Web Application Vulnerability Scanner: Wapiti

Wapiti allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti act...

Wapiti 3.0.0 - The Web-Application Vulnerability Scanner

Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans it does not study the source code of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets the list of...

Telesquare SKT LTE Router SDT-CS3B1 WebDAV HTTP Methods Arbitrary File Events

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description WebDAV is enabled with directory listing and dangerous HTTP methods allowed: PROPFIND, DELETE, MKCOL, PUT, MOVE, COPY, PROPPATCH, LOCK and UNLOCK. The HTTP PUT metho...

Telesquare SKT LTE Router SDT-CS3B1 WebDAV HTTP Methods Arbitrary File Events

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description WebDAV is enabled with directory listing and dangerous HTTP methods allowed: PROPFIND, DELETE, MKCOL, PUT, MOVE, COPY, PROPPATCH, LOCK and UNLOCK. The HTTP PUT metho...

Inflection: XST(Cross Site Tracing)

Researcher reported that OPTIONS and TRACE HTTP methods are enabled. HTTP configuration best practices are not currently in scope for our HackerOne program, so we closed the report. Researcher requested that we disclose it...

Moderate: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Apache OpenMeetings < 3.3.0 Multiple Vulnerabilities

Apache OpenMeetings is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:openmeetings";...

CVE-2015-0689

Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743...

Design/Logic Flaw

Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743...

CVE-2015-0689

Cisco Cloud Web Security (CWS) prior to version 3.0.1.7 is affected by CVE-2015-0689. The root cause is improper handling of HTTP methods in the connector engine, which allows remote attackers to bypass the product’s filtering protection. The impact is bypass of the intended content filtering (no...

CVE-2015-0689

Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743...

Cross site scripting

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

CVE-2017-12212

Cisco Unity Connection (v10.5(2) with default config) is affected by a reflected cross-site scripting (XSS) vulnerability in its web framework. The issue arises from insufficient input validation on HTTP GET/POST parameters, allowing an unauthenticated, remote attacker to persuade a user to follo...

CVE-2017-12212

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

HTTP Load Generator: hey

hey is a tiny program that sends some load to a web application – ApacheBench ab replacement. hey was originally called boom and was influenced from Tarek Ziade’s tool at tarekziade/boom . Installation go get -u github.com/rakyll/hey Note: Requires go 1.7 or greater. Usage hey runs provided numbe...

CVE-2017-7685

Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH...

Design/Logic Flaw

Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH...

CVE-2017-7685

Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH...

CVE-2017-7685

Apache OpenMeetings 1.0.0 is reported to respond to insecure HTTP methods (PUT, DELETE, HEAD, PATCH). The available connected sources confirm this behavior but do not provide concrete details on root cause, affected versions beyond 1.0.0, exploit scenarios, or remediation steps. No fixes or mitig...