Reprise License Manager edit_lf_get_data Directory Traversal

A directory traversal vulnerability exists in the Reprise License Manager. The vulnerability is due to insufficient input validation while processing HTTP requests to the editlfgetdata operation. A remote authenticated attacker can leverage this vulnerability by sending crafted HTTP requests to t...

phpFileManager cmd Parameter Command Execution

A remote command execution vulnerability exists in phpFileManager. The vulnerability is due to a design weakness when handling HTTP requests with "action" parameter set to 6 or 9. A remote user can exploit this vulnerability by injecting arbitrary command in the "cmd" parameter...

Endian Firewall Proxy Password Change Command Execution (CVE-2015-5082)

A command injection vulnerability has been reported in Endian Firewall. The vulnerability is due to an input validation error in a CGI script. A remote, authenticated attacker can exploit this vulnerability by sending crafted HTTP requests to the target. Successful exploitation could lead to remo...

Code injection

Cisco Email Security Appliance ESA 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service file-descriptor consumption and device reload via crafted HTTP requests, aka Bug ID CSCuw32211...

CVE-2015-6309

Cisco Email Security Appliance ESA 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service file-descriptor consumption and device reload via crafted HTTP requests, aka Bug ID CSCuw32211...

Imgur: Crossdomain.xml settings on api.imgur.com too open

The crossdomain.xml file hosted at http://api.imgur.com/crossdomain.xml was too open. This allowed SWF files to make HTTP requests and see it's response. If this was not changed, then attacker.com can embed a SWF on attacker.com/example.html that makes an HTTP request to http://api.imgur.com/. Th...

Avira Management Console Server HTTP Header Processing Heap Buffer Overflow

A heap buffer overflow vulnerability has been reported in Avira Management Console Server. The vulnerability exists in the way Update Manager Service handles overly long HTTP headers. A remote unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the server...

CVE-2015-6463

CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via a longtag XML schema containing an external entity declaration in...

Xxe

CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via a longtag XML schema containing an external entity declaration in...

CVE-2015-6463

CVE-2015-6463 concerns CodeWrights HART Comm DTM components used with Endress+Hauser FieldCare. The vulnerability arises from processing a longtag XML schema containing an external entity declaration and an entity reference (XXE), enabling a remote attacker to read arbitrary files, issue HTTP req...

CVE-2015-6463

CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via a longtag XML schema containing an external entity declaration in...

Mango Automation 2.6.0 SQL Query Cross Site Request Forgery

Mango Automation 2.6.0 CSRF Arbitrary SQL Query Execution Vendor: Infinite Automation Systems Inc. Product web page: http://www.infiniteautomation.com/ Affected version: 2.5.2 and 2.6.0 beta build 327 Summary: Mango Automation is a flexible SCADA, HMI And Automation software application that allo...

SAP HANA hdbxsengine JSON - DoS

Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://www.sap.com Bugs: DoS Reported: 28.09.2015 Vendor response: 29.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2241978 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: DoS Impact:...

Mango Automation 2.6.0 CSRF Arbitrary SQL Query Execution

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application allows users ...

Centreon 2.6.1 CSRF Add Admin Exploit

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The application allows users to perform certain actions via HTTP requests without performing any validity chec...

The vulnerability of the microprogramming software of the Cisco TelePresence Video Communication Server allows a intruder to execute arbitrary commands on the operating system.

The vulnerability of the Microprogrammed Software of the Cisco TelePresence Video Communication Server exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands using a specially crafted HTTP reques...

CVE-2015-6288

Cisco Content Security Management Appliance SMA 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service rapid log-file rollover and application fault via crafted HTTP requests, aka Bug ID CSCuw09620...

Code injection

Cisco Content Security Management Appliance SMA 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service rapid log-file rollover and application fault via crafted HTTP requests, aka Bug ID CSCuw09620...

CVE-2015-6288

Cisco Content Security Management Appliance SMA 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service rapid log-file rollover and application fault via crafted HTTP requests, aka Bug ID CSCuw09620...

CVE-2015-6288

CVE-2015-6288 affects Cisco Content Security Management Appliance (SMA) 7.8.0-000. The issue is a web-interface vulnerability where insufficient validation of credentials for incoming HTTP requests allows unauthenticated remote attackers to trigger a denial-of-service via rapid log-file rollover,...