ManageEngine Firewall Analyzer runQuery guest user SQL Injection

An SQL injection vulnerability exists in ManageEngine Firewall Analyzer. This vulnerability is due to the use of hardcoded credentials and insufficient validation of request parameters in HTTP requests to the runQuery servlet. By sending crafted requests to an affected server, a remote attacker c...

SolarWinds SRM Profiler SQL Injection (CVE-2016-4350)

An SQL injection vulnerability has been reported in SolarWinds Storage Manager Resource Monitor, Profiler Module. This vulnerability is due to insufficient validation in several parameters when processing HTTP requests. A remote, authenticated attacker could exploit this vulnerability by sending ...

Cisco Web Security Appliance Multiple DoS Vulnerabilities

According to its self-reported version, the Cisco Web Security Appliance WSA running on the remote host is affected by the following vulnerabilities : - A denial of service vulnerability exists in Cisco AsyncOS due to improper validation of packets when parsing HTTP POST requests. An...

CVE-2016-1382

Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance WSA devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service proxy-process reload via a crafted request, aka Bug ID CSCuu02529...

Design/Logic Flaw

Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance WSA devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service proxy-process reload via a crafted request, aka Bug ID CSCuu02529...

IBM Connections File Upload Vulnerability

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A file upload...

Trend Micro Antivirus Password Manager Code Injection

A code injection vulnerability exists in the Trent Micro Password Manager. The vulnerability is due to the Nodejs server incorrectly validating HTTP requests to the "/api/showSB" URI. A remote attacker could exploit this vulnerability by enticing a user to visit a maliciously crafted web page...

Novell Service Desk clientImportUploadForm Directory Traversal (CVE-2016-1593)

A directory traversal vulnerability exists in Novell Service Desk. The vulnerability is due to an input validation error when accepting user uploaded files via the clientImportUploadForm form. A remote authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the...

Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload (CVE-2016-1524; CVE-2016-1525)

An arbitrary file upload vulnerability exists in Netgear ProSafe NMS300. The vulnerability is due to inadequate access control and input validation error when accepting user uploaded files to fileUpload.do control. A remote unauthenticated attacker could exploit this vulnerability by sending...

[SECURITY] [DLA 484-1] graphicsmagick security update

Version : 1.3.16-1.1+deb7u1 CVE ID : CVE-2015-8808 CVE-2016-2317 CVE-2016-2318 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 Debian Bug : 814732 Several security vulnerabilities were discovered in graphicsmagick a tool to manipulate image files. GraphicsMagick is a fork of...

CVE-2016-1801

CVE-2016-1801 affects Apple CFNetwork Proxies in iOS (before 9.3.2), OS X (before 10.11.5), and tvOS (before 9.2.1). The vulnerability is an information leak in the handling of HTTP/HTTPS requests, allowing a privileged network-position attacker to obtain sensitive user data through URL handling....

Oracle GlassFish Server ThemeServlet Directory Traversal

A directory traversal vulnerability exists in Oracle GlassFish Server. The vulnerability is due to insufficient input validation while processing HTTP requests to the /theme/ URI. A remote, unauthenticated attacker can exploit this vulnerability by sending a malicious request to the vulnerable...

DSA-3580-1 imagemagick - security update

Bulletin has no description...

CVE-2016-1670

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resourcedispatcherhostimpl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID...

CVE-2016-1670

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resourcedispatcherhostimpl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID...

Race condition

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resourcedispatcherhostimpl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID...

CVE-2016-1670

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resourcedispatcherhostimpl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID...

CVE-2016-1670

CVE-2016-1670 is a race-condition flaw in Google Chrome (Chromium core) prior to 50.0.2661.102. The issue affects ResourceDispatcherHostImpl::BeginRequest in content/browser/loader/resource_dispatcher_host_impl.cc, where a renderer process could cause the loader to reuse request IDs, enabling a r...

CVE-2016-1670

Removed by vendor...

CVE-2016-1670

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resourcedispatcherhostimpl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID...