[OWASP HTTP Post Tool] DoS Apache Webserver Attack

This Tutorials shows, how you can easily take out an Apache Webserver with one HTTP POST Tool using a std. slow DSL Connection. This is NO Slowloris Attack! Limitations of HTTP GET DDOS attack: - Does not work on IIS web servers or web servers with timeout limits for HTTP headers. - Easily...

'Sanny' Malware Targeting Russian Space, IT, Telecom Industries

Attackers, purportedly hailing from Korea, have been targeting individuals in Russia’s aerospace, IT, education and telecommunication industries with hopes of extracting their passwords and credentials. According to a post on FireEye’s Malware Intelligence Lab by researchers Alex Lanstein and Ali...

Clipbucket 2.6 Revision 738 - Multiple SQL Injections

Clipbucket 2.6 Revision 738 - Multiple SQL Injections Advisory ID: HTB23125 Product: ClipBucket Vendor: clip-bucket.com Vulnerable Versions: 2.6 Revision 738 and probably prior Tested Version: 2.6 Revision 738 Vendor Notification: November 7, 2012 Vendor Patch: November 28, 2012 Public Disclosure...

Multiple SQL Injection vulnerabilities in ClipBucket

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in ClipBucket, which can be exploited to perform SQL Injection attacks. 1 Multiple SQL Injections in ClipBucket: CVE-2012-5849 1.1 The vulnerability exists due to improper sanitation of input in multiple parameters within...

Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability

Cisco Unified MeetingPlace Web Conferencing contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a SQL injection attack. The vulnerability is due to insufficient validation of user-supplied input to an HTTP POST method. An unauthenticated, remote attacker could...

Ubuntu 11.04 / 11.10 / 12.04 LTS / 12.10 : python3.2 vulnerabilities (USN-1615-1)

It was discovered that Python distutils contained a race condition when creating the /.pypirc file. A local attacker could exploit this to obtain sensitive information. CVE-2011-4944 It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A...

Cross site request forgery (csrf)

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor...

CVE-2012-3459

CVE-2012-3459 affects Cumin (as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0). The vulnerability arises when remote authenticated users send crafted additional parameters in an HTTP POST, triggering a Condor job attribute change request and potentially enabling privilege esc...

SAP NetWeaver Management Console (gSOAP) - Partial HTTP POST requests DoS

Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1986725 Author: Igor Ilyin, Alexey...

Thomson Wireless VoIP Cable Modem - Authentication Bypass

Thomson Wireless VoIP Cable Modem - Authentication Bypass Exploit Title: Thomson Wireless VoIP Cable Modem Auth Bypass Date: February 22, 2011 Authors: Glafkos Charalambous, George Nicolaou Product: TWG850-4 Wireless VoIP Cable Modem Software Version: ST9A.01.06 Severity: High Other...

Netsweeper WebAdmin Portal CSRF / XSS / SQL Injection

Exploit Title: Netsweeper WebAdmin Portal CSRF, Reflective XSS, and SQL Injection "The later"\ Date: Discovered and reported CSRF and XSS 4/2012 and "The later" 7/2012\ Author: Jacob Holcomb/Gimppy042\ Software Link: Netsweeper Inc. - Netsweeper Internet Filter www.netsweeper.com\ CVE :...

ASP-DEv XM Forums RC 3 SQL Injection

. \ || \ \ \ / \ /\ \ |/ \ | / \ | | / | Y Y / \ | \ \ /|| |||| / /| / / / / / Exploit Title: ASP-DEv XM Forums RC 3 Remote Post Sql Injection Vulnerability Google Dork: Intext:"Powered by ASP-DEv XM Forums RC 3" Date: 08/29/2012 Author: Crim3R Site : Http://Ajaxtm.com/ Download Link :...

Magento eCommerce - Local File Disclosure

Magento eCommerce - Local File Disclosure SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local file disclosure via XXE injection product: Magento eCommerce Platform Enterprise & Community Edition vulnerable version:...

CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability

Severity: important Vendor: The Apache Software Foundation Versions Affected: Roller 4.0.0 to Roller 4.0.1 Roller 5.0 The unsupported Roller 3.1 release is also affected Description: HTTP POST interfaces in the Roller admin/editor console were not protected from CSRF attacks. This issue has been...

RedHat Update for ruby RHSA-2012:0069-01

Check for the Version of ruby OpenVAS Vulnerability Test RedHat Update for ruby RHSA-2012:0069-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

CVE-2012-2380

Multiple cross-site request forgery CSRF vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality...

Cisco Scientific Atlanta D20 and D30 Based Cable Modem Cross-Site Scripting Vulnerability

Cisco Scientific Atlanta cable modems D20 and D30 based products contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient sanitization of user-supplied input to the web wizard setup web page. An...

Wordpress Plugins - Carousel slideshow Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Oracle Weblogic Apache Connector POST Request Buffer Overflow

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...