ModSecurity < 2.7.0 Multipart Request Parsing Filter Bypass

According to its banner, the version of ModSecurity installed on the remote host is earlier than 2.7.0. It is, therefore, potentially affected by a security bypass vulnerability. An error exists related to HTTP POST requests and 'Content-Disposition' headers containing extra lines that could allo...

FileCOPA 7.01 Denial Of Service

!/usr/bin/python Exploit Title: FileCOPA V7.01 HTTP POST Denial Of Service Date: 2013/7/1 Exploit Author: Chako Vendor Homepage: http://www.filecopa.com/ Software Download Link: http://www.filecopa.com/download.php Version: V7.01 Tested on: Windows 7 SP1 English import socket import sys PAYLOAD =...

ModSecurity < 2.1.1 POST Data Null Byte Filter Bypass

According to its banner, the version of ModSecurity installed on the remote host is earlier than 2.1.1. It is, therefore, potentially affected by a security bypass vulnerability. An error exists related to HTTP POST requests and 'application/x-www-form-urlencoded' content containing un-encoded NU...

Web Servers HTTP POST Denial of Service

A denial of service vulnerability has been reported in multiple web servers...

Updated php-geshi package fix security vulnerabilities

A directory traversal and information disclosure local file inclusion flaws were found in the cssgen contrib module application to generate custom CSS files of GeSHi, a generic syntax highlighter, performed sanitization of 'geshi-path' and 'geshi-lang-path' HTTP GET / POST variables. A remote...

[SECURITY] Fedora 17 Update: curl-7.24.0-9.fc17

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Gallery Server Pro File Upload Filter Bypass Vulnerability

Gallery Server Pro suffers from a file upload filter bypass vulnerability. , , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / / .-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Gallery Server Pro File Upload Filter Bypass Vendor Link:...

[SECURITY] Fedora 18 Update: curl-7.27.0-9.fc18

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Multiple Vulnerabilities in D-Link DSL-320B

Device: DSL-320B Firmware Version: EUDSL-320B v1.23 date: 28.12.2010 Vendor URL: http://www.dlink.com/de/de/home-solutions/connect/modems-and-gateways/dsl-320b-adsl-2-ethernet-modem ============ Vulnerability Overview: ============ Access to the Config file without authentication = full...

MinaliC Webserver 2.0.0 Buffer Overflow Vulnerability

MinaliC Webserver version 2.0.0 buffer overflow exploit that binds a shell to port 4444. Works on Windows Server 2003 SP3 only. !/usr/bin/env python Title : MinaliC Webserver 2.0.0 Post Method Remote Command Execution Works for Windows Server 2003 sp2 Only Date: 12 Apr 2013 Exploit Author: Antoni...

Vanilla Forums 2.0.18.4 SQL Injection

Product Name: Vanilla Forums Vulnerable Version: Up to vanilla-core-2-0-18-4 Tested on: Windows Server 2003 Apache 2.4.3 PHP 5.4.7 MySQL 5.5.27 Vulnerability Overview: SQL-Injection is possible, because$POST arrays are not proper sanitized. You do not need to be authenticated. Vulnerability...

Vanilla Forums 2-0-18-4 - SQL-Injection Vulnerability

SQL-Injection is possible, because$POST arrays are not proper sanitized. You do not need to be authenticated. To insert an arbitrary user, a sample HTTP-Post Request looks as follows: POST /PATH/vanilla/entry/signin HTTP/1.1 Host: HOST User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64; rv:19.0...

Italian team discoveries flaw in Ruzzle protocol, serious menace to privacy

We are in digital era, everything is connected to the large networks and applications benefit of even more complex devices that deeply interact with owner, in this scenario security requirements assume a crucial importance and security of overall architecture also depend on security of single...

CVE-2013-2686

main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which...

Design/Logic Flaw

main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which...

CVE-2013-2686

main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which...

Fedora Update for curl FEDORA-2013-2098

Check for the Version of curl OpenVAS Vulnerability Test Fedora Update for curl FEDORA-2013-2098 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

RHEL 4 / 5 : jbossas (RHSA-2011:1309)

Updated jbossas packages that fix one security issue are now available for JBoss Enterprise Application Platform 4.2.0.CP09 for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVS...

RHEL 4 / 5 : jbossws-common (RHSA-2011:1306)

An updated jbossws-common package that fixes one security issue is now available for JBoss Enterprise Application Platform 4.3 for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System...

RHEL 4 / 5 / 6 : jbossws-common (RHSA-2011:1301)

An updated jbossws-common package that fixes one security issue is now available for JBoss Enterprise Application Platform 5.1.1 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring...