CVE-2020-2216

A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password...

CVE-2020-2216

A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password...

Default credentials

A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password...

EulerOS Virtualization 3.0.6.0 : httpd (EulerOS-SA-2020-1749)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in April 2020. Vulnerability Details CVEID: CVE-2020-2805 DESCRIPTION: An unspecified vulnerability in Java S...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1692)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-1692)

According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handli...

httpd: mod_http2: read-after-free on a string compare

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update

Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 3 zip release for RHEL 6, RHEL 7 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update

Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of...

httpd: mod_http2: read-after-free on a string compare

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...

Mereo 1.9.4 Denial Of Service Exploit

!/usr/bin/python ''' Exploit Title: Mereo 1.9.4 - Remote HTTP Server Denial of Service Exploit Author: Saeed reza Zamanian Vendor Homepage: https://sourceforge.net/projects/mereo/ Software Link: https://sourceforge.net/projects/mereo/files/ Version: 1.9.4 Tested on: Windows 7 , Windows Vista...

RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 (RHSA-2020:2644)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2644 advisory. This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering. This...

Mereo 1.9.4 Denial Of Service

!/usr/bin/python ''' Exploit Title: Mereo 1.9.4 - Remote HTTP Server Denial of Service Date: 06-2020 Exploit Author: Saeed reza Zamanian Vendor Homepage: https://sourceforge.net/projects/mereo/ Software Link: https://sourceforge.net/projects/mereo/files/ Version: 1.9.4 Tested on: Windows 7 ,...

SUSE-SU-2020:1685-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: java-180-ibm was updated to Java 8.0 Service Refresh 6 Fix Pack 10 bsc1172277,bsc1169511,bsc1160968 - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2754:...

Cayin CMS NTP Server 11.0 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cayin CMS NTP Server RCE', 'Description' = %q This module exploits an authenticated RCE in Cayin CMS MSFLICENSE, 'Author' = 'h00die', msf module...

SUSE-SU-2020:14398-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: java-171-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 65 bsc1172277 and bsc1169511 - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2756: Improved...

EulerOS 2.0 SP2 : python (EulerOS-SA-2020-1646)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct...

EulerOS 2.0 SP2 : httpd (EulerOS-SA-2020-1650)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes...

Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server and IBM WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud

Summary There are multiple security vulnerabilities that affect the IBM WebSphere Application Server in the IBM Cloud. There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. There is a privilege escalation vulnerability in WebSphere Application Server. The...