5286 matches found
IT-Grundschutz M4.094: Schutz der Webserver-Dateien
IT-Grundschutz M4.094: Schutz der Webserver-Dateien. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94210 Stand: 13. Ergänzungslieferung 13. EL. Copyright C 2013...
JBoss AS Attacks Up Since Exploit Code Disclosed
Attackers are exploiting a two-year-old vulnerability in JBoss Application Servers that enables a hacker to remotely get a shell on a vulnerable webserver. The number of infections has surged since exploit code called pwn.jsp was publicly disclosed Oct. 4. Researchers at Imperva said that a numbe...
JunOS 11.4 Cross Site Scripting
Vulnerability Type: XSS Cross-Site Scripting - Original release date: November 11th, 2013 - Last revised: November 11th, 2013 - Discovered by: Andrea Bodei - A2SECURE - Severity: 4.3/10 CVSSv2 Base Scored Products and affected versions: JUNOS up to 11.4 probably 12.1 and 12.3 vulnerable...
Debian DSA-2783-1 : librack-ruby - several vulnerabilities
Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface. The Common Vulnerabilites and Exposures project identifies the following vulnerabilities : - CVE-2011-5036 Rack computes hash values for form parameters without restricting the ability to trigger hash collisions...
Debian Security Advisory DSA 2783-1 (librack-ruby - several vulnerabilities)
Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2011-5036 Rack computes hash values for form parameters without restricting the ability to trigger hash collisions...
DSA-2783-1 librack-ruby - several
Bulletin has no description...
Fedora 20 : roundcubemail-0.9.4-1.fc20 (2013-16162)
0.9.4, latest upstream. Require webserver rather than httpd. Two XSS flaws were fixed in roundcube 0.9.3 1 : - Fix XSS vulnerability when saving HTML signatures 2,3 - Fix XSS vulnerability when editing a message 'as new' or draft 2,4 1 http://trac.roundcube.net/wiki/ChangelogRELEASE0.9.3 2...
Fedora 18 : roundcubemail-0.9.4-1.fc18 (2013-16192)
0.9.4, latest upstream. Require webserver rather than httpd. Two XSS flaws were fixed in roundcube 0.9.3 1 : - Fix XSS vulnerability when saving HTML signatures 2,3 - Fix XSS vulnerability when editing a message 'as new' or draft 2,4 1 http://trac.roundcube.net/wiki/ChangelogRELEASE0.9.3 2...
WordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...
Debian: Security Advisory (DSA-2532-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 2532-1 (libapache2-mod-rpaf - denial of service)
Sebastien Bocahu discovered that the reverse proxy add forward module for the Apache webserver is vulnerable to a denial of service attack through a single crafted request with many headers. OpenVAS Vulnerability Test $Id: deb25321.nasl 14276 2019-03-18 14:43:56Z cfischer $ Auto-generated from...
$_GET not cleaned when parsed from REQUEST_URI
When none of the default methods of determining the request URI have succeeded, the framework will fallback to parsing the raw request URI as passed by the webserver. If this URI has a query string, it will be parsed and $GET will be updated. In this process, the $GET variables are not cleaned,...
PWStore 2010.8.30.0 Cross Site Scripting / Denial Of Service
PWStore version 2010.8.30.0 suffers from cross site scripting and denial of service vulnerabilities. - RealPentesting Advisory - Title: MULTIPLE VULNERABILITIES IN PWSTORE 2010.8.30.0 Severity: Medium History: 16.Apr.2013 Vulnerability reported Authors: Josep Pi Rodriguez, Pedro Guillen Nuñez,...
AdvancePro Technologies Advanceware software suite vulnerable to privilege bypass
Overview AdvancePro Technologies Advanceware software suite contains a privilege bypass vulnerability, resulting in information leakage CWE-200. Description CWE-200: Information Exposure AdvancePro Technologies Advanceware software suite contains a privilege bypass vulnerability, resulting in...
Samsung DVR Firmware 1.10 - Authentication Bypass
Samsung DVR Firmware 1.10 - Authentication Bypass Title: Samsung DVR authentication bypass Version affected: firmware version = 1.10 Vendor: Samsung - www.samsung-security.com Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status...
MinaliC Webserver 2.0.0 Buffer Overflow
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 !/usr/bin/env python Exploit Title: MinaliC...
MinaliC Webserver 2.0.0 - Buffer Overflow (Egghunter)
Exploit for windows platform in category remote exploits !/usr/bin/env python Exploit Title: MinaliC Webserver buffer overflow egghunter Date: August 13 2013 Exploit Author: PuN1sh3r Email: email protected Vendor Homepage: http://minalic.sourceforge.net/ Version: MinaliC Webserver 2.0.0 Tested on...
MinaliC WebServer 2.0.0 - Remote Buffer Overflow (Egghunter)
MinaliC WebServer 2.0.0 - Remote Buffer Overflow Egghunter !/usr/bin/env python Exploit Title: MinaliC Webserver buffer overflow egghunter Date: August 13 2013 Exploit Author: PuN1sh3r Email: [email protected] Vendor Homepage: http://minalic.sourceforge.net/ Version: MinaliC Webserver 2.0.0...
MinaliC WebServer 2.0.0 - Remote Buffer Overflow (Egghunter)
!/usr/bin/env python Exploit Title: MinaliC Webserver buffer overflow egghunter Date: August 13 2013 Exploit Author: PuN1sh3r Email: [email protected] Vendor Homepage: http://minalic.sourceforge.net/ Version: MinaliC Webserver 2.0.0 Tested on: Windows XP Pro SP3, English Description: Remote...
Seowonintech Routers <= 2.3.9 LFI Vulnerability - Active Check
The remote Seowonintech Router is prone to a local file include LFI vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...