DSA-3069-1 curl - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3069-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CURL-CVE-2014-3707 duphandle read out of bounds

libcurl's function curleasyduphandle has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending. When doing an HTTP POST transfer with libcurl, you can use the CURLOPTCOPYPOSTFIELDS option to specify a memory area holding the data to send to the...

Enalean Tuleap 7.2 - XML External Entity File Disclosure

Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity Injection has been found and confirmed...

Drupal 7.31 version of the explosion a serious SQL injection vulnerability-vulnerability warning-the black bar safety net

This morning a foreign security researchers on Twitter exposed a Drupal 7.31 version of the latestSQL injectionvulnerabilities and gives using a test of the EXP code, small local structures Drupal7. 3 1 environment, tested, found that the use of the code can be successfully executed and the...

SQL Injection in Е2

Advisory ID: HTB23222 Product: Е2 Vendor: Ilya Birman Vulnerable Versions: v2844 and probably prior Tested Version: v2844 Advisory Publication: July 2, 2014 without technical details Vendor Notification: July 2, 2014 Vendor Patch: July 3, 2014 Public Disclosure: July 23, 2014 Vulnerability Type:...

Kolibri WebServer HTTP POST Request Handling Remote Stack Buffer Overflow

Added: 10/10/2014 CVE: CVE-2014-5289 BID: 69263 OSVDB: 110142 Background SENKAS Kolibri Webserver is a free very simple web server for Microsoft Windows that supports serving static web content. Problem Kolibri Webserver is vulnerable to a stack buffer overflow as a result of failure to properly...

Kolibri WebServer HTTP POST Request Handling Remote Stack Buffer Overflow

Added: 10/10/2014 CVE: CVE-2014-5289 BID: 69263 OSVDB: 110142 Background SENKAS Kolibri Webserver is a free very simple web server for Microsoft Windows that supports serving static web content. Problem Kolibri Webserver is vulnerable to a stack buffer overflow as a result of failure to properly...

Kolibri WebServer HTTP POST Request Handling Remote Stack Buffer Overflow

Added: 10/10/2014 CVE: CVE-2014-5289 BID: 69263 OSVDB: 110142 Background SENKAS Kolibri Webserver is a free very simple web server for Microsoft Windows that supports serving static web content. Problem Kolibri Webserver is vulnerable to a stack buffer overflow as a result of failure to properly...

Kolibri WebServer HTTP POST Request Handling Remote Stack Buffer Overflow

Added: 10/10/2014 CVE: CVE-2014-5289 BID: 69263 OSVDB: 110142 Background SENKAS Kolibri Webserver is a free very simple web server for Microsoft Windows that supports serving static web content. Problem Kolibri Webserver is vulnerable to a stack buffer overflow as a result of failure to properly...

USB Disk Free v1.0 iOS - File Include Vulnerability

Document Title: =============== USB Disk Free v1.0 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id= Release Date: ============= 2014-10-10 Vulnerability Laboratory ID VL-ID: ==================================== 1340 Commo...

Wing FTP Server <= 4.3.8 Authenticated Command Execution Vulnerability

Wing FTP Server is prone to an authenticated command execution vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Wing FTP Server Authenticated Command Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote include Msf::Exploit::CmdStager include Msf::Exploit::Remote::HttpClient def...

Wing FTP Server - (Authenticated) Command Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wing FTP Server Authenticated Command Execution', 'Description' = %q This module exploits the embedded Lua interpreter in the admin w...

Wing FTP Server Authenticated Command Execution Exploit

This Metasploit module exploits the embedded Lua interpreter in the admin web interface for versions 4.3.8 and below. When supplying a specially crafted HTTP POST request an attacker can use os.execute to execute arbitrary system commands on the target with SYSTEM privileges. This module requires...

Wing FTP Server Authenticated Command Execution

This module exploits the embedded Lua interpreter in the admin web interface for versions 3.0.0 and above. When supplying a specially crafted HTTP POST request an attacker can use os.execute to execute arbitrary system commands on the target with SYSTEM privileges. This module requires Metasploit...

Wing FTP Server Authenticated Command Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wing FTP Server Authenticated Command Execution', 'Description' = %q This module exploits the embedded Lua interpreter in the admin w...

PhpWiki RCE Vulnerability

PhpWiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rocket Servergraph Admin Center fileRequestor Directory Traversal (CVE-2014-3914)

A code execution vulnerability exists in Rocket Servergraph Admin Center. The vulnerability occurs when making an HTTP POST request to the URI /SGPAdmin/fileRequest with the parameters cmd=writeDataFile, cmd=run, cmd=runClear or cmd=del, which can be present in the Body of the request. A remote...

SlowHTTPTest - Application Layer DoS attack simulator

SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks. It works on majority of Linux platforms, OSX and Cygwin - a Unix-like environment and command-line interface for Microsoft Windows. It implements most common low-bandwidth Application Layer...