5908 matches found
Cisco HyperFlex UI Clickjacking Vulnerability
A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...
Airties AIR5342 1.0.0.18 - Cross-Site Scripting
Airties AIR5342 1.0.0.18 - Cross-Site Scripting Exploit Title: Airties AIR5342 1.0.0.18 - Cross-Site Scripting Date: 25-09-2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.airties.com/ Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 Affected products: AIR534...
Airties AIR5342 1.0.0.18 - Cross-Site Scripting
Exploit Title: Airties AIR5342 1.0.0.18 - Cross-Site Scripting Date: 25-09-2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.airties.com/ Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 Affected products: AIR5342, AIR5343v2, AIR5443v2, AIR5453, AIR5442,...
SubScraper - External Pentest Tool That Performs Subdomain Enumeration Through Various Techniques
SubScraper uses DNS brute force, Google & Bing scraping, and Virus Total to enumerate subdomains without an API. Written in Python3, SubScraper performs HTTPS requests and DNS "A" record lookups during the enumeration process to validate discovered subdomains. This provides further information to...
Debian DLA-1523-1 : asterisk security update
Sean Bright discovered that Asterisk, a PBX and telephony toolkit, contained a stack overflow vulnerability in the reshttpwebsocket.so module that allowed remote attackers to crash Asterisk via specially crafted HTTP requests to upgrade the connection to a websocket. For Debian 8 'Jessie', this...
[SECURITY] [DLA 1523-1] asterisk security update
Package : asterisk Version : 1:11.13.1dfsg-2+deb8u6 CVE ID : CVE-2018-17281 Debian Bug : 909554 Sean Bright discovered that Asterisk, a PBX and telephony toolkit, contained a stack overflow vulnerability in the reshttpwebsocket.so module that allowed remote attackers to crash Asterisk via special...
Cisco IOS XE Software Web UI Denial of Service Vulnerability
A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker...
CVE-2018-1149
cgisystem in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests...
Code injection
cgisystem in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests...
CVE-2018-1149
cgisystem in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests...
CVE-2018-1330
When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a...
CVE-2018-1330
CVE-2018-1330 affects Apache Mesos (libprocess) with versions 1.4.0–1.5.0. The issue stems from parsing a malformed JSON payload and an assertion in chunked HTTP trailer handling, leading to an uncaught exception and a crash. The documented impact is a denial of service that renders Mesos masters...
CVE-2018-16710
CVE-2018-16710 affects OctoPrint 1.3.9 and earlier, where remote attackers can obtain sensitive information or cause a denial of service via HTTP requests on port 8081. The Red Hat and OSV/NVD entries reiterate this issue; vendor notes warn against exposing OctoPrint to the public internet. The a...
CVE-2018-16710
OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the...
U.S. Dept Of Defense: SSRF on ████████
Summary: The web application hosted on the "███████" domain is affected by a Server Side Request Forgery SSRF vulnerability that could allows an attacker to force the application to make requests to arbitrary targets. Description: The affected handler is the "/xmlrpc/pingback/". This handler...
CVE-2018-3909
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...
Amazon Linux 2 : httpd (ALAS-2018-1062)
By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.33. CVE-2018-8011 C Tenable Network Security, Inc. The descriptive text...
CVE-2018-3856
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of...
Command injection
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of...
CVE-2018-3856
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of...