Cisco FirePower series firewall vulnerability that allows malware to bypass detection-vulnerability warning-the black bar safety net

CISCO FirePower series firewall devices there is a security vulnerability that allows malware to bypass detection mechanisms. Cisco is working to issue a security update program to a critical Vulnerability, CVE-2 0 1 6-1 3 4 5 the vulnerability affects Cisco one of the latest products-FirePower...

openSUSE Security Update : nghttp2 (openSUSE-2016-314)

This update for nghttp2 fixes the following vulnerabilities : - CVE-2016-1544: A malicious remote attacker could have caused an Out of memory condition due to unlimited incoming HTTP header fields boo966514 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...

LocalTapiola: CRLF injection in https://verkkopalvelu.lahitapiola.fi/

Hi there, There is an HTTP header injection on https://verkkopalvelu.lahitapiola.fi/a6/VerkkokauppaYTWAR/YT/Etusivu.jsf it allow an attacker to set custom cookies and custom content such as XSS attack within the response. PoC: The parameter p is vulnerable...

Fedora 23 : nghttp2-1.7.1-1.fc23 (2016-ac861a840e)

CVE-2016-1544: Out of memory in nghttpd, nghttp, and libnghttp2asio applications due to unlimited incoming HTTP header fields: https://github.com/tatsuhiro-t/nghttp2/releases/tag/v1.7.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Gallery 2 2.0.2 - Multiple Vulnerabilities

Gallery 2 2.0.2 - Multiple Vulnerabilities Gallery 2 Multiple Vulnerabilities Vendor: Bharat Mediratta Product: Gallery 2 Version: = 2.0.2 Website: http://gallery.menalto.com/ BID: 16940 CVE: CVE-2006-1127 CVE-2006-1128 OSVDB: 23596 23597 SECUNIA: 19104 PACKETSTORM: 44358 Description: Gallery2, t...

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

CVE-2016-2560

The CVE-2016-2560 issue affects phpMyAdmin series: 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1. The vulnerability consists of multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML through several vectors (crafted H...

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

CVE-2016-2569

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service assertion failure and daemon exit via a long string, as demonstrated by a crafted HTTP Vary header...

FreeBSD : drupal -- multiple vulnerabilities (59a0af97-dbd4-11e5-8fa8-14dae9d210b8)

Drupal Security Team reports : - File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical - Brute force amplification attacks via XML-RPC XML-RPC server - Drupal 6 and 7 - Moderately Critical - Open redirect via path manipulation Base system - Drupal 6, 7...

Drupal Update Fixes 10 Vulnerabilities, One Critical

Developers at Drupal addressed 10 vulnerabilities in the content management system this week, including a critical access bypass issue that could have let users access certain elements thought to be blocked, and another issue that could lead to remote code execution. Through the critical access...

drupal -- multiple vulnerabilities

Drupal Security Team reports: File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical Brute force amplification attacks via XML-RPC XML-RPC server - Drupal 6 and 7 - Moderately Critical Open redirect via path manipulation Base system - Drupal 6, 7 and 8 ...

Mageia: Security Advisory (MGASA-2016-0080)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated nodejs packages fix security vulnerability

A request smuggling vulnerability was found in Node.js that can be exploited under certain unspecified circumstances CVE-2016-2086. It was reported that HTTP header parsing in Node.js is vulnerable to response splitting attacks. While Node.js has been protecting against response splitting attacks...

HTTP header injection using line breaks

More info at https://www.drupal.org/SA-CORE-2016-001...

HTTP header injection using line breaks

More info at https://www.drupal.org/SA-CORE-2016-001...

Paragon Initiative Enterprises: Blind SQL INJ

The test result seems to indicate a vulnerability because the response contains SQL Server errors. This suggests that the test managed to penetrate the application and reach the SQL query itself, by injecting hazardous characters. The following changes were applied to the original request: Added...

nghttp2 -- Out of memory in nghttpd, nghttp, and libnghttp2_asio

Nghttp2 reports: Out of memory in nghttpd, nghttp, and libnghttp2asio applications due to unlimited incoming HTTP header fields. nghttpd, nghttp, and libnghttp2asio applications do not limit the memory usage for the incoming HTTP header field. If peer sends specially crafted HTTP/2 HEADERS frames...