CVE-2016-2279

Cross-site scripting XSS vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Xymon Command Injection Vulnerability

Xymon is an open source , cross-platform network monitoring application . The application can be viewed through the web page of the operational status of each server , and supports Email and SMS notification function . Xymon's useradm and chpasswd web applications in the command injection...

Venom - Metasploit Shellcode Generator / Compiler / Listenner

The script will use msfvenom metasploit to generate shellcode in diferent formats c | python | ruby | dll | msi | hta-psh , injects the shellcode generated into one funtion example: python "the python funtion will execute the shellcode in ram" and uses compilers like: gcc gnu cross compiler or...

Paragon Initiative Enterprises: DNSsec not configured

Description: I found out that there is no DNSSEC configured on your webserver to prevent DNS related attacks. This is an issue that would allow attackers to target your DNS directly The Domain Name System Security Extensions DNSSEC is a suite of Internet Engineering Task Force IETF specifications...

Huawei VP9660信息泄露漏洞

VP9660是华为视频会议系统的多媒体控制单元。 华为VP9660产品存在服务端未对输入完全做校验的安全漏洞。在使用内置WebServer场景下, 攻击者以业务管理员身份登录到设备后，通过构造修改特定报文信息发送到服务端，可以注入恶意命令，从而导致信息泄露，设备不可用。 前提条件： 1. 攻击者能够以业务管理员身份登录VP9660成功； 2. VP9660在使用内置WebServer场景下存在该漏洞; 攻击步骤：...

Security Advisory - Input Validation Vulnerability in Huawei VP9660 Products

VP9660 is the multi-point control unit of Huawei Video Conference system. The server of the Huawei VP9660 does not validate the input when using build-in WebServer. In such case, an attacker could log in to the device as an business administrator, graft a message to change the specific informatio...

CVE-2004-1063

PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safemodeexecdir restrictions and execute commands outside of the intended safemodeexecdir via shell metacharacters in the current directory name. NOTE: this issue was...

SUSE-SU-2015:1851-1 Security update for apache2

The Apache2 webserver was updated to fix several issues: Security issues fixed: - The chunked transfer coding implementation in the Apache HTTP Server did not properly parse chunk headers, which allowed remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to...

Bosch Security Systems Dinion NBN-498 Web Interface - XML Injection Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface Date: 01/09/2015 Exploit Author: neom22 Vendor Homepage: http://us.boschsecurity.com Data Sheet:...

ownCloud: apps.owncloud.com: Path Disclosure

Threat: A potentially sensitive file, directory, or directory listing was discovered on the Web server. Impact: The contents of this file or directory may disclose sensitive information. Solution: Verify that access to this file or directory is permitted. If necessary, remove it or apply access...

Adobe Flash - XMLSocket Destructor Not Cleared Before Setting User Data in connect

Source: https://code.google.com/p/google-security-research/issues/detail?id=416&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id This issue is a variant of issue 192 , which the fix did not address. If XMLSocket connect is called on an object that already has a destroy...

PhpGedView File Inclusion and PHP Code Injection Vulnerabilities (CVE-2011-0405)

PhpGedView is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process...

Debian: Security Advisory (DSA-3322-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

APC / APCu INFO Page Accessible (HTTP)

HTTP based detection of an exposed APC / APCu INFO page. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

PHPXMLRPC 1.1 - Remote Code Execution

PHPXMLRPC 1.1 - Remote Code Execution PHPXMLRPC Remote Code Execution Vendor: Useful Information Inc. Product: PHPXMLRPC Version: = 1.1 Website: http://phpxmlrpc.sourceforge.net/ BID: 14088 CVE: CVE-2005-1921 OSVDB: 17793 SECUNIA: 15852 PACKETSTORM: 38394 Description: PHPXMLRPC aka XML-RPC For PH...

[SECURITY] [DLA 254-1] librack-ruby security update

Package : librack-ruby Version : 1.1.0-4+squeeze3 CVE ID : CVE-2015-3225 There is a potential denial of service vulnerability in Rack, a modular Ruby webserver interface. Carefully crafted requests can cause a SystemStackError and cause a denial of service attack by exploiting the lack of a...

DLA-254-1 librack-ruby - security update

Bulletin has no description...

Command injection vulnerability in Synology Photo Station

------------------------------------------------------------------------ Command injection vulnerability in Synology Photo Station ------------------------------------------------------------------------ Han Sahin, May 2015 ------------------------------------------------------------------------...

Synology Photo Station 6.2-2858 Command Injection

------------------------------------------------------------------------ Command injection vulnerability in Synology Photo Station ------------------------------------------------------------------------ Han Sahin, May 2015 ------------------------------------------------------------------------...

CSRF/XSS In Manage Engine Asset Explorer

=============================================================================== CSRF/Stored XSS Vulnerability in Manage Engine Asset Explorer =============================================================================== . contents:: Table Of Content Overview ======== Title :CSRF/Stored XSS...