5907 matches found
Cisco TelePresence Video Communication Server Expressway Command Execution Vulnerability
A vulnerability in the web framework of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to execute commands on the underlying operating system. The vulnerability is due to improper authorization of read-only users. An attacker could...
Medium: httpd
Issue Overview: Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly...
WebUI mainfile.php Arbitrary Command Injection
An arbitrary command injection vulnerability exists in WebUI. The vulnerability is due to insufficient validation of multiple parameters in "mainfile.php" when handling HTTP requests. A remote, authenticated attacker can exploit this vulnerability by sending maliciously crafted input to the...
CVE-2015-5386
Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests...
Authentication flaw
Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests...
CVE-2015-5386
Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests...
ArticleFR 3.0.6 - Multiple Vulnerabilities
ArticleFR 3.0.6 - Multiple Vulnerabilities ArticleFR 3.0.6 CSRF Add Admin Exploit Vendor: Free Reprintables Product web page: http://www.freereprintables.com Affected version: 3.0.6 Summary: A lightweight fully featured content article / video management system. Comes with a pluginable and...
ArticleFR 3.0.6 - Multiple Vulnerabilities
ArticleFR 3.0.6 CSRF Add Admin Exploit Vendor: Free Reprintables Product web page: http://www.freereprintables.com Affected version: 3.0.6 Summary: A lightweight fully featured content article / video management system. Comes with a pluginable and multiple module framework system. Desc: The...
ArticleFR 3.0.6 CSRF Add Admin Exploit
Summary A lightweight fully featured content article / video management system. Comes with a pluginable and multiple module framework system. Description The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This c...
iBall 150M Wireless-N ADSL2+ Router Authentication Bypass
Exploit Title: iBall 150M Wireless-N ADSL2+ Router Authentication Bypass and Vulnerability Date: 23\04\2015 Submitter: Gem George Vendor: iBall Tested product:iBall 150M Wireless-N ADSL2+ Router, firmware version 1.00 Tested Product URL:...
EUVD-2015-3376
The phphandler function in sapi/apache2handler/sapiapache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via pipelined HTTP...
Websense Triton 7.8.3/7.7 Source Code Disclosure Vulnerability
Websense Triton is prone to a source code disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
ManageEngine AssetExplorer Multiple Vulnerabilities
ManageEngine AssetExplorer is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache Struts Remote Command Execution - Ver2 (CVE-2013-2251)
A code execution vulnerability exists in Apache Struts Object-Graph Navigation Language OGNL expressions. The vulnerability is due to the failure of DefaultActionMapper to sanitize input following "action:", "redirect:" or "redirectAction:" expressions leading to code injection. A remote attacker...
PHP 5.4.x < 5.4.41 Multiple Vulnerabilities
According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.41. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. CVE-2015-2325, CVE-2015-2326 - A flaw in the pharparsetarfile function in ext/phar/tar.c could...
ManageEngine Multiple Products Multiple Directory Traversal (CVE-2014-7866)
A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation in HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by uploading arbitrary files to...
[SECURITY] Fedora 20 Update: async-http-client-1.7.22-2.fc20
Async Http Client library purpose is to allow Java applications to easily execute HTTP requests and asynchronously process the HTTP responses. The Async HTTP Client library is simple to use...
Elasticsearch vulnerability CVE-2015-3337
Summary: All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch. This vulnerability is not present in the initial installation of Elasticsearch. The vulnerability is exposed...
Web Application Security Scanner Framework: Arachni
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public and available for review. It is multi-platform, supporting all major operating...
Debian DLA-211-1 : curl security update
Several vulnerabilities were discovered in cURL, an URL transfer library : CVE-2015-3143 NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. This is similar to t...