Juniper Junos Local File Include Vulnerability (JSA11021)

According to the self reported version of Junos OS on the remote device it is affected by a local file inclusion vulnerability in HTTP/HTTPS service. An unauthenticated remote attacker can exploit this to perform local file inclusion LFI, path traversal or maybe able to inject commands into the...

CVE-2020-1631

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform local file inclusion LFI or path traversal. Using this vulnerability...

CVE-2019-18348

A CRLF injection flaw was discovered in python in the way URLs are handled when doing an HTTP/HTTPS connection e.g. through urlopen or HTTPConnection. An attacker who can control the url parameter passed to urlopen method in the urllib/urllib2 modules can inject CRLF sequences and HTTP headers by...

Sudomy - Subdomain Enumeration & Analysis

Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in fast and comprehensive way. Features For recent time,Sudomy has these 9 features: Easy, light, fast and powerful. Bash script is available by default in almost all Linux distributions...

openSUSE Security Update : rmt-server (openSUSE-2019-1824)

This update for rmt-server to version 2.3.1 fixes the following issues : - Fix mirroring logic when errors are encountered bsc1140492 - Refactor RMT::Mirror to download metadata/licenses in parallel - Check repo metadata GPG signatures during mirroring bsc1132690 - Add rmt-server-config subpackag...

CVE-2019-1884

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input validation mechanisms for...

Cisco Web Security Appliance Web Proxy Denial of Service Vulnerability

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input validation mechanisms for...

SUSE-SU-2019:1381-1 Security update for rmt-server

This update for rmt-server to version 2.1.4 fixes the following issues: - Fix duplicate nginx location in rmt-server-pubcloud bsc1135222 - Mirror additional repos that were enabled during mirroring bsc1132690 - Make service IDs consistent across different RMT instances bsc1134428 - Make SMT data...

CVE-2019-10952

An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370...

CVE-2019-10952 Rockwell Automation CompactLogix 5370 Uncontrolled Resource Consumption

An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370...

[SECURITY] Fedora 29 Update: aria2-1.34.0-4.fc29

aria2 is a download utility with resuming and segmented downloading. Supported protocols are HTTP/HTTPS/FTP/BitTorrent. It also supports Metalink version 3.0. Currently it has following features: - HTTP/HTTPS GET support - HTTP Proxy support - HTTP BASIC authentication support - HTTP Proxy...

[SECURITY] Fedora 28 Update: aria2-1.34.0-4.fc28

aria2 is a download utility with resuming and segmented downloading. Supported protocols are HTTP/HTTPS/FTP/BitTorrent. It also supports Metalink version 3.0. Currently it has following features: - HTTP/HTTPS GET support - HTTP Proxy support - HTTP BASIC authentication support - HTTP Proxy...

CVE-2019-5737

In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service DoS by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated...

CVE-2019-5737

In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service DoS by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated...

Lob: Blind SSRF/XSPA on dashboard.lob.com + blind code injection

Summary: I was just playing around with the website and I found blind XSPA on time of creating Templets on dashboard.lob.com. Steps To Reproduce: 1. Go to https://dashboard.lob.com//templates 1. Now click on create templet and insert this code in HTML : "'" / and click on create. 1. Now click on...

Denial Of Service (DoS)

node is vulnerable to denial of service DoS attacks. The vulnerability exists when a malicious user sends headers while keeping HTTP/HTTPS connections alive for a long period of time...

Debian DLA-1585-1 : ruby-rack security update

It was discovered that there was an XSS vulnerability in the ruby-rack web-server library. A malicious request could impact the HTTP/HTTPS scheme being returned to the underlying application. For Debian 8 'Jessie', this issue has been fixed in ruby-rack version 1.5.2-3+deb8u2. We recommend that y...

[SECURITY] [DLA 1585-1] ruby-rack security update

Package : ruby-rack Version : 1.5.2-3+deb8u2 CVE ID : CVE-2018-16471 Debian Bug : 913005 It was discovered that there was an XSS vulnerability in the ruby-rack web-server library. A malicious request could impact the HTTP/HTTPS scheme being returned to the underlying application. For Debian 8...

htrace.sh - Simple Shell Script To Debugging HTTP/HTTPS Traffic Tracing, Response Headers And Mixed-Content

htrace.sh is a shell script that allows you to validate your domain configuration and catch any errors e.g. redirect loops. It also displays basic information about the ssl configuration if available, response headers, checks for mixed content and performs security scans using Nmap scripts and...

Juniper Junos HTTP/HTTPS Firewall User Authentication Remote Information Disclosure (JSA10858)

According to its self-reported version number, the remote Junos device is affected by a remote information disclosure vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid111205; scriptversion"1.7"; scriptsetattributeattribute:"pluginmodificationdate",...