CVE-2016-1670

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resourcedispatcherhostimpl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID...

Amazon Linux AMI : ImageMagick (ALAS-2016-699) (ImageTragick)

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...

Cisco Finesse Server-Side Request Forgery Vulnerability

Cisco Finesse is a set of call center management software from the U.S. company Cisco Cisco. The software enhances call center service quality, improves customer experience, and increases agent satisfaction. A server-side request forgery vulnerability exists in Cisco Finesse, which stems from the...

Oracle ATS DownloadServlet scriptName Directory Traversal (CVE-2016-0478)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/olt/download" URI with parameter scriptName. A remote unauthenticated attacker can exploit this vulnerability by...

Oracle Application Testing Suite DownloadServlet file Directory Traversal (CVE-2016-0482)

A directory traversal vulnerability exists in Oracle Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with the "file" parameter. A remote unauthenticated attacker can exploit this vulnerability by sendin...

Cisco IOS Software SSL VPN Denial of Service Vulnerability (cisco-sa-20140326-ios-sslvpn)

A vulnerability in the Secure Sockets Layer SSL VPN subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

Oracle Application Testing Suite DownloadServlet scriptPath Directory Traversal (CVE-2016-0484)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter scriptPath. A remote, unauthenticated attacker can exploit this vulnerability by...

Oracle ATS DownloadServlet exportFileName Directory Traversal (CVE-2016-0486)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter exportFileName. A remote unauthenticated attacker can exploit this vulnerability by...

Oracle ATS DownloadServlet scheduleReportName Directory Traversal (CVE-2016-0481)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter scheduleReportName. A remote unauthenticated attacker can exploit this vulnerability...

Oracle ATS DownloadServlet TMAPReportImage Directory Traversal (CVE-2016-0480)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter TMAPReportImage. A remote unauthenticated attacker can exploit this vulnerability by...

Oracle Application Testing Suite DownloadServlet scenario Directory Traversal (CVE-2016-0477)

A directory traversal vulnerability exists in the in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/olt/download" URI. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious...

Cisco Wireless LAN Controller Denial of Service Vulnerability (CNVD-2016-02517)

The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. A denial of service vulnerability in the Bonjour Task Manager for Cisco Wireless LAN Controller WLC Software allows remote attackers ...

The vulnerability of the Cisco Evolved Programmable Network Manager and the Cisco Prime Infrastructure network lifecycle management software allows attackers to circumvent existing RBAC restrictions and increase their privileges.

The vulnerability of the Cisco Evolved Programmable Network Manager and the Cisco Prime Infrastructure network lifecycle management software is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing RBAC restrictions and increase their...

Gateway Edge Service: Zuul

Zuul is a gateway service that provides dynamic routing, monitoring, resiliency, security, and more. Zuul is the front door for all requests from devices and web sites to the backend of the Netflix streaming application. As an edge service application, Zuul is built to enable dynamic routing,...

Hikvision Digital Video Recorder - Cross-Site Request Forgery

3tes2ttest2b...

Hikvision Digital Video Recorder - Cross-Site Request Forgery

Hikvision Digital Video Recorder - Cross-Site Request Forgery 3tes2ttest2password...

Hikvision Digital Video Recorder Cross-Site Request Forgery

Summary Hikvision is the global leader of video surveillance products and solutions, manufactures a wide range of top-quality, reliable, and professional solutions. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity chec...

CVE-2015-6313

Cisco TelePresence Server 4.12.29 through 4.24.17 on 7010; Mobility Services Engine MSE 8710; Multiparty Media 310, 320, and 820; and Virtual Machine VM devices allows remote attackers to cause a denial of service memory consumption or device reload via crafted HTTP requests that are not followed...

Code injection

Cisco TelePresence Server 4.12.29 through 4.24.17 on 7010; Mobility Services Engine MSE 8710; Multiparty Media 310, 320, and 820; and Virtual Machine VM devices allows remote attackers to cause a denial of service memory consumption or device reload via crafted HTTP requests that are not followed...

CVE-2015-6313

Cisco TelePresence Server 4.12.29 through 4.24.17 on 7010; Mobility Services Engine MSE 8710; Multiparty Media 310, 320, and 820; and Virtual Machine VM devices allows remote attackers to cause a denial of service memory consumption or device reload via crafted HTTP requests that are not followed...