CuteNews <= 1.4.0 (shell inject) Remote Command Execution Exploit

No description provided by source. ?php cutenxpl.php CuteNews 1.4.0possibly prior versions remote code execution by rgod site: http://rgod.altervista.org usage: launch form Apache, fill in requested fields, then go! make these changes in php.ini if you have troubles with this script:...

Automattic: Serving Transitions From: HTTP Protocol (not secure)

Dear Sir, I've Noticed from your SourceCode that you are using HTTP Protocol, and that will makes Insecure served for data transition. we will give the attacker a chance for "MIMT" man in the middle attack as you know that the name of the attack itself explain the steps. -check the source code of...

PHPBTTracker+ 2.2 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: PHPBTTracker+ 2.2 SQL Injection Date: May 13th, 2014 Exploit Author: BackBox Team Vendor Homepage: http://phpbttrkplus.sourceforge.net/ Software Link: http://sourceforge.net/projects/phpbttrkplus/files/ Version: PHPBTTracker+ 2....

elasticsearch and logstash -- remote OS command execution via dynamic scripting

Elastic reports: Vulnerability Summary: In Elasticsearch versions 1.1.x and prior, dynamic scripting is enabled by default. This could allow an attacker to execute OS commands. Remediation Summary: Disable dynamic scripting. Logstash 1.4.2 was bundled with Elasticsearch 1.1.1, which is vulnerable...

Fedora 19 : libgadu-1.12.0-0.3.rc2.fc19 (2014-2341)

Security vulnerability fix in HTTP protocol handling. A specially crafted server reply may cause memory overwrite and arbitrary code execution. CVE-2013-6487. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

Fedora 20 : libgadu-1.12.0-0.3.rc2.fc20 (2014-2391)

Security vulnerability fix in HTTP protocol handling. A specially crafted server reply may cause memory overwrite and arbitrary code execution. CVE-2013-6487. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

Accept Answer URL should be idempotent and accept PUT or POST requests only

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46610. panel Answers currently users a single URL to both accept and un-accept answers: noformat $baseurl/acceptanswer/$answeri...

Accept Answer URL should be idempotent and accept PUT or POST requests only

Answers currently users a single URL to both accept and un-accept answers: noformat $baseurl/acceptanswer/$answerid. noformat If this URL is requested and the answer in question is currently un-accepted, its state will be changed to accepted. If the answer in question is already accepted, it will...

Accept Answer URL should be idempotent and accept PUT or POST requests only

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46610. panel Answers currently users a single URL to both accept and un-accept answers: noformat $baseurl/acceptanswer/$answerid...

Accept Answer URL should be idempotent and accept PUT or POST requests only

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46610. panel Answers currently users a single URL to both accept and un-accept answers: noformat $baseurl/acceptanswer/$answerid...

Juniper Junos SRX Series flowd Remote DoS (JSA10611)

According to its self-reported version number, the remote Juniper Junos SRX series device is affected by a denial of service vulnerability in the flow daemon flowd when handling certain valid HTTP protocol messages. A remote attacker can exploit this to crash the device. Note that this issue only...

Juniper Networks Junos OS Denial of Service Vulnerability while Processing HTTP Traffic

Denial of Service vulnerability in flowd while processing valid HTTP traffic. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oracle Supply Chain Products Suite - Remote Security

Oracle Supply Chain Products Suite - Remote Security source: https://www.securityfocus.com/bid/64836/info Oracle Supply Chain Products Suite is prone to a remote vulnerability in Oracle Demantra Demand Management. The vulnerability can be exploited over the 'HTTP' protocol. The 'DM Others' sub...

Oracle Supply Chain Products Suite - Remote Security

source: https://www.securityfocus.com/bid/64836/info Oracle Supply Chain Products Suite is prone to a remote vulnerability in Oracle Demantra Demand Management. The vulnerability can be exploited over the 'HTTP' protocol. The 'DM Others' sub component is affected. Attackers can exploit this issue...

Analysis under Windows platform Android app caught mining vulnerability method-vulnerability warning-the black bar safety net

0×0 1 A generally idea In Android 7 5% of the market share, all kinds of Android application layer not poor, the attendant is the wave of the vulnerability. In various markets, feel free to flip it, are almost always connected to the network application, which in to the user experience but also t...

A jingdong log security vulnerabilities-vulnerability warning-the black bar safety net

Table of Contents 1 Introduction 2 the inspection process 3 Summary 1 Introduction Recently looking at an open source site code, found if the login page via the http Protocol requests, will be redirected to use the https Protocol of the url, so you can ensure login security. Today a whim, want to...

http-feed NSE Script

This script crawls through the website to find any rss or atom feeds. The script, by default, spiders and searches within forty pages. For large web applications make sure to increase httpspider's maxpagecount value. Please, note that the script will become more intrusive though. Script Arguments...

Hostinger Web Hosting Cross Site Scripting

Hostinger Web Hosting Multiple Cross Site Scripting Report-Timeline: ================ 2013-06-01: Researcher Notification 2013-06-03: RESPONSE 2013-06-07: Ask About the issues 2013-06-10: Vendor Feedback 2013-06-13: Not Fixed 2013-06-16: Full Disclosure I-VULNERABILITY -------------------------...

HTTP 500 Detection (Client)

Binary data 6853.prm...

Microsoft Windows 'HTTP.sys' Denial of Service Vulnerability (2829254)

This host is missing an important security update according to Microsoft Bulletin MS13-039. OpenVAS Vulnerability Test $Id: secpodms13-039.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft Windows 'HTTP.sys' Denial of Service Vulnerability 2829254 Authors: Arun Kallavi Copyright: Copyright c 2013...