The vulnerability of the server operating system OS X Server, which allows a perpetrator to obtain confidential configuration information

The vulnerability of the Web Server component in the OS X Server operating system arises from an improper restriction on access to the .DSStore and .htaccess files. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain confidential configuration information through...

Amazon Linux AMI : tomcat6 (ALAS-2016-681)

A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application in a getResource, getResourceAsStream, or...

MOBOTIX Video Security Cameras - Cross-Site Request Forgery (Add Admin)

Add admin user Testingus: ---...

MOBOTIX Video Security Cameras - Cross-Site Request Forgery (Add Admin)

Exploit for hardware platform in category web applications !-- MOBOTIX Video Security Cameras CSRF Add Admin Exploit Vendor: MOBOTIX AG Product web page: https://www.mobotix.com Affected version: Model: D22M-Secure, HW: T2r1.1.AA, 520 MHz, 128 MByte RAM, SW: MX-V3.5.2.23.r3 Model: Q24M-Secure, HW...

MOBOTIX Video Security Cameras Cross Site Request Forgery

Add admin user Testingus: ------------------------- fo...

MOBOTIX Video Security Cameras CSRF Add Admin Exploit

Summary MOBOTIX is a German System Manufacturer of Professional Video Management VMS and Smart IP Cameras. These cameras support all standard features of MOBOTIX IP cameras like automatic object detection, messaging via network and onboard or network recording. The dual lens thermal system suppor...

Medium: tomcat7

Issue Overview: ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt...

[SECURITY] Fedora 22 Update: php-pecl-http-2.5.6-1.fc22

The HTTP extension aims to provide a convenient and powerful set of functionality for major applications. The HTTP extension eases handling of HTTP URLs, dates, redirects, headers and messages in a HTTP context both incoming and outgoing. It also provid es means for client negotiation of preferre...

Multiple CCTV-DVR Vendors - Remote Code Execution

!/usr/bin/python Blog post: http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html ''' Vendors List Ademco ATS Alarmes technolgy and ststems Area1Protection Avio Black Hawk Security Capture China security systems Cocktail Service Cpsecured CP PLUS Digital Eye'z no website...

XOOPS 2.5.7.2 - Directory Traversal Bypass

XOOPS 2.5.7.2 - Directory Traversal Bypass + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/XOOPS-DIRECTORY-TRAVERSAL.txt Vendor: ============= xoops.org Product: ================ Xoops 2.5.7.2 Vulnerability Type:...

Xoops 2.5.7.2 - Directory Traversal Bypass

Exploit for php platform in category web applications + Credits: John Page aka hyp3rlinx Vendor: ============= xoops.org Product: ================ Xoops 2.5.7.2 Vulnerability Type: =========================== Directory Traversal Bypass Vulnerability Details: ===================== Xoops 2.5.7.2 ha...

AnonStress Denial Of Service Tool

AnonStress is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...

Apache Tomcat Web Manager Scanning Attempt

Remote attackers can send HTTP requests as a method of scanning for Apache Tomcat servers, in order to later exploit vulnerabilities in these servers to compromise the server's security...

PHP Proxy Server Scanning Attempt

Remote attackers can send HTTP requests as a method of scanning for the existence of specific proxy servers with known vulnerabilities, in order to later exploit these vulnerabilities to compromise the server's security...

http-apache-server-status NSE Script

Attempts to retrieve the server-status page for Apache webservers that have modstatus enabled. If the server-status page exists and appears to be from modstatus the script will parse useful information such as the system uptime, Apache version and recent HTTP requests. References: Script Argument...

Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability

A vulnerability in the web-based administration interface of Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA could allow an unauthenticated, remote attacker to cause the device to become unresponsive and restart, creating a denial of service DoS condition. The...

MyBB < 1.6.17 Multiple Vulnerabilities

Binary data 9123.prm...

CVE-2016-0706

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended...

CVE-2016-0706

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended...

CVE-2016-0706

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended...