Lucene search
+L

275 matches found

ThreatPost
ThreatPost
added 2016/10/11 11:52 a.m.13 views

IoT Botnet Uses HTTP Traffic to DDoS Targets

The IoT botnet behind some of the largest publicly recorded DDoS attacks is flooding its targets with HTTP traffic, generating more than one million requests per second in some cases, in order to bring down web applications. The attacks were recorded prior to the release of the source code fuelin...

7.3AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2016/09/25 10:59 a.m.58 views

CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

9.1CVSS7.3AI score0.01345EPSS
Exploits0References5
Cvelist
Cvelist
added 2016/09/25 10:0 a.m.50 views

CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

8AI score0.01345EPSS
Exploits0References6
Prion
Prion
added 2016/08/30 5:59 p.m.17 views

Design/Logic Flaw

WebReports in IBM BigFix Platform formerly Tivoli Endpoint Manager 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic...

4.3CVSS6.5AI score0.01116EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/08/30 5:0 p.m.22 views

CVE-2016-0397

WebReports in IBM BigFix Platform formerly Tivoli Endpoint Manager 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic...

6.3AI score0.01116EPSS
Exploits0References2
NVD
NVD
added 2016/07/19 2:0 a.m.22 views

CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

8.1CVSS7.8AI score0.0522EPSS
Exploits0References9
AlpineLinux
AlpineLinux
added 2016/07/19 1:0 a.m.71 views

CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary...

8.1CVSS8.3AI score0.55724EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2016/07/18 2:0 p.m.32 views

CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

8.1CVSS6.9AI score0.0522EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2016/07/18 2:0 p.m.30 views

CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

8.1CVSS6.9AI score0.50427EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2016/07/18 2:0 p.m.46 views

CVE-2016-5388

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

8.1CVSS6.9AI score0.50896EPSS
Exploits0References5
Cvelist
Cvelist
added 2016/06/30 11:0 p.m.31 views

CVE-2016-5306

Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445...

5.5AI score0.02076EPSS
Exploits0References3
Check Point Advisories
Check Point Advisories
added 2016/04/03 12:0 a.m.1 views

SwitchBlade Denial of Service Tool

SwitchBlade is a DDoS tool that attacks Web servers with vast amounts of HTTP traffic using random parameters. A successful attack can cause a web server to terminate, leading to a denial-of-service condition...

2.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/03/30 12:0 a.m.1 views

SadAttack Denial of Service Tool

SadAttack is a DDoS tool that attacks Web servers with vast amounts of HTTP traffic using random parameters. A successful attack can cause a web server to terminate, leading to a denial-of-service condition...

2.6AI score
Exploits0
ThreatPost
ThreatPost
added 2016/03/10 2:18 p.m.16 views

Samsung Windows Laptop Owners Urged To Download Fix To MitM Vulnerability

Samsung laptop owners are being urged to update their Windows PCs after the discovery of a vulnerability that can allow remote attackers to download files onto a targeted system and gain complete control over the laptop. The flaw is tied to a feature called “Samsung SW Update Tool 2.2.5.16”...

0.4AI score
Exploits0References4
Prion
Prion
added 2015/11/18 9:59 p.m.26 views

Server side request forgery (ssrf)

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...

4.3CVSS7AI score0.04482EPSS
Exploits1References9Affected Software2
NVD
NVD
added 2015/11/18 9:59 p.m.27 views

CVE-2015-5255

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...

4.3CVSS3.9AI score0.04482EPSS
Exploits1References9
Cvelist
Cvelist
added 2015/11/18 9:0 p.m.34 views

CVE-2015-5255

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...

3.8AI score0.04482EPSS
Exploits1References9
ThreatPost
ThreatPost
added 2015/09/21 1:0 p.m.19 views

XcodeGhost iOS App Malware Contained

Concern over the so-called XcodeGhost malware has put the security of Apple’s App Store on the front page. While the App Store was not hacked, attackers did manage to append malicious code to a number of popular apps—most of those developed in China—and find a loophole in Apple’s code-scanning to...

7.2AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/07/07 12:0 a.m.17 views

Rockwell Automation MicroLogix 1100 PLC < Series B FRN 12.0 MitM Replay Authentication Bypass

Binary data scadarockwellmicrologix1100plcmitm470156.nbin...

9.3CVSS7.3AI score0.08121EPSS
Exploits0References3
n0where
n0where
added 2015/07/02 10:56 a.m.46 views

Stealthy PHP Web Shell Backdoor: Weevely

Stealthy PHP Web Shell Backdoor Weevely is a command line web shell dinamically extended over the network at runtime used for administration and pen testing of remote web accesses. It provides a weaponized telnet-like console through a PHP script running on the target, even in restricted...

0.1AI score
Exploits0References8
Rows per page
Query Builder