Amazon Linux AMI : wget (ALAS-2017-916)

Heap-based buffer overflow in HTTP protocol handling A heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary...

Debian: Security Advisory (DSA-4008-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability(CVE-2016-2377)

DESCRIPTION A buffer vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out of bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering t...

Tiny HTTPd 0.1.0 - Directory Traversal Vulnerability

Exploit for linux platform in category remote exploits ====================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: Tiny HTTPd 0.1.0 Local File Traversal Date: 26-09-2017 Website: www.touhidshaikh.com Vulnerable Software: Ti...

WordPress Responsive Image Gallery 1.1.8 SQL Injection Vulnerability

WordPress Responsive Image Gallery plugin version 1.1.8 suffers from a remote SQL injection vulnerability. ============================================= - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2017-14125 ===========================================...

HTTP Protocol Detected on Industrial Network

Binary data 700177.prm...

Design/Logic Flaw

A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco...

CVE-2017-6784

The CVE-2017-6784 issue affects Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers. The vulnerability arises in the web interface where sensitive data can be exposed in HTTP responses due to Cisco WebEx Meetings not adequately protecting data when replying to web requests. An unauthentic...

Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers Information Disclosure Vulnerability

A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco...

Theo CMS 2.0 SQL Injection

============================================= MGC ALERT 2017-004 - Original release date: July 11, 2017 - Last revised: August 12, 2017 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score ============================================= I. VULNERABILITY...

Oracle Linux 7 : curl (ELSA-2017-2016)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-2016 advisory. 7.29.0-42 - fix use of uninitialized variable detected by Covscan 7.29.0-41 - make FTPS work with --proxytunnel 1420327 7.29.0-40 - make FTPS work with...

CVE-2017-10224

Vulnerability in the Oracle Hospitality Inventory Management component of Oracle Hospitality Applications subcomponent: Inventory and Count Cycle. Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP...

Amazon Linux AMI : httpd24 (ALAS-2017-863)

apfindtoken buffer overread : A buffer over-read flaw was found in the httpd's apfindtoken function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. CVE-2017-7668 Apache HTTP Request Parsing Whitespace Defects : It was discovered...

USN-3373-1: Apache HTTP Server vulnerabilities

Emmanuel Dreyfus discovered that third-party modules using the apgetbasicauthpw function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new apgetbasicauthcomponents function for use by third-party modules. CVE-2017-3167 Vasileios...

DEBIAN-CVE-2017-7659

A maliciously constructed HTTP/2 request could cause modhttp2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process...

radiolid.ru XSS vulnerability

Vulnerable URL: http://www.radiolid.ru/catalog/17/search.php?lookingfor= Details: Description| Value ---|--- Patched:| Yes, at 27.11.2017 Latest check for patch:| 27.11.2017 16:42 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1016180 VIP website status:| No...

Dasan Networks GPON ONT Devices Detection

Detection of Dasan Networks GPON ONT devices. The script sends a connection request to the server and attempts to detect Dasan Networks GPON ONT devices. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CentOS Update for httpd CESA-2017:1721 centos6

Check the version of httpd SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882751";...

Virtuozzo 7 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-0906)

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20170711)

Security Fixes : - It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters...