CVE-2016-0706

CVE-2016-0706 affects Apache Tomcat. Root cause: StatusManagerServlet not on RestrictedServlets.properties, enabling remote authenticated users to bypass SecurityManager and read arbitrary HTTP requests, potentially exposing session IDs. Affected versions include Tomcat 6.x before 6.0.45, 7.x bef...

Apache Tomcat Security Manager Bypass Vulnerability - 01 (Feb 2016) - Windows

Apache Tomcat is prone to a security manager bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"...

Imgur: SSRF and local file read in video to gif converter

Video to gif converter on http://imgur.com/vidgif uses Lavf/55.48.100 with network options enabled. It makes possible SSRF by uploading specially crafted playlist. For example we can use mp4 file http://yngwie.ru/1.mp4 EXTM3U EXT-X-MEDIA-SEQUENCE:0 EXTINF:10.0, http://yngwie.ru/2.mp4 EXT-X-ENDLIS...

dotDefender Firewall 5.00.12865/5.13-13282 - Cross-Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DOT-DEFENDER-CSRF.txt Vendor: ================== www.applicure.com Product: ===================== dotDefender Firewall Versions: 5.00.12865 / 5.13-13282 dotDefender is a Web application...

dotDefender Firewall 5.00.12865 / 5.13-13282 - Cross-Site Request Forgery

Exploit for php platform in category web applications + Credits: hyp3rlinx Vendor: ================== www.applicure.com Product: ===================== dotDefender Firewall Versions: 5.00.12865 / 5.13-13282 dotDefender is a Web application firewall WAF for preventing hacking attacks like XSS, SQL...

Apple CUPS Web Interface URL Handling Cross-Site Scripting - ver 2 (CVE-2014-2856; CVE-2015-1159)

A Cross-Site Scripting vulnerability exists in the Apple CUPS Web Interface. The vulnerability is due to insufficient input validation while handling HTTP requests. A remote attacker can exploit this vulnerability by enticing a user to click on a link containing script code in the URL...

Cisco Small Business 500 Series Switches Denial of Service Vulnerability

A vulnerability in the web-based GUI of the Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient handling of HTTP requests. An attacker...

Debian DLA-403-1 : radicale security update

Several issues have been discovered by Unrud in Radicale, a calendar and addressbook server. A remote attacker could exploit these vulnerabilities and call arbitrary functions by sending crafted HTTP requests. CVE-2015-8748 Prevent regex injection in rights management. Prevent crafted HTTP reques...

openSUSE Security Update : libxml2 (openSUSE-2016-68)

This update for libxml2 fixes the following security issue : - CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application bsc960674 This update was imported fr...

Dnstwist - Domain Name Permutation Engine For Detecting Typo Squatting, Phishing And Corporate Espionage

See what sort of trouble users can get in trying to type your domain name. Find similar-looking domains that adversaries can use to attack you. Can detect typosquatters, phishing attacks, fraud and corporate espionage. Useful as an additional source of targeted threat intelligence. The idea is...

SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2016:0178-1)

This update for libxml2 fixes the following security issue : - CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application bsc960674 Note that Tenable Network...

Intel Driver Update Utility 2.2.0.5 Man-In-The-Middle

Advisory Information Title: Intel Driver Update Utility MiTM Advisory ID: CORE-2016-0001 Advisory URL: http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm Date published: 2016-01-19 Date of last update: 2016-01-14 Vendors contacted: Intel Release mode: Coordinated release 2...

UBUNTU-CVE-2015-8027

Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service uncaughtException and service outage via a pipelined HTTP request...

Reprise License Manager diagnostics_doit Directory Traversal

A path traversal vulnerability exists in the Reprise License Manager due to insufficient input validation while processing HTTP requests. A remote unauthenticated attacker can leverage this vulnerability by sending crafted HTTP requests to the target system. Successful exploitation would allow an...

ownCloud: XXE at host vpn.owncloud.com

Improper XML parser configuration provide attacker to read arbitrary files and make HTTP requests from server side. Exploit example is listed below: POST /user/login HTTP/1.1 Host: 144.76.105.208 Accept: / Content-type: application/xml Accept-Language: en User-Agent: Mozilla/5.0 compatible; MSIE...

Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution

''' Simple PoC for Joomla Object Injection. Gary @ Sec-1 ltd http://www.sec-1.com/ ''' import requests easyinstall requests def geturlurl, useragent: headers = 'User-Agent': useragent cookies = requests.geturl,headers=headers.cookies for in range3: response = requests.geturl,...

RESTful - Less Critical - Access bypass - SA-CONTRIB-2015-167

RESTful module allows Drupal to be operated via RESTful HTTP requests, using best practices for security, performance, and usability. The module doesn't sufficiently validate some user input. Specific code could be run arbitrarily by an attacker in certain circumstances. This vulnerability is...

Log forging vulnerability

It is possible to fake log entries in FishEye/Crucible logs, by sending specially crafted http requests containing a newline character. For example going to the url /changelog/asd%0AFake%20log%20entry will cause the following to be logged: code 2015-03-24 09:59:09,564 INFO qtp1610928748-315 fishe...

Log forging vulnerability

It is possible to fake log entries in FishEye/Crucible logs, by sending specially crafted http requests containing a newline character. For example going to the url /changelog/asd%0AFake%20log%20entry will cause the following to be logged: code 2015-03-24 09:59:09,564 INFO qtp1610928748-315 fishe...

Security Advisory - VCN500 SQL Injection Vulnerability

The operation and maintenance unit OMU of Huawei VCN500 Video Cloud Node does not validate parameters of received HTTP requests, which allows an attacker to launch the SQL injection attack against VCN500 by sending manually crafted packets. Vulnerability ID: HWPSIRT-2015-09016 This vulnerability...