1620 matches found
Apache Struts 2 REST Plugin XStream Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 REST Plugin XStream RCE', 'Description' = %q Apache Struts versions 2.5 through 2.5.12 using the REST plugin are vulnerable to a...
Vulnerability in Async Http Client
Async Http Client aka AHC or async-http-client is a client library that allows a Java application to perform an HTTP request and process that HTTP response asynchronously. A security vulnerability exists in Async Http Client versions prior to 2.0.35. An attacker could exploit the vulnerability to...
CVE-2017-14063
Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...
CVE-2017-14063
Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...
CVE-2017-14063
Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...
CVE-2017-14063
Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...
Design/Logic Flaw
Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...
CVE-2017-14063
Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...
CVE-2017-14063
CVE-2017-14063 affects Async Http Client (async-http-client) prior to 2.0.35. The underlying issue allows an attacker to cause the client to connect to a host different from the one parsed from java.net.URI when a ? appears in a fragment. This vulnerability is corroborated by CNVD-2017-31118, whi...
CVE-2017-14063
Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...
Malicious Host Redirect
async-http-client is vulnerable to malicious host redirects. The library interprets the ? character in a URL as the beginning of a query or an ending of a path, allowing a malicious user to cause the application to connect to a malicious host...
CentOS 7 : libsoup (CESA-2017:2459)
An update for libsoup is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
CentOS 7 : python (CESA-2017:1868)
An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
HTTP Client Detected on Industrial Network
Binary data 700176.prm...
RedHat Update for libsoup RHSA-2017:2459-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-2885
A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially crafted HTTP request to a server using the libsoup HTTP server functionality or by...
RedHat Update for python RHSA-2017:1868-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : python (RHSA-2017:1868)
An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Moderate: Red Hat Security Advisory: python security and bug fix update
An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Easy Chat Server User Registeration Buffer Overflow (SEH)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Easy Chat Server User Registeration Buffer Overflow SEH', 'Description' = %q This module exploits a buffer overflow during user registration in Ea...