CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

PT-2018-17099 · Open On Chip Debugger +1 · Openocd +1

Name of the Vulnerable Software and Affected Versions: Open On-Chip Debugger OpenOCD version 0.10.0 Description: The issue allows remote attackers to conduct cross-protocol scripting attacks and execute arbitrary commands via a crafted web site, by not blocking attempts to use HTTP POST for sendi...

CVE-2017-18014

An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page Control Center - Log Viewer - in the filter option "Web Server Protection" in the webadmin...

Cross site scripting

An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page Control Center - Log Viewer - in the filter option "Web Server Protection" in the webadmin...

CVE-2017-18014

An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page Control Center - Log Viewer - in the filter option "Web Server Protection" in the webadmin...

Input validation

The "XML Interface to Messaging, Scheduling, and Signaling" XIMSS protocol implementation in CommuniGate Pro CGP 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email...

CVE-2018-3815

The "XML Interface to Messaging, Scheduling, and Signaling" XIMSS protocol implementation in CommuniGate Pro CGP 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email...

CVE-2018-3815

CVE-2018-3815 concerns CommuniGate Pro (CGP) 6.2 where the XML Interface to Messaging, Scheduling, and Signaling (XIMSS) protocol lacks validation, enabling email spoofing. An authenticated attacker can send a message from any source address by issuing an HTTP POST to the /Session URI and interch...

CVE-2017-14855

Red Lion HMI panels allow remote attackers to cause a denial of service software exception via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42...

CVE-2017-14855

Red Lion HMI panels allow remote attackers to cause a denial of service software exception via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42...

CVE-2017-15524

The Application Firewall Pack AFP, aka Web Application Firewall component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request...

Security feature bypass

The Application Firewall Pack AFP, aka Web Application Firewall component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request...

CVE-2017-15524

The CVE-2017-15524 entry concerns Kemp Load Balancer’s Application Firewall Pack (AFP/WAF). A security feature bypass exists where HTTP POST data is not inspected, enabling bypass of the Web Application Firewall. Affected versions are Kemp AFP prior to 7.2.40.1; remediation is upgrading to 7.2.40...

CVE-2017-15524

The Application Firewall Pack AFP, aka Web Application Firewall component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request...

Kemp Load Balancer WAF 7.2.40 Bypass

ADVISORY SUMMARY Kemp Load Balancers - Module Application Firewall Pack AFP - Web Application Firewall WAF does not inspect HTTP POST data Risk: high Application: Kemp Load Balancers - Module Application Firewall Pack AFP Versions Affected: 7.1.30 Nov 2015 to 7.2.40 Oct 2017 // Older versions...

Kemp Load Balancer WAF 7.2.40 Bypass Vulnerability

Exploit for hardware platform in category web applications 1. ADVISORY SUMMARY Kemp Load Balancers - Module Application Firewall Pack AFP - Web Application Firewall WAF does not inspect HTTP POST data Risk: high Application: Kemp Load Balancers - Module Application Firewall Pack AFP Versions...

[SECURITY] Fedora 27 Update: curl-7.55.1-8.fc27

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

[SECURITY] Fedora 26 Update: curl-7.53.1-13.fc26

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...