Nagios Network Analyzer Report Generator Command Injection

A command injection vulnerability exists in Nagios Network Analyzer. The vulnerability is due to improper validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability by sending maliciously crafted HTTP requests to the target server. Successful exploitation...

Micro Focus NetIQ Sentinel Server SentinelContext Authentication Bypass (CVE-2016-1605)

The vulnerability is due to a flaw in SentinelContext Java class that allows a user to retrieve a valid authentication cookie from the vulnerable server by providing "admin" user name in an HTTP request. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP...

Code injection

Cisco AsyncOS through 9.5.0-444 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service link saturation by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219...

Micro Focus NetIQ Sentinel Server ReportViewServlet Directory Traversal (CVE-2016-1605)

The vulnerability is due to insufficient validation of fileName parameter within the ReportViewServlet servlet. A remote, authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation allows the attacker to read the content ...

CVE-2016-1469

The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service device outage via a series of malformed HTTP requests, aka Bug ID CSCut67385...

CVE-2016-1469

The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service device outage via a series of malformed HTTP requests, aka Bug ID CSCut67385...

Cisco Small Business 220 Series Smart Plus Switches Web Interface Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business 220 Series Smart Plus Sx220 Switches could allow an unauthenticated, remote attacker to cause the web-based management interface of an affected device to stop responding, resulting in a partial denial of service DoS...

ZKTeco ZKBioSecurity 3.0 - Cross-Site Request Forgery (Add Superadmin)

Exploit for jsp platform in category web applications !-- ZKTeco ZKBioSecurity 3.0 CSRF Add Superadmin Exploit Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel:...

Legal Robot: CORS (Cross-Origin Resource Sharing)

Title: CORS Cross-Origin Resource Sharing Category: Others Affected URL: https://app.legalrobot.com/sockjs/info?cb=pcgb37npst Description: The application implements an HTML5 cross-origin resource sharing CORS policy for this request which allows access from any domain. Allowing access from all...

SimplePHPQuiz - Blind SQL Injection

Exploit for php platform in category web applications Exploit Title: SimplePHPQuiz - Blind SQL Injection Date: 2016-08-23 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/valokafor/SimplePHPQuiz Software Link:...

CVE-2016-6330

The server in Red Hat JBoss Operations Network JON, when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an...

Command injection

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance ASA Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute...

CVE-2016-1457

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance ASA Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute...

CVE-2016-1458

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance ASA Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before...

CVE-2016-1457

The CVE-2016-1457 issue affects Cisco Firepower Management Center (FMC) 4.x–5.x before 5.3.1.2 and 5.4.x before 5.4.0.1, and Cisco ASA 5500-X Series with FirePOWER Services in the same ranges. A remote authenticated user can execute arbitrary root commands by sending crafted HTTP requests due to ...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.3 Service Pack 1 security update

Updated packages that provide Red Hat JBoss Web Server 3.0.3 Service Pack 1 and fixes two security issues and a bug with ajp processors are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

Cisco Firepower Management Center Remote Command Execution Vulnerability

A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance ASA 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability is due...

Cisco Firepower Management Center Privilege Escalation Vulnerability

A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance ASA 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device. The vulnerability is due to...

Cisco Firepower Management Center Remote Command Execution Vulnerability

A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance ASA 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability is due...

Scientific Linux Security Update : php on SL7.x x86_64 (20160811) (httpoxy)

Security Fixes : - It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker- controlled proxy via a malicious HTTP request. CVE-2016-5385 Bug Fix...