[SECURITY] [DLA 211-1] curl security update

Package : curl Version : 7.21.0-2.1+squeeze12 CVE ID : CVE-2015-3143 CVE-2015-3148 Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2015-3143 NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests bein...

DLA-211-1 curl - security update

Bulletin has no description...

DSA-3232-1 curl - security update

Bulletin has no description...

CVE-2015-3330

The phphandler function in sapi/apache2handler/sapiapache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via pipelined HTTP...

MS15-034: Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553) (uncredentialed check)

The version of Windows running on the remote host is affected by an integer overflow condition in the HTTP protocol stack HTTP.sys due to improper parsing of crafted HTTP requests. An unauthenticated, remote attacker can exploit this to execute arbitrary code with System privileges. C Tenable...

SolarWinds Orion GetAccountGroups Multiple SQL Injections (CVE-2014-9566)

Multiple SQL injection vulnerabilities have been reported in SolarWinds products. These vulnerabilities are due to insufficient validation of certain parameters when processed by GetAccountGroups. Remote attackers could exploit this vulnerability by sending HTTP requests with a crafted dir or sor...

WordPress MiwoFTP 1.0.5 CSRF / Cross Site Scripting

WordPress MiwoFTP Plugin 1.0.5 Multiple CSRF XSS Vulnerabilities Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5 Summary: MiwoFTP is a smart, fast and lightweight file manager plugin that operates from the back-end of WordPress. Desc: MiwoFTP WP Plugin...

Remote code execution

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."...

WordPress Plugin MiwoFTP 1.0.5 - Multiple Cross-Site Request Forgery Cross-Site Scripting Vulnerabilities

WordPress Plugin MiwoFTP 1.0.5 - Multiple Cross-Site Request Forgery Cross-Site Scripting Vulnerabilities WordPress MiwoFTP Plugin 1.0.5 Multiple CSRF XSS Vulnerabilities Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5 Summary: MiwoFTP is a smart, fast and...

New SMB Flaw Affects All Versions of Windows

There is a serious vulnerability in all supported versions of Windows that can allow an attacker who has control of some portion of a victim’s network traffic to steal users’ credentials for valuable services. The bug is related to the way that Windows and other software handles some HTTP request...

Multiple SolarWinds Orion GetAccounts SQL Injections (CVE-2014-9566)

Multiple SQL injection vulnerabilities have been reported in SolarWinds products. These vulnerabilities are due to insufficient validation of certain parameters when processed by GetAccounts. Remote attackers could exploit this vulnerability by sending HTTP requests with a crafted dir or sort...

CVE-2015-0251

The moddavsvn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences...

DEBIAN-CVE-2015-0251

The moddavsvn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences...

Torshammer Denial of Service Tool

Torshammer is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...

CVE-2015-0994

Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests...

Design/Logic Flaw

Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests...

Kemp Load Master 7.1.16 - Multiple Vulnerabilities

Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities. Exploit Title: Kemp Load Master - Multiple Vulnerabilities RCE, CSRF, XSS, DoS Date: 01 April 2015 Author: Roberto Suggi Liverani Software Link:...

[SECURITY] Fedora 21 Update: python-requests-2.5.3-2.fc21

Most existing Python modules for sending HTTP requests are extremely verbos e and cumbersome. Python=E2=80=99s built-in urllib2 module provides most of the H TTP capabilities you should need, but the API is thoroughly broken. This librar y is designed to make HTTP requests easy for developers...

Log forging vulnerability

It is possible to fake log entries in FishEye/Crucible logs, by sending specially crafted http requests containing a newline character. For example going to the url /changelog/asd%0AFake%20log%20entry will cause the following to be logged: code 2015-03-24 09:59:09,564 INFO qtp1610928748-315 fishe...

Log forging vulnerability

It is possible to fake log entries in FishEye/Crucible logs, by sending specially crafted http requests containing a newline character. For example going to the url /changelog/asd%0AFake%20log%20entry will cause the following to be logged: code 2015-03-24 09:59:09,564 INFO qtp1610928748-315 fishe...