openSUSE Security Update : apache2 (openSUSE-SU-2011:1217-1)

This update fixes several security issues in the Apache webserver. The patch for the ByteRange remote denial of service attack CVE-2011-3192 was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded,...

openSUSE Security Update : apache2 (openSUSE-SU-2011:1217-1)

This update fixes several security issues in the Apache webserver. The patch for the ByteRange remote denial of service attack CVE-2011-3192 was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded,...

DevExpress ASPxFileManager 10.2 13.2.8 - Directory Traversal

DevExpress ASPxFileManager 10.2 13.2.8 - Directory Traversal Advisory: Directory Traversal in DevExpress ASP.NET File Manager During a penetration test RedTeam Pentesting discovered a directory traversal vulnerability in DevExpress' ASP.NET File Manager and File Upload. Attackers are able to read...

SA-CONTRIB-2014-058 - Webserver Auth - Access Bypass

This module allows you to delegate user authentication to the web server. The module can be configured to automatically create users that have been authenticated by the web server. There was an issue where a configuration variable did not have consistent default values in the code meaning that in...

Kolibri WebServer HTTP Request Buffer Overflow Vulnerability

Kolibri WebServer is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CSRF and Remote Code Execution in EGroupware

High-Tech Bridge Security Research Lab discovered CSRF and Remote Code Execution vulnerabilities in EGroupware, which can be exploited by remote attacker to gain full control over the application and compromise vulnerable system. 1 Сross-Site Request Forgery CSRF in EGroupware: CVE-2014-2987 The...

CVE-2014-2452

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 allows remote authenticated users to affect availability via unknown vectors related to Webserver Plugin...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 allows remote authenticated users to affect availability via unknown vectors related to Webserver Plugin...

CVE-2014-2452

Technical details about CVE-2014-2452 are not publicly provided in the connected documents. No explicit affected version, root cause, impact, or remediation is described here. Monitor for updates.

CVE-2014-2452

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 allows remote authenticated users to affect availability via unknown vectors related to Webserver Plugin...

C2FO: The server supports only older protocols for HTTPS connections

The webserver at c2fo.com, 198.58.120.159 only supports SSL 3.0 and TLS 1.0 for secure HTTP connections see: test-results.png. While TLS 1.0 is more secure than SSL 3.0, subsequent versions of TLS, TLS 1.1 and TLS 1.2, are significantly more secure and fix many vulnerabilities present in SSL 3.0...

ELMAH (Error Logging Modules and Handlers) Remotely Accessible

The remote web server hosts ELMAH, an error logging application used with ASP.NET web applications. The elmah.axd script was accessed remotely without authentication, which could provide detailed information that could provide a remote, unauthenticated attacker with sensitive data that could be...

Mediawiki 1.18.0 Information Disclosure

CVE-2014-1686 -- Information disclosure: webserver source path in Mediawiki 1.18.0 When a user create a new file eg: image with a name containing , it leads to webserver file path disclosure, after having uploaded the file, when thumbail creation occurs. I did not succeed in obtained remote shell...

Embedthis Goahead Webserver存在多个拒绝服务漏洞

BUGTRAQ ID：65747 Embedthis Goahead Webserver是一款多个设备中的嵌入式WEB服务器程序。 Embedthis Goahead Webserver未能正确处理用户提交的请求，允许远程攻击者利用漏洞提交恶意请求使服务程序崩溃，造成拒绝服务攻击。 0 Embedthis Software Goahead Webserver 3.1.3-0 厂商补丁： Goahead ----- Embedthis Goahead Webserver 3.3.0版本以修复此漏洞，建议用户下载使用： http://embedthis.com/products/goahea...

Embedthis Goahead 3.1.3-0 Denial Of Service

Title: Embedthis Goahead Webserver multiple DoS vulnerabilities. Author: 0in Maksymilian Motyl Date: 18.02.2014 Version: 3.1.3-0 Software Link: http://embedthis.com/products/goahead/ Download: https://github.com/embedthis/goahead Tested on: Linux x32 Description: "GoAhead is embedded in hundreds ...

Embedthis Goahead WebServer 3.1.3-0 - Multiple Vulnerabilities

Title: Embedthis Goahead Webserver multiple DoS vulnerabilities. Author: 0in Maksymilian Motyl Date: 18.02.2014 Version: 3.1.3-0 Software Link: http://embedthis.com/products/goahead/ Download: https://github.com/embedthis/goahead Tested on: Linux x32 Description: "GoAhead is embedded in hundreds ...

Trendchip HG520 ADSL2+ Wireless Modem - Cross-Site Request Forgery

Exploit Title: Trendchip HG520 ADSL2+ Wireless Modem CSRF Vulnerability Google Dork: N/A Date: 15/02/2014 Exploit Author: Dhruv Shah Vendor Homepage: N/A Software Link : N/A Version: Firmware Version:2.11.38.0RE0.C2B3.9.9.5 Tested on: Embedded Allegro RomPager webserver 4.07 UPnP/1.0 ZyXEL ZyWALL...

List of 8,000 FTP Credentials for Sale in Underground Forums

Hackers are targeting FTP upload sites with the hopes of redirecting victims to spam or even infecting webservers that rely on FTP applications for updates. Hold Security reported yesterday it had secured a list of credentials for close to 7,800 FTP sites being circulated in cybercrime forums. Th...

Osclass - Multiple Input Validation Vulnerabilities

Osclass - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/64386/info Osclass is prone to the following input-validation vulnerabilities: 1. A cross-site request-forgery vulnerability 2. Multiple directory-traversal vulnerabilities 3. An SQL-injection...

Osclass - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/64386/info Osclass is prone to the following input-validation vulnerabilities: 1. A cross-site request-forgery vulnerability 2. Multiple directory-traversal vulnerabilities 3. An SQL-injection vulnerability Exploiting these issues may allow a remote...