110 matches found
CVE-2016-9562
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service null pointer exception and icman outage via an HTTPS request to the sap.comP4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835...
Null pointer dereference
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service null pointer exception and icman outage via an HTTPS request to the sap.comP4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835...
Trend Micro Control Manager task_controller Information Disclosure
An information disclosure vulnerability has been reported in Trend Micro Control Manager. The vulnerability is due to lack of validation of the 'url' parameter in the request for taskcontrol.php. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted HT...
CVE-2014-8950
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the 1 URL Filtering or 2 Identity Awareness blade is used, allows remote attackers to cause a denial of service crash via vectors involving an HTTPS request...
Cross site request forgery (csrf)
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the 1 URL Filtering or 2 Identity Awareness blade is used, allows remote attackers to cause a denial of service crash via vectors involving an HTTPS request...
CVE-2014-8950
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the 1 URL Filtering or 2 Identity Awareness blade is used, allows remote attackers to cause a denial of service crash via vectors involving an HTTPS request...
CVE-2014-8950
The CVE-2014-8950 entry concerns Check Point Security Gateway versions R77 and R77.10. The vulnerability affects the URL Filtering and Identity Awareness blades, where an HTTPS request can trigger a denial-of-service (crash). The available documents confirm the affected product and blades, and th...
Cross site request forgery (csrf)
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request...
CVE-2014-2356 Innominate mGuard Exposure of Sensitive Information to an Unauthorized Actor
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request...
McAfee ePolicy Orchestrator Remote Code Execution (CVE-2013-0140; CVE-2013-0141)
A remote code execution vulnerability has been reported in McAfee ePolicy Orchestrator ePO. The vulnerability is due to an error in the ePO server that fails to properly sanitize user supplied data. A remote attacker can exploit this weakness to execute arbitrary code via a specially crafted http...
PineApp MailSecure Command Execution
Hi, related this: http://seclists.org/fulldisclosure/2013/Nov/136 In February 2013 I send Pineapp the following information: ----------------------------------------------------------------- It is possible execute any command bash as qmailq unprivilege user, sending only the following https...
Cross site request forgery (csrf)
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted 1 HTTP or 2 HTTPS request, aka Bug ID CSCub38379...
Symantec Endpoint Protection code execution
Multiple security vulnerabilities on TCP/8433 https request parsing...
CVE-2012-0147
Microsoft Forefront Unified Access Gateway UAG 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."...
CVE-2010-0596
Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain...
Authentication flaw
The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a 1 http or ...
Design/Logic Flaw
Unspecified vulnerability on the Cisco Wireless LAN Controller WLC platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules WiSM, WLC Modules for Integrated Services Routers,...
CVE-2009-1166
The administrative web interface on the Cisco Wireless LAN Controller WLC platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules WiSM, WLC Modules for Integrated Services...
CVE-2009-1167
Unspecified vulnerability on the Cisco Wireless LAN Controller WLC platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules WiSM, WLC Modules for Integrated Services Routers,...
Cross site request forgery (csrf)
The embedded web server on the Cisco Video Surveillance 2500 Series IP Camera with firmware before 2.1 allows remote attackers to read arbitrary files via a 1 http or 2 https request, related to the a SD Camera Web Server and the b Wireless Camera HTTP Server, aka Bug IDs CSCsu05515 and CSCsr9649...