5908 matches found
Input validation
A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that are sent to the web...
CVE-2018-0196
A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that are sent to the web...
Important: Red Hat Security Advisory: ceph security update
An update for ceph is now available for Red Hat Ceph Storage 3.0 for Ubuntu 16.04. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Design/Logic Flaw
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs...
CVE-2018-8065
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs...
CVE-2018-8065
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs...
CVE-2018-8065
CVE-2018-8065 affects Flexense SyncBreeze Enterprise 10.6.24 and earlier, where the web server component (syncbrs.exe) is vulnerable to a user‑mode write access memory violation triggered by sending requests with long HTTP headers or long URIs. The issue enables a Denial of Service condition, wit...
F5 Networks BIG-IP : Apache Tomcat 6.x vulnerability (K18174924)
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended...
Ubuntu 14.04 LTS / 16.04 LTS : Twisted vulnerability (USN-3585-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3585-1 advisory. It was discovered that Twisted incorrectly handled certain HTTP requests. An attacker could possibly use this issue to execute arbitrary code. Tenable...
USN-3585-1 twisted vulnerability
It was discovered that Twisted incorrectly handled certain HTTP requests. An attacker could possibly use this issue to execute arbitrary code...
CVE-2018-7048
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service memory consumption via a crafted HTTP request...
MGASA-2018-0147 Updated cups packages fix security vulnerability
Updated cups packages fix security vulnerability: Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could...
Updated cups packages fix security vulnerability
Updated cups packages fix security vulnerability: Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could...
Oracle Database Attacking Tool: ODAT
ODAT Oracle Database Attacking Tool is an open source penetration testing tool that tests the security of Oracle Databases remotely . Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a...
Ubuntu 14.04 LTS / 16.04 LTS : CUPS vulnerability (USN-3577-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3577-1 advisory. Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to localhost.localdomain from the loopback interface. If a user were...
Sql injection
Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests tha...
CVE-2017-15329
Huawei UMA Product vulnerability CVE-2017-15329 is a SQL injection in the operation and maintenance module of UMA V200R001C00 due to insufficient input validation of HTTP requests. An attacker authenticated as a regular user can send crafted requests to execute arbitrary SQL queries. Public refer...
TypeSetter CMS 5.1 - Cross-Site Request Forgery
TypeSetter CMS 5.1 - Cross-Site Request Forgery Exploit Title: TypeSetter CMS 5.1 Cross Site Request Forgery Date: 10-02-2018 Exploit Author: Navina Asrani Contact: https://twitter.com/NavinaSanjay Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.typesettercms.com/...
TypeSetter CMS 5.1 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: TypeSetter CMS 5.1 Cross Site Request Forgery Date: 10-02-2018 Exploit Author: Navina Asrani Contact: https://twitter.com/NavinaSanjay Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.typesettercms.com...
TypeSetter CMS 5.1 - Cross-Site Request Forgery
Exploit Title: TypeSetter CMS 5.1 Cross Site Request Forgery Date: 10-02-2018 Exploit Author: Navina Asrani Contact: https://twitter.com/NavinaSanjay Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.typesettercms.com/ Version: 5.1 CVE : NA Category: Webapp CMS 1...