ManageEngine Multiple Products WsDiscoveryServlet Directory Traversal (CVE-2014-5302)

A directory traversal vulnerability exists in ManageEngine ServiceDesk Plus, AssetExplorer and IT360. The vulnerability is due to lack of authentication and insufficient input validation on the "computerName" parameter sent in HTTP requests to the WsDiscoveryServlet. A remote unauthenticated...

CVE-2014-8027

The RBAC component in Cisco Secure Access Control System ACS allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034...

Design/Logic Flaw

The RBAC component in Cisco Secure Access Control System ACS allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034...

CVE-2014-8027

CVE-2014-8027 affects Cisco Secure Access Control System (ACS) RBAC, where improper privilege validation allows an authenticated, remote attacker to perform Create/Read/Update/Delete on Network Identity Groups via crafted HTTP requests, escalating to Network Device Administrator privileges. The i...

CVE-2014-8027

The RBAC component in Cisco Secure Access Control System ACS allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034...

Wifiphisher Wi-Fi Hacking Tool Automates Wi-Fi Phishing

A new Wi-Fi attack tool has been made available on GitHub that automates phishing attacks over WPA networks, putting credentials and other supposedly secret data at risk. The tool, called wifiphisher, jams Wi-Fi access points with deauthentication packets and then mimics the target access point...

ManageEngine NetFlow Analyzer And IT360 Multiple servlets Arbitrary File Download (CVE-2014-5445)

An arbitrary file download vulnerability exists in ManageEngine Netflow Analyzer and IT360. The vulnerability is due to lack of authentication and insufficient input validation of the schFilePath parameter sent to servlets in HTTP requests. A remote unauthenticated attacker can download arbitrary...

ManageEngine NetFlow Analyzer And IT360 DisplayChartPDF Directory Traversal (CVE-2014-5446)

A directory traversal vulnerability exists in ManageEngine Netflow Analyzer and IT360. The vulnerability is due to lack of authentication and insufficient input validation on the filename parameter sent to the DisplayChartPDF servlet in HTTP requests. A remote unauthenticated attacker can downloa...

CVE-2014-3629: Apache Qpid's qpidd can be induced to make http requests

Apache Software Foundation - Security Advisory Apache Qpid's qpidd can be induced to make http requests CVE-2014-3629 CVS: 3 Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Qpid's qpidd up to and including version 0.30, where xml exchange module is loaded Descriptio...

MGASA-2014-0493 Updated wordpress package fixes security vulnerabilities

XSS in wptexturize via comments or posts, exploitable for unauthenticated users CVE-2014-9031. XSS in media playlists CVE-2014-9032. CSRF in the password reset process CVE-2014-9033. Denial of service for giant passwords. The phpass library by Solar Designer was used in both projects without...

Snowfox CMS 1.0 Cross Site Request Forgery

input type="hidden" name="userGroups...

CVE-2014-2681

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

CVE-2014-2681

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

CVE-2014-2681

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

Apache HTTPD mod_proxy_ajp Denial Of Service (CVE-2011-3348)

A denial of service vulnerability has been identified in Apache httpd. The vulnerability is due to an error while processing crafted HTTP requests by modproxyajp when used with modproxybalancer. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP...

CVE-2014-8652

Elipse E3 3.x and earlier allows remote attackers to cause a denial of service application crash and plant outage via a rapid series of HTTP requests to index.html on TCP port 1681...

Code injection

Elipse E3 3.x and earlier allows remote attackers to cause a denial of service application crash and plant outage via a rapid series of HTTP requests to index.html on TCP port 1681...

CVE-2014-8652

Elipse E3 3.x and earlier allows remote attackers to cause a denial of service application crash and plant outage via a rapid series of HTTP requests to index.html on TCP port 1681...

CVE-2014-8652

Elipse E3 3.x and earlier is affected by CVE-2014-8652. The issue allows remote attackers to cause a denial of service (application crash and plant outage) by sending a rapid series of HTTP requests to index.html on TCP port 1681. The Exploit/Malware entries corroborate a Windows-based PoC/DoS te...

CVE-2014-2177

The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126...