114 matches found
CVE-2018-18960
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack...
Design/Logic Flaw
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substri...
Memcached - memcrashed Denial of Service Exploit
Exploit for linux platform in category dos / poc Written by Alex Conrey Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44254.zip This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public...
Biggest-Ever DDoS Attack (1.35 Tbs) Hits Github Website
On Wednesday, February 28, 2018, GitHub's code hosting website hit with the largest-ever distributed denial of service DDoS attack that peaked at record 1.35 Tbps. Interestingly, attackers did not use any botnet network, instead weaponized misconfigured Memcached servers to amplify the DDoS attac...
SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2017:1473-1)
This update for strongswan fixes the following issues : - CVE-2017-9022: Insufficient Input Validation in gmp Plugin leads to Denial of service bsc1039514 - CVE-2017-9023: Incorrect x509 ASN.1 parser error handling could lead to Denial of service bsc1039515 - IKEv1 protocol is vulnerable to DoS...
[ASA-201705-19] fop: xml external entity injection
Arch Linux Security Advisory ASA-201705-19 ========================================== Severity: Medium Date : 2017-05-21 CVE-ID : CVE-2017-5661 Package : fop Type : xml external entity injection Remote : Yes Link : https://security.archlinux.org/AVG-254 Summary ======= The package fop before...
Apache XML Graphics FOP 2.1 Information Disclosure Vulnerability
Exploit for multiple platform in category remote exploits CVE-2017-5661: Apache XML Graphics FOP information disclosure vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: FOP 1.0 - 2.1 Description: Files lying on the filesystem of the server which uses batik...
CVE-2017-5661
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full...
DEBIAN-CVE-2017-5661
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full...
CVE-2017-5662
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a ful...
CVE-2017-5661
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full...
Ubiquiti Inc.: UBNT Amplification DDOS Attack
Denial of Service attack in airMAX prior to 8.3.2 , airMAX prior to 6.0.7 and EdgeMAX prior to 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks...
Drupal Core Violence Amplification Attack Vulnerability
Drupal is a free and open source content management system developed in PHP. A brute force amplification attack vulnerability exists in Drupal Core.The XML-RPC system allows a large number of calls to the same method to be done once, which can be used as a factor in favor in a brute force attack...
Brute force amplification attacks via XML-RPC
More info at https://www.drupal.org/SA-CORE-2016-001...
CG-WLNCM4G may behave as an open resolver
Overview CG-WLNCM4G provided by Corega Inc is a network camera. CG-WLNCM4G contains an issue where it may behave as an open resolver. SASABE Tetsuro of The University of Tokyo reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#51250073: CG-WLNCM4G may behave as an open resolver
CG-WLNCM4G provided by Corega Inc is a network camera. CG-WLNCM4G contains an issue where it may behave as an open resolver. Impact The device may be leveraged for use in a DNS amplification attack and unknowingly become a part of a DDoS attack. Solution Do not use CG-WLNCM4G As of December 25,...
Novel NTP Attacks Roll Back Time
Sharon Goldberg remembers the cold February day when her Boston University PhD candidate Aanchal Malhotra was studying routing security, in particular, attacks against the resource public key infrastructure RPKI—and kept hitting a dead end because of a cache-flushing issue. The resourceful Malhot...
NetBIOS NBSTAT Name Query Reflection Denial Of Service
!/usr/bin/perl NetBios NBSTAT name query reflection dos Copyright 2015 c Todor Donev [email protected] http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous program is for Educational purpose ONLY. Do not use it without permission. The usual...
NTPD MON_GETLIST Query Amplification Denial of Service Exploit
Exploit for multiple platform in category dos / poc !/usr/bin/perl ntp MONGETLIST query amplification ddos Copyright 2015 c Todor Donev email protected http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg A Network Time Protocol NTP Amplification attack is an emerging form of...
NTPD - MON_GETLIST Query Amplification Denial of Service
NTPD - MONGETLIST Query Amplification Denial of Service !/usr/bin/perl ntp MONGETLIST query amplification ddos Copyright 2015 c Todor Donev [email protected] http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg A Network Time Protocol NTP Amplification attack is an emergin...