ZAP 2.4.2 - Penetration Testing Tool for Testing Web Applications

The Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testin...

Cisco Packet Data Network Gateway GTPv2 Tunnel Vulnerability

A vulnerability in the GPRS Tunneling Protocol for Version 2 GTPv2 of the Cisco Packet Data Network Gateway PGW could allow an unauthenticated, remote attacker to cause partial availability of the GTPv2 service. The vulnerability is due to lack of input validation of the incoming GTPv2 packet...

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit th...

Cisco TelePresence Integrator C Series Multiple Request Parameter Vulnerability

A vulnerability in Cisco TelePresence Integrator C Series could allow an unauthenticated, remote attacker to bypass authentication. The vulnerability is due to insufficient validation of user-supplied values. An attacker could exploit this vulnerability by sending multiple request parameters to a...

Cisco TelePresence MSE 8000 Series Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco TelePresence MSE 8000 Series could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the user of a web...

KLA10496 Denial of service vulnerability in Apache Xerces

An unspecified vulnerability was found in Apache Xerces-C. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via a specially designed XML data. Original advisories Apache bulletin Exploitation Public exploits exist for this...

Cisco Web Security Appliance HTTP Proxy Bypass Vulnerability

A vulnerability in the proxy engine of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass the security restriction. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by crafting an...

Cisco Intrusion Prevention System IP Logging Denial of Service Vulnerability

A vulnerability in the IP logging feature of Cisco Intrusion Prevention System IPS Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to a race condition when writing the IP logging file. An attacker could exploit this...

KLA10442 DoS vulnerability in QuickTime

An unknown vulnerability have been found in Apple QuickTime. Vulnerability can be exploited remotely via specially designed mvhd atom. Original advisories Apple bulletin Related products Apple-QuickTime CVE list CVE-2014-4979 critical Solution Update to latest version Quicktime download Impacts D...

Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability

A vulnerability in the XML programmatic interface XML PI of Cisco WebEx Meeting Server could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to disclosure of the meeting information. An attacker could exploit this vulnerability by sending a crafte...

Cisco Unified Web and E-Mail Interaction Manager Broken Authentication Vulnerability

A vulnerability in Cisco Unified Web and E-Mail Interaction Manager could allow an unauthenticated, remote attacker to capture, forge, or brute force a session identifier transmitted as a parameter in GET requests. The vulnerability is due to improper use of session identifiers in GET requests. A...

Cisco Broadcast Access Center for Telco and Wireless Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of the Cisco Broadcast Access Center for Telco and Wireless BAC-TW could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the Cisco BAC-TW web interface. The vulnerability is due to insufficient CSRF...

HP Unified Functional Testing ExGrid SaveXML Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Unified Functional Testing. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

HP Unified Functional Testing任意代码执行漏洞

BUGTRAQ ID: 66197 CVECAN ID: CVE-2013-6210 HP Unified Functional Testing是一款自动化软件测试解决方案。 HP Unified Functional Testing 12.0之前版本在实现上存在安全漏洞，这可使远程攻击者利用此漏洞执行任意代码。 0 HP Unified Functional Testing 12.0 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

[security bulletin] HPSBMU02967 rev.2 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iNote: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04122007 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04122007 Version: 2 HPSBMU02967 rev...

HP Unified Functional Testing < 12.0 Remote Code Execution (HPSBMU02967)

The remote Windows host has a version of HP Unified Functional Testing prior to 12.0. It is, therefore, affected by an unspecified remote code execution vulnerability. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid73094; scriptversion"1.5"; scriptcvsdate"Date:...

HP Unified Functional Testing远程代码执行漏洞

Bugtraq ID:66197 CVE ID:CVE-2013-6210 HP Unified Functional Testing是一款惠普推出高级现代应用测试解决方案。 HP Unified Functional Testing存在一个未明安全漏洞，允许远程攻击者利用漏洞执行任意代码。 0 HP Unified Functional Testing HP Unified Functional Testing 12.0已经修复该漏洞，建议用户下载更新：...

CVE-2013-6210

Unspecified vulnerability in HP Unified Functional Testing before 12.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1932...

CVE-2013-6210

HP Unified Functional Testing (UFT) versions prior to 12.0 are affected by a remote code execution vulnerability (CVE-2013-6210). The root cause is a flaw in the ExGrid SaveXML path that relies on the Exontrol.Grid ActiveX control, where cell contents are not validated before being written to a f...

CVE-2013-6210

Unspecified vulnerability in HP Unified Functional Testing before 12.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1932...