Flexense HTTP Server 10.6.24 Buffer Overflow / Denial Of Service

Exploit Title: Flexense HTTP Server 10.6.24 - Buffer Overflow DoS Metasploit Date: 2018-03-09 Exploit Author: Ege Balci Vendor Homepage: https://www.flexense.com/downloads.html Version: 'Flexense HTTP Server Denial Of Service', 'Description' = %q This module triggers a Denial of Service...

Moderate: Red Hat Security Advisory: apr-util security update

An update for apr-util is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security...

Flexense HTTP Server 10.6.24 - Buffer Overflow Exploit

Exploit Title: Flexense HTTP Server 10.6.24 - Buffer Overflow DoS Metasploit Exploit Author: Ege Balci Vendor Homepage: https://www.flexense.com/downloads.html Version: 'Flexense HTTP Server Denial Of Service', 'Description' = %q This module triggers a Denial of Service vulnerability in the...

Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)

Exploit Title: Flexense HTTP Server 10.6.24 - Buffer Overflow DoS Metasploit Date: 2018-03-09 Exploit Author: Ege Balci Vendor Homepage: https://www.flexense.com/downloads.html Version: 'Flexense HTTP Server Denial Of Service', 'Description' = %q This module triggers a Denial of Service...

Security Bulletin: Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to HTTP request splitting attacks (CVE-2023-25690)

Summary Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to HTTP request splitting attacks. IBM has addressed the relevant vulnerability Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when...

CVE-2019-19791

In LemonLDAP::NG aka lemonldap-ng before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints when some LemonLDAP::NG setup options are used. For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive...

CVE-2019-19791

In LemonLDAP::NG aka lemonldap-ng before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints when some LemonLDAP::NG setup options are used. For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive...

Design/Logic Flaw

In LemonLDAP::NG aka lemonldap-ng before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints when some LemonLDAP::NG setup options are used. For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive...

CVE-2019-19791

In LemonLDAP::NG aka lemonldap-ng before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints when some LemonLDAP::NG setup options are used. For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive...

CVE-2019-19791

In LemonLDAP::NG aka lemonldap-ng before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints when some LemonLDAP::NG setup options are used. For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive...

CVE-2019-19791

In LemonLDAP::NG aka lemonldap-ng before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints when some LemonLDAP::NG setup options are used. For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive...

CVE-2019-19791

In LemonLDAP::NG aka lemonldap-ng before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints when some LemonLDAP::NG setup options are used. For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive...

httpd bug fix update

An update is available for httpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

rebindMultiA - Tool To Perform a Multiple A Record Rebind Attack

rebindMultiA is a tool to perform a Multiple A Record rebind attack. rebindmultia.com is a domain that I've set up to assist with these attacks. It makes every IP its own authoritative nameserver for the domain IP.ns.rebindmultia.com. For example, 13.33.33.37.ns.rebindmultia.com's authoritative...

Security Bulletin: IBM HTTP Server is vulnerable to information disclosure due to IBM GSKit (CVE-2023-32342)

Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to information disclosure due to IBM GSKit which is used for SSL connections. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2022-39161)

Summary IBM HTTP Server shipped with IBM WebSphere Application Server WAS is used by the IBM Rational ClearQuest server and web components. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security...

Exploit for HTTP Request Smuggling in Apache Http_Server

CVE 2023 25690 - Proof of Concept Published: 7 March 2023...

AlmaLinux 8 : curl (ALSA-2023:2963)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2963 advisory. - When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver...

HTTP Fetch, Windows x64 Reverse TCP Stager

Fetch and execute an x64 payload from an HTTP server. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/http/x64/peinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and s...

HTTP Fetch, Windows x64 Bind TCP Stager

Fetch and execute an x64 payload from an HTTP server. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/http/x64/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...