609 matches found
CVE-2015-3269
CVE-2015-3269 is an XXE vulnerability in Apache Flex BlazeDS (used by flex-messaging-core.jar in LCDS) that allows a remote attacker to read arbitrary files via an AMF message containing an XML external entity declaration with an entity reference. Affected products include BlazeDS components in A...
HP Release Control - (Authenticated) XML External Entity (Metasploit)
HP Release Control - Authenticated XML External Entity Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Release Control Authenticated XXE', 'Description' = %q This modu...
HP Release Control - (Authenticated) XML External Entity (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Release Control Authenticated XXE', 'Description' = %q This module take advantage of three separate vulnerabilities in order to re...
[Charles] Web Debugging Proxy Application
Charles is a web proxy HTTP Proxy / HTTP Monitor that runs on your own computer. Your web browser or any other Internet application is then configured to access the Internet through Charles, and Charles is then able to record and display for you all of the data that is sent and received. In Web a...
CVE-2013-0452
Cross-site request forgery CSRF vulnerability in the Software Use Analysis SUA application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format AMF messages...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Software Use Analysis SUA application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format AMF messages...
CVE-2013-0452
Cross-site request forgery CSRF vulnerability in the Software Use Analysis SUA application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format AMF messages...
Verax NMS Password Replay Attack (CVE-2013-1351)
Verax NMS Password Replay Attack CVE-2013-1351 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducin...
Verax NMS - Multiple Method Authentication Bypass
source: https://www.securityfocus.com/bid/58334/info Verax NMS is prone to multiple security-bypass and information disclosure vulnerabilities. Attackers can exploit these issues to bypass certain security restrictions, perform unauthorized actions, and obtain sensitive information; this may aid ...
Sql injection
Eval injection vulnerability in the ldapagnteval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request...
CVE-2012-5932
Eval injection vulnerability in the ldapagnteval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request...
[CVE-2012-4750] Ezhometech EzServer 7.0 Remote Heap Corruption Vulnerability
Title: Ezhometech EzServer 7.0 Remote Heap Corruption Vulnerability Description: EzServer is a software for audio and video streaming adopted by various companies worldwide. Version 7.0 is affected by a remote heap corruption vulnerability. Version 6.x is not affected by this issue, as does not...
Ezhometech EzServer memory corruption
Memory corruption on RTMP AMF request parsing...
EZHomeTech EzServer 7.0 - Remote Heap Corruption
Title: Ezhometech EzServer 7.0 Remote Heap Corruption Vulnerability Description: EzServer is a software for audio and video streaming adopted by various companies worldwide. Version 7.0 is affected by a remote heap corruption vulnerability. Version 6.x is not affected by this issue, as does not...
Nullsoft Winamp Advanced Module Format File Buffer Overflow
A remote code execution vulnerability has been reported in Nullsoft Winamp. The vulnerability is caused due to a heap buffer overflow while handling specially crafted Advanced Module Format .amf files. A remote attacker may trigger this vulnerability by enticing a user to open a specially crafted...
Winamp 5.622多个远程安全漏洞
BUGTRAQ ID: 50387 Winamp是流行的通用音乐播放器。 Winamp 5.622在实现上存在多个远程漏洞,远程攻击者可利用这些漏洞执行任意代码或造成拒绝服务。 1在处理Creative Music Format CMF标头中的"iOffsetMusic"值时,inmidi.dll插件中存在错误,可被利用通过特制的MIDI文件造成堆缓冲区溢出。 2)在处理Advanced Module Format AMF标头中的"channels"值时,inmod.dl插件中存在错误,可被利用通过特制的".amf"文件造成堆缓冲区溢出。 3)在处理Nullsoft Streaming...
Authentication flaw
The web interface on the LifeSize Room appliance LSRM13.5.3 11 allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoomRemoting.authenticate function in gateway.php...
CVE-2011-2762
The web interface on the LifeSize Room appliance LSRM13.5.3 11 allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoomRemoting.authenticate function in gateway.php...
LifeSize Room - Command Injection (Metasploit)
LifeSize Room - Command Injection Metasploit require 'msf/core' class Metasploit3 'LifeSize Room Command Injection', 'Description' = %q This module exploits a vulnerable resource in LifeSize Room versions 3.5.3 and 4.7.18 to inject OS commmands. LifeSize Room is an appliance and thus the...
CVE-2011-2092
CVE-2011-2092 affects Adobe products: LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier. The root cause is improper restriction during deserialization of AMF and AMFX data that allows creation of classes, leading to an unresolved impact via unkn...