275 matches found
IoT Botnet Uses HTTP Traffic to DDoS Targets
The IoT botnet behind some of the largest publicly recorded DDoS attacks is flooding its targets with HTTP traffic, generating more than one million requests per second in some cases, in order to bring down web applications. The attacks were recorded prior to the release of the source code fuelin...
CVE-2016-4694
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
CVE-2016-4694
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
Design/Logic Flaw
WebReports in IBM BigFix Platform formerly Tivoli Endpoint Manager 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic...
CVE-2016-0397
WebReports in IBM BigFix Platform formerly Tivoli Endpoint Manager 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic...
CVE-2016-5386
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...
CVE-2016-5387
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary...
CVE-2016-5386
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...
CVE-2016-5385
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...
CVE-2016-5388
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
CVE-2016-5306
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445...
SwitchBlade Denial of Service Tool
SwitchBlade is a DDoS tool that attacks Web servers with vast amounts of HTTP traffic using random parameters. A successful attack can cause a web server to terminate, leading to a denial-of-service condition...
SadAttack Denial of Service Tool
SadAttack is a DDoS tool that attacks Web servers with vast amounts of HTTP traffic using random parameters. A successful attack can cause a web server to terminate, leading to a denial-of-service condition...
Samsung Windows Laptop Owners Urged To Download Fix To MitM Vulnerability
Samsung laptop owners are being urged to update their Windows PCs after the discovery of a vulnerability that can allow remote attackers to download files onto a targeted system and gain complete control over the laptop. The flaw is tied to a feature called “Samsung SW Update Tool 2.2.5.16”...
Server side request forgery (ssrf)
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...
CVE-2015-5255
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...
CVE-2015-5255
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...
XcodeGhost iOS App Malware Contained
Concern over the so-called XcodeGhost malware has put the security of Apple’s App Store on the front page. While the App Store was not hacked, attackers did manage to append malicious code to a number of popular apps—most of those developed in China—and find a loophole in Apple’s code-scanning to...
Rockwell Automation MicroLogix 1100 PLC < Series B FRN 12.0 MitM Replay Authentication Bypass
Binary data scadarockwellmicrologix1100plcmitm470156.nbin...
Stealthy PHP Web Shell Backdoor: Weevely
Stealthy PHP Web Shell Backdoor Weevely is a command line web shell dinamically extended over the network at runtime used for administration and pen testing of remote web accesses. It provides a weaponized telnet-like console through a PHP script running on the target, even in restricted...