CVE-2014-8025

The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP 1 GET or 2 POST response, aka Bug ID CSCus19801...

CVE-2014-8025

The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP 1 GET or 2 POST response, aka Bug ID CSCus19801...

CVE-2014-8024

The API in the Guest Server in Cisco Jabber, when the HTML5 CORS feature is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP 1 GET or 2 POST request, aka Bug ID CSCus19789...

Buffer overflow

Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM...

CVE-2014-7249

Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM...

CVE-2014-7249

CVE-2014-7249 affects Allied Telesis/CentreCOM devices (AR/Router and related switches) with firmware before 2.9.1-21. A buffer overflow occurs when processing HTTP POST requests, enabling remote code execution. Affected products include AR440S/AR441S/AR442S/AR745/AR750S/AR750S-DP, AT-8624POE/2M,...

Flat Calendar 1.1 - HTML Injection

Flat Calendar 1.1 - HTML Injection !/usr/bin/perl -w Title : Flat Calendar v1.1 HTML Injection Exploit Download : http://www.circulargenius.com/flatcalendar/FlatCalendar-v1.1.zip Author : ZoRLu / [email protected] Website : http://milw00rm.com / its online Twitter : https://twitter.com/milw00rm ...

Scarlet Daisy Web CMS Cross Site Scripting

Scarlet Daisy Web CMS / || / / / / /\ /\ \ \ \ | / \ / http://h4x0resec.blogspot.com / \ | \ \ / // / \ / / / / Software info |App. : Scarlet Daisy Web Web Content Management System. |Software: http://www.scarletdaisy.com |Vulnerability Style : Cross Site Scripting |Date : "09.12.2014"...

Device42 DCIM Appliance Manager 'ping' Command Injection Vulnerability

Device42 DCIM Appliance Manager is prone to a command-injection vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[ MDVSA-2014:213 ] curl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:213 http://www.mandriva.com/en/support/security/ Package : curl Date : November 18, 2014 Affected: Business Server 1.0 Problem Description: Updated curl packages fix security vulnerability: Symeon Paraschoud...

Mandriva Linux Security Advisory : curl (MDVSA-2014:213)

Updated curl packages fix security vulnerability : Symeon Paraschoudis discovered that the curleasyduphandle function in cURL has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires...

CVE-2014-3707

The curleasyduphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPTCOPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information...

Updated curl packages fix CVE-2014-3707

Updated curl packages fix security vulnerability: Symeon Paraschoudis discovered that the curleasyduphandle function in cURL has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires...

MGASA-2014-0444 Updated curl packages fix CVE-2014-3707

Updated curl packages fix security vulnerability: Symeon Paraschoudis discovered that the curleasyduphandle function in cURL has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires...

Belkin N750 Router Unauthenticated Remote Command Execution (CVE-2014-1635)

A buffer overflow vulnerability has been reported in Belkin N750 router. The vulnerability is due to improper input validation in the router's Web interface. A remote attacker could exploit this vulnerability by sending a malicious HTTP POST request to the victim. Successful exploitation of this...

Debian DSA-3069-1 : curl - security update

Symeon Paraschoudis discovered that the curleasyduphandle function in cURL, an URL transfer library, has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires CURLOPTCOPYPOSTFIELDS and...

[SECURITY] [DLA 84-1] curl security update

Package : curl Version : 7.21.0-2.1+squeeze10 CVE ID : CVE-2014-3707 Symeon Paraschoudis discovered that the curleasyduphandle function in cURL, an URL transfer library, has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a...

DLA-84-1 curl - security update

Bulletin has no description...

[SECURITY] [DSA 3069-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3069-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 07, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3069-1 (curl - security update)

Symeon Paraschoudis discovered that the curleasyduphandle function in cURL, an URL transfer library, has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires CURLOPTCOPYPOSTFIELDS and...