Run HTTP Flood DDoS Attacks: Wreckuests

Stress Testing: Run HTTP Flood DDoS Attacks Wreckuests is a script, which allows you to run DDoS attacks with HTTP-floodGET/POST. It’s written in pure Python and uses proxy-servers as “bots”. This script is published for educational purposes only! Features Cache bypass with random ?abcd=efg...

Fedora 25 : webkitgtk4 (2017-98bc28ae9e)

This update addresses the following vulnerabilities : - CVE-2017-2496, CVE-2017-2539, CVE-2017-2510 Additional fixes : - Fix URL shown in the title of beforeunload dialogs. - Focus first input field of HTTP authentication dialog. - Fix rendering glitches in HiDPI in long GitHub Gist pages when...

CVE-2017-2389

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site...

CVE-2017-2389

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site...

Apple Safari Multiple Vulnerabilities (HT207600)

Apple Safari is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...

Safari < 10.1 Multiple Vulnerabilities

Binary data 700033.prm...

Apple iOS < 10.3 Multiple Vulnerabilities

Binary data 700034.prm...

CVE-2013-6446

The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs...

CVE-2013-6446

The CVE concerns the JobHistory Server in Cloudera CDH 4.x prior to 4.6.0 and CDH 5.x prior to 5.0.0 Beta 2. When MRv2/YARN is used with HTTP authentication, remote authenticated users can obtain sensitive job information due to failure to enforce job ACLs. The description does not specify affect...

CVE-2013-6446

The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs...

Shopify: CSRF in all API endpoints when authenticated using HTTP Authentication

Description: Short: I have found a CSRF vulnerability in all API endpoints /admin/anyapiendpoint/ if the current user has authenticated using HTTP authentication. Details: When a user generates API credentials for a private application in his shop he will be given API key and password that he can...

Obihai Patches Memory Corruption, DoS, CSRF Vulnerabilities

Obihai Technology recently patched vulnerabilities in its ObiPhone IP phones that could have led to memory corruption, buffer overflow, and denial of service conditions, among other outcomes. The California-based company manufactures IP-enabled phones and VOIP telephone adapters it calls OBi...

About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004

About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004 This document describes the security content of OS X El Capitan v10.11.6 and Security Update 2016-004. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm securi...

Informatica: [oneclickdrsfdc-test.informatica.com] Tomcat Example Scripts Exposed Unauthenticated

Issue The consultant identified that there is an unauthenticated installation of apache tomcat installed on the affected host. This particular installation has the /examples directory exposed which contains several scripts that execute server side code, these scripts can also be leveraged to carr...

Fedora 22 : webkitgtk4-2.10.9-1.fc22 (2016-68b43a4e0d)

This update together with the previous release brings the following fixes Security fixes: CVE-2016-1726 Limit the number of tiles according to the visible area. This was causing a huge memory consumption with some websites. Fix rendering of form controls and scrollbars with GTK+ = 3.19. Fix HTTP...

innovaphone IP222 11r2 sr9 Brute Force

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-018 Product: innovaphone IP222 Manufacturer: innovaphone AG Affected Versions: 11r2 sr9 Tested Versions: 11r2 sr9 Vulnerability Type: Improper Restriction of Excessive Authentication Attempts CWE-307 Risk Level: Medium Solutio...

Fedora 23 : webkitgtk4-2.10.9-1.fc23 (2016-7eb48a78dc)

This update together with the previous release brings the following fixes Security fixes: CVE-2016-1726 Limit the number of tiles according to the visible area. This was causing a huge memory consumption with some websites. Fix rendering of form controls and scrollbars with GTK+ = 3.19. Fix HTTP...

Default Credential Detection via HTTP Basic Authentication

Binary data 7141.pasl...

Cross site request forgery (csrf)

Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message...

CVE-2015-4515

CVE-2015-4515 affects Mozilla Firefox before 42.0: when NTLM v1 is enabled for HTTP authentication, a crafted site can trigger an NTLM type 3 exchange that causes the Workstation field (hostname) to be disclosed to remote attackers. Impact is information disclosure of hostname/windows domain info...