2512 matches found
The vulnerability of the Apache HTTP Server web server allows attackers to send hidden http requests.
The vulnerability of the chunked transfer coding mechanism in the Apache HTTP Server exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to send hidden HTTP requests remotely, due to incorrect processing of input values by the...
EasyCTF Unauthorized Access Vulnerability
EasyCTF is a CGI program for scoring CTFs. EasyCTF fails to properly verify session IDs, allowing remote attackers to gain unauthorized access via special HTTP requests...
The vulnerability of Cisco ACS’s microprogramming software allows a remote attacker to execute arbitrary code.
The vulnerability of the ACS View interface allows a remote authenticated user with administrator privileges to execute arbitrary SQL commands using specially crafted HTTPS requests...
USN-2474-1 curl vulnerability
Andrey Labunets discovered that curl incorrectly handled certain URLs when using a proxy server. If a user or automated system were tricked into using a specially crafted URL, an attacker could possibly use this issue to inject arbitrary HTTP requests...
Remote Denial of Service Vulnerability in Multiple IBM Products
IBM Sterling B2B Integration supports an automated, cloud-based approach to transforming business documents into any data format or protocol required and exchanging them with trading partners. A remote denial of service vulnerability exists in multiple IBM products, allowing remote attackers to...
Cisco Enterprise Content Delivery System Web Directory Traversal and Arbitrary File Access Vulnerability
A vulnerability in Cisco Enterprise Content Delivery System ECDS could allow an unauthenticated, remote attacker to conduct directory traversal attacks on a targeted system. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could...
PT-2014-3496 · Red Hat · Red Hat Cloudforms
Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms versions prior to 5.3 Description: The issue allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request. Recommendations: For versions prior to 5.3, update to version 5....
squid: buffer overflow when processing overly long DNS names (SQUID-2013:2)
A buffer overflow flaw was found in Squid's DNS lookup module. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid...
PHPLib Team PHPLIB 7.2 - Remote Script Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3079/info The PHP Base Library'PHPLIB' is a code library which provides support for session management in web applications. It is targeted to developers and is widely used in many web applications, so a strong possibility...
zeroo http server 1.5 - Directory Traversal vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/6308/info It has been reported that Zeroo fails to properly sanitize web requests. By sending a malicious web request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to...
SurfControl SuperScout WebFilter for windows 2000 File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5857/info SurfControl SuperScout WebFilter Reports Server is prone to a vulnerability which may allow remote attackers to disclose the contents of arbitrary files. The Reports Server does not sufficiently filter...
Seanox DevWex Windows Binary 1.2002.520 File Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/4978/info The Seanox DevWex Windows binary version is prone to an issue which may cause arbitrary web-readable files to be disclosed to remote attackers. This problem occurs because DevWex does not sufficiently filter '.....
CVE-2014-0780
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests...
Directory traversal
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests...
CVE-2014-0780
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests. Recent assessments: Assessed Attacker Value: 0 Assessed...
Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.1 security update
Updated Red Hat JBoss Enterprise Application Platform 6.2.1 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score,...
Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.1 security update
An update for Red Hat JBoss Enterprise Application Platform 6.2.1 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which...
PT-2013-5598 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions 8.x through 8.25.43 Cisco Adaptive Security Appliance ASA Software versions 8.3.x through 8.32.38 Cisco Adaptive Security Appliance ASA Software versions 8.4.x through 8.45.6 Cisco...
Upgrade Attack
Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, HTTP requests ar...
activemq: Unauthenticated access to web console
The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests...