5908 matches found
[SECURITY] DLA-862-1: sitesummary regression update
Package : sitesummary Version : 0.1.8+deb7u2 Debian Bug : 852623 The fix for CVE-2016-8743 in apache2 2.2.22-13+deb7u8 DLA-841-1 caused 852623 in sitesummary, breaking the sitesummary-upload functionality. To address this sitesummary-upload needs to be changed to send CRLF \r\n line endings to be...
Online Malware & URL Analysis: MalSub
Online Malware & URL Analysis malsub is a Python 3.6.x framework that wraps several web services of online malware and URL analysis sites through their RESTful Application Programming Interfaces APIs . It supports submitting files or URLs for analysis, retrieving reports by hash values, domains,...
Apache Tomcat 8.5.7 < 8.5.11 / 9.0.0.M11 < 9.0.0.M17 nextRequest Information Disclosure
Binary data 700007.pasl...
Hikvision NVR Buffer Overflow Vulnerability (CNVD-2017-03883)
The Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 are both hard disk recorders from Hikvision, a Chinese company. A buffer overflow vulnerability exists in the Hikvision NVRs. It allows an attacker to cause a denial of service service interruption via a crafted HTTP request i.e. SDK issue...
IBM WebSphere MQ Multiple Denial of Service Vulnerabilities (Mar 2017)
IBM WebSphere MQ is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery
!-- + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/FTP-VOYAGER-SCHEDULER-CSRF-REMOTE-CMD-EXECUTION.txt + ISR: ApparitionSec Vendor: ============== solarwinds.com www.serv-u.com Product: ==================== FTP Voyager...
[SECURITY] [DLA 841-1] apache2 security update
Package : apache2 Version : 2.2.22-13+deb7u8 CVE ID : CVE-2016-8743 This upload fixes a security vulnerability in the header parsing code. David Dennerline, of IBM Securitys X-Force Researchers, and Régis Leroy discovered problems in the way Apache handled a broad pattern of unusual whitespace...
Automattic: Cross Domain leakage of sensitive information - Leading to Account Takeover at Instagram Brand
Product / URL https://instagram-brand.com/register/reset/?email= Description and Impact After a user clicks on the password reset link obtained in inbox, the page for password resetting functionality opens. If you monitor the HTTP Requests that are done while that page is loaded, you will come to...
Debian DSA-3796-1 : apache2 - security update
Several vulnerabilities were discovered in the Apache2 HTTP server. - CVE-2016-0736 RedTeam Pentesting GmbH discovered that modsessioncrypto was vulnerable to padding oracle attacks, which could allow an attacker to guess the session cookie. - CVE-2016-2161 Maksim Malyutin discovered that malicio...
[SECURITY] [DSA 3796-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3796-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 26, 2017 https://www.debian.org/security/faq -...
EasyCom SQL iPlug Denial Of Service Exploit
EasyCom SQL iPlug suffers from a denial of service vulnerability. + Credits: John Page AKA Hyp3rlinX + Website: hyp3rlinx.altervista.org Vendor: ================ easycom-aura.com Product: =========== SQL iPlug EasycomPHP4.0029.iC8im2.exe SQL iPlug provides System i applications real-time access t...
Design/Logic Flaw
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference : 1998648...
CVE-2016-8986
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference : 1998648...
CVE-2016-8986
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference : 1998648...
EasyCom For PHP 4.0.0 - Denial of Service Exploit
Exploit for windows platform in category dos / poc + Credits: John Page AKA Hyp3rlinX + Website: hyp3rlinx.altervista.org Vendor: ================ easycom-aura.com Product: =========== SQL iPlug EasycomPHP4.0029.iC8im2.exe SQL iPlug provides System i applications real-time access to heterogeneous...
Ubuntu 14.04 LTS : Tomcat vulnerability (USN-3204-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3204-1 advisory. It was discovered that Tomcat incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to cause Tomcat to consume resources,...
USN-3204-1: Tomcat vulnerability
It was discovered that Tomcat incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to cause Tomcat to consume resources, resulting in a denial of service...
Lyst: SSRF at iris.lystit.com
Server Side Request Forgery Host: iris.lystit.com Route: /models Summary This vulnerability allows unauthenticated attacker to make arbitrary server-side HTTP GET requests, e.g. issue HTTP-requests to internal hosts and resources, limitedly scan ports, potentially bypass some restrictions for...
Cisco Prime Collaboration Assurance Directory Listing Unauthorized Access Vulnerability
A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could...
CVE-2017-5168
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a...