CVE-2016-1380

Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service proxy-process hang via a crafted HTTP POST request, aka Bug ID CSCuo12171...

Cisco fixes high-risk network security equipment vulnerability-vulnerability warning-the black bar safety net

! These defects can be specially crafted HTTP request to use to cause a denial of service condition The Cisco system had been repaired four denial of service vulnerability these vulnerabilities can be exploited by attackers to cause network security devices to stop properly handle network traffic...

Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability

A vulnerability that occurs when parsing an HTTP POST request with Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS vulnerability due to the proxy process becoming unresponsive. The vulnerability is due to a lack o...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in its Web Security Appliance software. Exploitation of these vulnerabilities could cause a denial-of-service-condition on an affected system. Users and administrators are encouraged to review the following Cisco Security Advisories a...

Palo Alto PAN-OS Unauthenticated Buffer Overflow (PAN-SA-2016-0005) - Active Check

When a PAN-OS device is configured as a GlobalProtect portal, a vulnerability exists where an improper handling of a buffer involved in the processing of SSL VPN requests can result in device crash and possible remote code execution RCE. SPDX-FileCopyrightText: 2016 Greenbone AG Some text...

The vulnerability of the Cisco Evolved Programmable Network Manager, a software tool for managing network services, and the Cisco Prime Infrastructure, a software tool for managing network lifecycles, allows a perpetrator to execute arbitrary code.

The vulnerabilities of the Cisco Evolved Programmable Network Manager and the Cisco Prime Infrastructure network lifecycle management software exist due to insufficient verification of input data. Exploiting these vulnerabilities allows a malicious actor to execute arbitrary code using specially...

AirOS 6.x - Arbitrary File Upload

Exploit for cgi platform in category web applications EDB-Note Source: https://hackerone.com/reports/73480 Vulnerability It's possible to overwrite any file and create new ones on AirMax systems, because the "php2" maybe because of a patch don't verify the "filename" value of a POST request. It's...

AirOS 6.x Arbitrary File Upload

Vulnerability It's possible to overwrite any file and create new ones on AirMax systems, because the "php2" maybe because of a patch don't verify the "filename" value of a POST request. It's possible to a unauthenticated user to exploit this vulnerability. Example Consider the following request:...

AirOS 6.x - Arbitrary File Upload

EDB-Note Source: https://hackerone.com/reports/73480 Vulnerability It's possible to overwrite any file and create new ones on AirMax systems, because the "php2" maybe because of a patch don't verify the "filename" value of a POST request. It's possible to a unauthenticated user to exploit this...

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Arbitrary Code Execution Vulnerabilities

Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM are both products of the U.S. Cisco Cisco.PI is a set of solutions for wireless management through Cisco Prime LAN Management Solution LMS and Cisco Prime Network Control System NCS technologies; EPNM is a network...

DNN (DotNetNuke) < 8.0.1 Multiple Vulnerabilities

The version of DNN Platform formerly DotNetNuke running on the remote host is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists due to improper validation of input to the 'returnurl' query string parameter before returning it to users. A remote attacker can...

Cisco ACE 4710 Device Manager GUI Remote Command Injection Vulnerability (cisco-sa-20160224-ace)

The Cisco Application Control Engine ACE software installed on the remote Cisco ACE 4710 device is an A5 version prior to A53.0. It is, therefore, affected by a remote command injection vulnerability in the device manager GUI due to improper validation of user-supplied input in HTTP POST requests...

Cisco ACE 4710 Application Control Engine Command Injection Vulnerability

A vulnerability in the Device Manager GUI of the Cisco ACE 4710 Application Control Engine could allow an authenticated, remote attacker to execute any command-line interface CLI command on the ACE with admin user privileges. The vulnerability is due to insufficient validation of user-supplied...

[SECURITY] Fedora 22 Update: mingw-curl-7.47.0-1.fc22

cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL offers many useful capabilities, like proxy support, user authentication, F...

Cisco Small Business 500 Series Wireless Access Point Configuration Modification Vulnerability

A vulnerability in the web interface that is used to update the system time on Cisco Small Business 500 Series Wireless Access Point devices could allow an unauthenticated, remote attacker to impact the integrity of a system. The vulnerability is due to insufficient validation of user-controlled...

[SECURITY] [DLA 392-1] roundcube security update

Package : roundcube Version : 0.3.1-6+deb6u1 CVE ID : CVE-2015-8770 High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in a popular webmail client Roundcube. Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to...

roundcubemail: remote code execution

High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in Roundcube. Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to execute arbitrary code and totally compromise the vulnerable server. The vulnerability exists du...

Symantec Endpoint Protection Manager Java Object Deserialization RCE (SYM15-011)

The remote Symantec Endpoint Protection Manager server is affected by a remote command execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sending a crafted...

bitrix.mpbuilder Bitrix 1.0.10 Local File Inclusion

Advisory ID: HTB23281 Product: bitrix.mpbuilder Bitrix module Vendor: www.1c-bitrix.ru Vulnerable Versions: 1.0.10 and probably prior Tested Version: 1.0.10 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Vendor Patch: November 25, 2015...

Potential Command Injection

Overview When the ffprobe functionality is enabled on the server, HTTP POST requests can be made to /probe. These requests are passed to the ffprobe binary on the server. Through this HTTP endpoint it is possible to send a malformed source file name to ffprobe that results in arbitrary command...