CVE-2012-5976

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial o...

Stack overflow

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial o...

DomsHttpd 1.0 <= Remote Denial Of Service

DomsHttpd 1.0 = Remote Denial Of Service Discovered by: Jean Pascal Pereira [email protected] About DomsHttpd: "A very simple HTTP protocol program base on asynchronous socket model." Vendor URI: http://domshttpd.codeplex.com/ The remote attacker has the possibility to crash the application by...

http-sitemap-generator NSE Script

Spiders a web server and displays its directory structure along with number and types of files in each folder. Note that files listed as having an 'Other' extension are ones that have no extension or that are a root document. Script Arguments http-sitemap-generator.withindomain only spider URLs...

RedHat Update for sblim-cim-client2 RHSA-2012:0987-04

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Ctek SkyRouter 4200 and 4300 Series Routers Remote Arbitrary Command Execution Vulnerability

Ctek SkyRouter 4200 and 4300 series routers are prone to a remote arbitrary command-execution vulnerability because it fails to adequately sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright...

FreeBSD : Apache Traffic Server -- heap overflow vulnerability (acab2f88-7490-11e1-865f-00e0814cab4e)

CERT-FI reports : A heap overflow vulnerability has been found in the HTTP Hypertext Transfer Protocol protocol handling of Apache Traffic Server. The vulnerability allows an attacker to cause a denial of service or potentially to execute his own code by sending a specially modified HTTP message ...

Apache Traffic Server -- heap overflow vulnerability

CERT-FI reports: A heap overflow vulnerability has been found in the HTTP Hypertext Transfer Protocol protocol handling of Apache Traffic Server. The vulnerability allows an attacker to cause a denial of service or potentially to execute his own code by sending a specially modified HTTP message t...

Oracle Fusion Middleware Web Services Manager Unspecified Remote Information Disclosure

The version of one or more Fusion Middleware products installed on the remote host indicates a susceptibility to an unspecified, remote information disclosure attack related to the Web Services Manager Security Component accessible via the HTTP protocol. C Tenable Network Security, Inc...

riak-http-info NSE Script

Retrieves information such as node name and architecture from a Basho Riak distributed database using the HTTP protocol. Script Arguments slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline,...

PmWiki 2.2.34 Remote PHP Code Injection Exploit

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'PmWiki %q This...

PreProjects Pre Studio Business Cards Designer 'page.php' SQL Injection Vulnerability

Pre Studio Business Cards Designer is prone to an SQL-injection vulnerability because the application fails to properly sanitize user- supplied input before using it in an SQL query. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...

EasySiteEdit 'sublink.php' Remote File Include Vulnerability

EasySiteEdit is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. OpenVAS Vulnerability Test $Id:...

Apache Plans Range Header Bug Fix in Next Day

The Apache Software Foundation plans to have a fix available in the next day or so for the denial-of-service problem in Apache that was publicized late last week. The bug, which in some forms has been under discussion for more than four years, involves the way that the Web server handles certain...

Sunway Force Control SCADA 6.1 SP3 - httpsrv.exe Remote Overflow

Sunway Force Control SCADA 6.1 SP3 - httpsrv.exe Remote Overflow Sunway Force Control SCADA httpsvr.exe Exploit Exploitable with simple SEH Overwrite technique Tested on XP SP0 English Probably will work on XP SP3 if you find none-safeseh dll for p/p/r pointer Canberk BOLAT | @cnbrkbolat...

Oracle PeopleSoft Enterprise远程FSCM漏洞(CVE-2011-2272)

BUGTRAQ ID: 48777 CVE ID: CVE-2011-2272 PeopleSoft企业软件集成多个商务功能，包括人事、客户关系、供求关系、财务等管理。PeopleSoft PeopleTools网关管理Servlet存在信息泄露问题， PeopleSoft的Enterprise PeopleTools在HRMS的实现上存在安全漏洞，远程攻击者可通过'HTTPs'协议利用此漏洞影响eProcurement子组件，非法更新、插入、删除PeopleSoft Enterprise FSCM中的可访问数据，非法读取其子集数据。 Oracle PeopleSoft Enterpri...

Fedora Update for pywebdav FEDORA-2011-2470

Check for the Version of pywebdav OpenVAS Vulnerability Test Fedora Update for pywebdav FEDORA-2011-2470 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Majordomo2 - Directory Traversal (SMTP/HTTP)

Exploit for multiple platform in category remote exploits Credit: Michael Brooks https://sitewat.ch Vulnerability: Directory Traversal Software: Majordomo2 Identifier:CVE-2011-0049 Vendor: http://www.mj2.org/ Affected Build: 20110121 and prior Google dork:inurl:mjwwwusr Special thanks to Dave...

Tomcat remote denial of service vulnerability analysis(CVE-2 0 1 0-2 2 2 7)-vulnerability warning-the black bar safety net

The present article is an analysis of the POC process, the pressure of the N months, and now before the issue. Using the analysis of POC, Tomcat in addition to the latest versionsee the specific website, and JBOSS in addition to the latest version, can fight, POC see the article. JBOSS official h...

NetSupport Manager Gateway transmits identifying information in plaintext

Overview The NetSupport HTTP protocol implementation used for communication between the NetSupport Manager Gateway and NetSupport Manager Controls or NetSupport Manager Clients is not encrypting http headers sent between systems. Description The NetSupport HTTP protocol implementation used for...