TS,...

Cisco IOS Server HTTP Interface Cross Site Scripting - Ver2 (CVE-2005-3921)

A cross-site scripting vulnerability has been reported in Cisco Ios. An attacker could exploit this vulnerability an HTTP interface to the contents of memory buffers. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell

Title: Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell. Vulnerability Information: - CVE: CVE-2014-1982 - Type of Vulnerability: - CWE-78 : OS Command Injection - CWE-306 : Missing Authentication for Critical Function Affected products: - Allied Teles...

Allied Telesis AT-RG634A Unauthenticated Webshell

Title: Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell. Vulnerability Information: - CVE: CVE-2014-1982 - Type of Vulnerability: - CWE-78 : OS Command Injection - CWE-306 : Missing Authentication for Critical Function Affected products: - Allied Teles...