5907 matches found
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2016:1421 An update for httpd is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score,...
CVE-2016-5387
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
The vulnerability of the microprogramming software of Cisco RV130W, Cisco RV215W, and Cisco RV110W routers allows a hacker to cause service failures.
The vulnerability of the web interface configuration of microprogramming software for Cisco RV130W, Cisco RV215W, and Cisco RV110W stems from buffer overflow attacks. Exploiting this vulnerability allows a malicious actor to trigger a service failure device reboot by using specially crafted...
CVE-2016-5097
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading 1 HTTP requests or 2 server logs...
CVE-2016-5097
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading 1 HTTP requests or 2 server logs...
CVE-2016-5097
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading 1 HTTP requests or 2 server logs...
CVE-2016-5097
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading 1 HTTP requests or 2 server logs...
Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability
A vulnerability in the application programming interface API of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to access and control the API resources. The vulnerability is due to improper input validation of HTTP...
Cisco Prime Infrastructure and Evolved Programmable Network Manager Authenticated Remote Code Execution Vulnerability
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to upload arbitrary files and execute commands as the prime web user. The prime web user does not have the full privileges of root...
sNews CMS 1.7.1 CSRF / Cross Site Scripting / Code Execution
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt + ISR: APPARITIONSEC Vendor: ============ snewscms.com Product: ================ sNews CMS v1.7.1 Vulnerability Type: =================================== Persistent...
Nagios XI Incident Manager Integration Component SQL Injection
A SQL injection vulnerability has been reported in the Nagios Incident Manager IM integration component of Nagios XI. The vulnerability is due to insufficient parameter validation when processing HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a special...
Oracle Application Testing Suite Authentication Bypass (CVE-2016-0492)
An authentication bypass vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests. A remote attacker can exploit this vulnerability by sending crafted request to the vulnerable server...
Hyperoptic (Tilgin) Router HG23xx CSRF / Cross Site Scripting
Hyperoptic Tilgin Router HG23xx Multiple XSS And CSRF Vulnerabilities Vendor: Hyperoptic Ltd. | Tilgin AB Product web page: http://www.hyperoptic.com http://www.tilgin.com Affected version: HG2330, HG2302 and HG2301 Summary: Tilgin's HG23xx family of products offers a flexible and high capacity...
Oracle Application Testing Suite ActionServlet Authentication Bypass (CVE-2016-0487)
An authentication bypass vulnerability has been reported in the Oracle Application Testing Suite. The vulnerability is due to insufficient input validation by the ActionServlet servlet when processing HTTP requests. A remote, unauthenticated attacker could exploit this vulnerability by sending a...
Drale DBTableViewer 100123 - Blind SQL Injection
Drale DBTableViewer v100123 - Blind SQL Injection Exploit Title: drale DBTableViewer - SQL InjectionBlind/Error Base Date: 2016-06-08 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://drale.com/ Software Link:...
Drale DBTableViewer 100123 - Blind SQL Injection
Drale DBTableViewer 100123 - Blind SQL Injection Drale DBTableViewer v100123 - Blind SQL Injection Exploit Title: drale DBTableViewer - SQL InjectionBlind/Error Base Date: 2016-06-08 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://drale.com/ Software Link:...
Centreon 'POST' Parameter Multiple Vulnerabilities
Centreon is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:centreon:centreon"; ifdescription...
CVE-2016-3088
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request...
AjaxExplorer 1.10.3.2 - Multiple Vulnerabilities
Exploit for php platform in category web applications + Credits: hyp3rlinx + ISR: apparitionsec Vendor: ========== sourceforge.net smsid download linx: sourceforge.net/projects/ajax-explorer/files/ Product: ======================= AjaxExplorer v1.10.3.2 Manage server files through simple windows...
squid security update
CentOS Errata and Security Advisory CESA-2016:1138 An update for squid is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...