Input validation

A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper...

Session fixation

The session-manager service in Cisco StarOS 12.0, 12.2300, 14.0, and 14.0600 on ASR 5000 devices allows remote attackers to cause a denial of service service reload and packet loss via malformed HTTP packets, aka Bug ID CSCud14217...

CVE-2015-0712

The session-manager service in Cisco StarOS 12.0, 12.2300, 14.0, and 14.0600 on ASR 5000 devices allows remote attackers to cause a denial of service service reload and packet loss via malformed HTTP packets, aka Bug ID CSCud14217...

CVE-2015-0712

Cisco StarOS for ASR 5000 Series (12.0, 12.2(300), 14.0, 14.0(600)) uses a vulnerable session-manager service that can be remotely triggered to reload, causing DoS via malformed HTTP packets (Bug CSCud14217). Affected devices process HTTP at the session-manager, and the issue’s exploitation leads...

Cisco ASA Software SSL VPN Memory Blocks Exhaustion Vulnerability

A vulnerability in the SSL VPN feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause the exhaustion of available memory, which could lead to system instability and availability issues on the SSL VPN services. The vulnerability is due to improper implementation of...

CVE-2014-2590

The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service interface outage via crafted HTTP packets...

Code injection

Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service defect-mode transition via crafted HTTP packets...

CmsEasy injection vulnerability analysis-vulnerability warning-the black bar safety net

CmsEasy is a paragraph based on PHP+Mysql architecture of the web content management system, but also a PHP development platform. It uses a modular approach to development, functional and easy to use to facilitate the expansion, for medium to large sites provide heavyweight site construction...

Web application security vulnerability analysis and prevention（PHP article-the vulnerability warning-the black bar safety net

PHP is the current Internet environment in the most mainstream of dynamic website development script language, using PHP development of Web application security is also a hacker like the focus of attention. This article will by source code analysis a way to use PHP to write Web application securi...

CVE-2012-3017

Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote attackers to cause a denial of service defect-mode transition and service outage via 1 malformed HTTP traffic or 2 malformed IP packets...

Cisco Security Advisory: Cisco IOS Software IPS and Zone-Based Firewall Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software IPS and Zone-Based Firewall Vulnerabilities Advisory ID: cisco-sa-20110928-zbfw Revision 1.0 For Public Release 2011 September 28 1600 UTC GMT...

CVE-2011-1475

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for...

[DCA-2011-0007] Air Contacts Lite (iPhone / iPod App Denial Of Service)

Discussion - DcLabs Security Research Group advises about the following vulnerabilityies: Software - Air Contacts Lite By i-NOVATiON GmbH Vendor Product Description - Sharing contacts can't be easier. Wireless access to your iPhone contacts from your Mac or PC. This is the Lite Version of Air...

CVE-2010-2841

Unspecified vulnerability in Cisco Wireless LAN Controller WLC software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service device reload via crafted HTTP packets that trigger...

Design/Logic Flaw

Unspecified vulnerability in Cisco Wireless LAN Controller WLC software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service device reload via crafted HTTP packets that trigger...

CVE-2010-2823

Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine ACE 4710 appliance with software before A32.6 allows remote attackers to cause a denial of service device reload via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID...

Design/Logic Flaw

Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine ACE 4710 appliance with software before A32.6 allows remote attackers to cause a denial of service device reload via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID...

CVE-2007-0459

packet-tcp.c in the TCP dissector in Wireshark formerly Ethereal 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service application crash or hang via fragmented HTTP packets...