CVE-2016-2346

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...

Fiyo CMS 2.0_1.9.1 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Fiyo CMS multiple SQL vulnerability Date: 2015-06-28 Exploit Author: cfreer poc-lab Vendor Homepage: http://www.fiyo.org/ Software Link: http://tcpdiag.dl.sourceforge.net/project/fiyo-cms/Fiyo%202.0/fiyocms2.0.2.zip Version:...

Fiyo CMS 2.0_1.9.1 SQL Injection

Exploit Title: Fiyo CMS multiple SQL vulnerability Date: 2015-06-28 Exploit Author: cfreer poc-lab Vendor Homepage: http://www.fiyo.org/ Software Link: http://tcpdiag.dl.sourceforge.net/project/fiyo-cms/Fiyo%202.0/fiyocms2.0.2.zip Version: 2.01.9.1 Tested on: Apache/2.4.7 Win32 CVE : CVE-2015-393...

GeniXCMS 0.0.3 SQL Injection

Exploit Title: Genixcms register.php multiple SQL vuln Date: 2015-06-23 Exploit Author: cfreer poc-lab Vendor Homepage: http://www.genixcms.org Software Link: https://codeload.github.com/semplon/GeniXCMS/zip/master/GeniXCMS-master.zip Version: 0.0.3 Tested on: Apache/2.4.7 Win32 CVE : CVE-2015-39...

CVE-2013-0532

Cross-site request forgery CSRF vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial of service via malformed HTTP...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial of service via malformed HTTP...

CVE-2013-0532

Cross-site request forgery CSRF vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial of service via malformed HTTP...

RSA Authentication Agent for Web Buffer Overflow (CVE-2005-1471)

The RSA Authentication Agent for Web for Internet Information Services IIS provides protection for selected web pages by securing them with the RSA SecurID authentication mechanism. When a user attempts to access a resource that is secured with the RSA SecurID, the RSA Agent authenticates the use...

elinks information leak

POST form data is sent over HTTP instead of HTTPs...

Mod_Security ASCIIZ字节绕过安全限制漏洞

modsecurity是经常与PHP结合使用的Web应用防火墙。 modsecurity在处理特定的HTTP数据时存在漏洞，远程攻击者可能利用此漏洞绕过某些安全限制。 在接收到请求后modsecurity会将其解析成为Web应用参数。由于解析入站数据的方式遵循RFC中所定义的规则而不一定是Perl、Python、Java或PHP中的HTTP请求解析器所兼容的方式，因此如果RFC与实际实现方式不匹配时可能存在一些限制绕过漏洞。...

3Com SuperStack 3 Firewall - Content Filter Bypassing

3Com SuperStack 3 Firewall - Content Filter Bypassing source: https://www.securityfocus.com/bid/7021/info A vulnerability has been reported in the 3Com Superstack 3 Firewall. HTTP content filters put in place by the device fail to assemble fragmented data, potentially allowing an attacker to acce...

DoS против Lotus Domino

Отказ в обслуживании при неправильных данных HTTP через SSL TCP/443...