FireFlood Denial of Service Tool

FireFlood is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive. Note: This protection is supported from version R75.40VS and above and cannot be enforc...

Jays Shell Booter Denial of Service Tool

Jays Shell Booter is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive. Note: This protection is supported from version R75.40VS and above and cannot b...

AWStats Plugin Multiple Remote Command Execution (CVE-2005-0363)

A command execution vulnerability has been reported in AWStats. The vulnerability is due to failing of AWStats CGI script to properly sanitize user provided parameters. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the target system...

WordPress 3.7 < 3.7.5 / 3.8 < 3.8.5 / 3.9 < 3.9.3 / 4.x < 4.0.1 Multiple Vulnerabilities

Binary data 8584.prm...

Dell ScriptLogic Asset Manager SQL Injection remote code execution (CVE-2015-1605)

A remote code execution vulnerability has been reported in Dell ScriptLogic Asset Manager. The vulnerability is due to insufficient input validation while processing requests to GetProcessedPackage.aspx or GetClientPackage.aspx, this enables attacker to inject SQL code. A remote attacker can...

HP Universal CMDB JMX Console Authentication Bypass (CVE-2014-7883)

An authentication bypass vulnerability exists in HP Universal CMDB. The vulnerability is in the JMX Console web application. The vulnerability is due to a design weakness in processing HTTP requests that are neither GET nor POST. A remote unauthenticated attacker can exploit this vulnerability by...

ManageEngine Multiple Products FailOverHelperServlet copyfile Information Disclosure (CVE-2014-7863)

An information disclosure vulnerability exists in ManageEngine OpManager, Applications Manager and IT360. The vulnerability is due to lack of authentication and insufficient input validation of the a parameter sent to FailOverHelperServlet in HTTP requests. A remote unauthenticated attacker can...

Jetty HttpParser Error Remote Memory Disclosure

The remote instance of Jetty is affected by a remote memory disclosure vulnerability in the HttpParser module due to incorrect handling of illegal characters in header values. When an illegal character is encountered in an HTTP request, Jetty writes a response in a shared buffer that was used in ...

Amazon Fire TV YouTube Remote Control

This module acts as a simple remote control for the Amazon Fire TV's YouTube app. Tested on the Amazon Fire TV Stick. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Amazon Fire TV YouTube Remo...

Cisco Adaptive Security Appliance WebVPN Embedded Web Server Denial of Service Vulnerability

A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to force the ASA to stop accepting new SSL connections. The vulnerability is due to a memory leak in the WebVPN embedded web server. An attacker could exploit this...

CVE-2015-0619

Memory leak in the embedded web server in the WebVPN subsystem in Cisco Adaptive Security Appliance ASA Software allows remote attackers to cause a denial of service memory consumption and SSL outage via multiple crafted HTTP requests, aka Bug ID CSCue05458...

Command injection

The web framework on Cisco Unified IP 9900 phones with firmware 9.4.1 and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424...

Cisco Unified IP Phone 9900 Series Arbitrary File Upload Vulnerability

A vulnerability in the web framework of Cisco Unified IP Phone 9900 Series could allow an unauthenticated, remote attacker to upload arbitrary files to the phone. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafte...

CVE-2014-8839

Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL...

Ubuntu: Security Advisory (USN-2474-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service reboot via malformed HTTP requests...

CVE-2014-8478

The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service reboot via malformed HTTP requests...

Apache Traffic Server HTTP TRACE Request Remote DoS Vulnerability

Apache Traffic Server is prone to a remote denial of service DoS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ManageEngine Multiple Products File Attachment Directory Traversal (CVE-2014-5301)

A directory traversal vulnerability exists in ManageEngine ServiceDesk Plus, AssetExplorer, SupportCenter and IT360. The vulnerability is due to insufficient input validation of the "module" parameter sent in HTTP requests to the server. A remote authenticated attacker can upload or delete...

Ubuntu 14.04 LTS : curl vulnerability (USN-2474-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2474-1 advisory. Andrey Labunets discovered that curl incorrectly handled certain URLs when using a proxy server. If a user or automated system were tricked into using a specially...