Avaya IP Office 11 - Password Disclosure

Exploit Title: Avaya IP Office 11 - Password Disclosure Exploit Author: hyp3rlinx Date: 2020-06-09 Vender Homepage: https://downloads.avaya.com Product Link: https://downloads.avaya.com/css/P8/documents/101067493 CVE: CVE-2020-7030 + Credits: John Page aka hyp3rlinx + Website:...

Avaya IP Office 11 Insecure Transit / Password Disclosure Vulnerability

Avaya IP Office versions 9.1.8.0 through 11 suffer from an insecure transit vulnerability that allows for password disclosure. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

Atmosphere 1.x / 2.x Cross Site Scripting

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Atmosphere 1 Vendor: Async-IO.org CSNC ID: CSNC-2018-023 Subject: Reflected Cross-Site Scripting XSS Risk: High Effect: Remotely exploitable Author: Lukasz D. [email protected] Date: 13.08.2018...

RichFaces: remote denial of service via memory exhaustion

It was found that certain malformed requests caused RichFaces to leak memory. A remote, unauthenticated attacker could use this flaw to send a large number of malformed requests to a RichFaces application that uses the Atmosphere framework, leading to a denial of service excessive memory...

RichFaces: remote denial of service via memory exhaustion

It was found that certain malformed requests caused RichFaces to leak memory. A remote, unauthenticated attacker could use this flaw to send a large number of malformed requests to a RichFaces application that uses the Atmosphere framework, leading to a denial of service excessive memory...

JBoss RichFaces 'PushHandlerFilter.java'远程拒绝服务漏洞

CVECAN ID: CVE-2014-0086 JBoss RichFaces是一个具有Ajax和JSF特性的Web框架。 RichFaces没有正确过滤某些请求，未经身份验证的远程攻击者通过发送大量的畸形请求到使用Atmosphere框架的RichFaces应用，利用此漏洞导致应用服务器拒绝服务（大量的内存消耗）。 0 JBoss Group RichFaces 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.jboss.org/...