Fixed in Apache Tomcat 8.5.15

Important: Security Constraint Bypass CVE-2017-5664 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the...

Fixed in Apache Tomcat 9.0.0.M21

Important: Security Constraint Bypass CVE-2017-5664 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the...

WordPress: plugins.trac.wordpress.org likely vulnerable to Cross Site Tracing (xst), TRACE HTTP method should be disabled

Background A Cross-Site Tracing XST attack involves the use of Cross-site Scripting XSS and the TRACE HTTP method. According to RFC 2616, "TRACE allows the client to see what is being received at the other end of the request chain and use that data for testing or diagnostic information." XST coul...

IBM WebSphere Application Server 7.0.0.x < 7.0.0.35 Multiple Vulnerabilities

Binary data 700044.prm...

IBM WebSphere Application Server 8.0.0.x < 8.0.0.10 Multiple Vulnerabilities

Binary data 700045.prm...

Apache Struts Jakarta Multipart Parser OGNL Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts Jakarta Multipart Parser OGNL Injection', 'Description' = %q This module exploits a remote code execution...

Complain Management System SQL Injection

Title : Complain Management System SQL Injection Date: 20 January 2017 Exploit Author: Sibusiso Sishi [email protected] Tested on: Windows7 x32 Vendor: https://sourceforge.net/projects/complain-management-system/ Version: not supplied Download Software:...

Complain Management System - SQL injection Vulnerability

Exploit for php platform in category web applications Title : Complain Management System SQL Injection Date: 20 January 2017 Exploit Author: Sibusiso Sishi email protected Tested on: Windows7 x32 Vendor: https://sourceforge.net/projects/complain-management-system/ Version: not supplied Download...

Complain Management System - SQL injection

Title : Complain Management System SQL Injection Date: 20 January 2017 Exploit Author: Sibusiso Sishi [email protected] Tested on: Windows7 x32 Vendor: https://sourceforge.net/projects/complain-management-system/ Version: not supplied Download Software:...

OpenExpert 0.5.17 SQL Injection

Title : Openexpert 0.5.17 - Sql Injection Author: Nassim Asrir Author Company: Henceforth Tested on: Winxp sp3 - win7 Vendor: https://sourceforge.net/projects/law-expert/ Download Software: https://sourceforge.net/projects/law-expert/files/ About The Product : OpenExpert. Dual use Web based and...

Rumble Mail Server 0.51.3135 Cross Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit title: Rumble Mail Server v/0.51.3135 = Stored Cross Site Scripting Download Software: https://sourceforge.net/projects/rumble/?source=directory Author: Nassim Asrir Author Company: Henceforth Contact: email protected Tested On:...

PortSwigger Web Security: HTTP OPTION Method is Enabled on portswigger.net

Enabled OPTION method on web server allows unauthorized blind submission of privileged GET requests...

CVE-2016-6026

The Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST...

Information disclosure

The Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST...

Raptor Web Application Firewall

Raptor Web Application Firewall Raptor Web Application Firewall is a simple web application firewall made in C, using KISS principle , to make poll use select function, is not better than epoll or kqueue from BSD but is portable, the core of match engine using DFA to detect XSS, SQLi and path...

Cisco Web Security Appliance devices security mechanism bypass vulnerability

Cisco Web Security Appliance devices is a set of Web security appliances from the American company Cisco Cisco. The appliance provides SaaS-based access control, real-time web reporting and tracking, and development of security policies. A security mechanism bypass vulnerability exists in the Cis...

Design/Logic Flaw

The proxy engine on Cisco Web Security Appliance WSA devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848...

CVE-2016-1296

The proxy engine on Cisco Web Security Appliance WSA devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848...

Cisco Web Security Appliance Security Bypass Vulnerability

A vulnerability in the proxy engine of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass security restrictions. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CakePHP 3.2.0 CSRF Bypass

--------------------------------------------------------------- CakePHP document.forms0.submit - Solution: No official solution is curr...