5907 matches found
CVE-2014-8474
CA Cloud Service Management CSM before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity reference...
Xxe
CA Cloud Service Management CSM before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity reference...
CVE-2014-8474
CA Cloud Service Management CSM before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity reference...
NAT-PMP Security Vulnerability Affects 1.2M Routers
Vulnerabilities in embedded devices, in particular small office and home office routers, have been relentless. Another serious issue was discovered this week that affects more than 1.2 million such devices due to improper NAT-PMP protocol implementations, most of which run counter to the...
Hastymail2 call_user_func_array() Command Injection (CVE-2011-4542)
A command injection vulnerability exists in Hastymail 2.1.1. The vulnerability is due to improper sanitization of special elements used in a request to the server. Remote attacker can exploit this vulnerability by sending malicious HTTP requests to the target server...
ManageEngine Multiple Products multipartRequest Directory Traversal (CVE-2014-6036)
A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation on parameters sent to "/servlets/multipartRequest" in HTTP requests. A remote unauthenticated attacker can delete...
[SECURITY] [DLA 58-2] apt regression fix
Package : apt Version : 0.8.10.3+squeeze6 CVE ID : CVE-2014-6273 This update fixes a regression introduced in 0.8.10.3+squeeze5 where apt would send invalid HTTP requests when sending If-Range queries. Thanks to Steven McDonald who reported1 the regression and to Michael Vogt for having uploaded ...
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload (CVE-2014-5005)
An arbitrary file upload vulnerability exists in ManageEngine Desktop Central. The vulnerability is due to lack of authentication and insufficient input validation of the parameters sent to the StatusUpdate page when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary...
ManageEngine Desktop Central mdmLogUploader Directory Traversal (CVE-2014-5006)
A directory traversal vulnerability has been reported in ManageEngine Desktop Central. The vulnerability is due to lack of authentication and insufficient input validation in the mdmLogUploader when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrar...
ManageEngine Multiple Products FileCollector doPost Directory Traversal (CVE-2014-6034)
A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation on parameters sent to "/servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector" in HTTP requests...
Amazon Linux AMI : tomcat6 (ALAS-2014-344)
It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this fla...
Localize: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
Go to http://www.localize.im/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 This effectively makes it a security issue since it allows an attacker to scan for a specific vulnerable module and then exploit it...
Information disclosure
The SSL VPN implementation in Cisco Adaptive Security Appliance ASA Software 9.2.2.4 and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs, and...
Trying to hack Redis via HTTP requests-vulnerability warning-the black bar safety net
0x01 scenario We assume that there is a SSRF vulnerability or a misconfigured proxy server, so that the attacker via HTTP requests to directly access the Redis service. In the above assumptions of the two cases, ask us for the HTTP request to access at least one line is fully controllable, this...
Re: [oss-security] CVE-2014-6271: remote code execution through bash
Florian Weimer: Chet Ramey, the GNU bash upstream maintainer, will soon release official upstream patches. http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/bash30-017 http://ftp.gnu.org/pub/gnu/bash/bash-3.1-patches/bash31-018 http://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052...
Bash Environment Variable Command Execution
Date: Wed, 24 Sep 2014 17:03:19 +0200 From: Florian Weimer To: [email protected] Subject: Re: CVE-2014-6271: remote code execution through bash Florian Weimer: Chet Ramey, the GNU bash upstream maintainer, will soon release official upstream patches...
[SECURITY] Fedora 21 Update: haproxy-1.5.4-1.fc21
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...
HP Network Virtualization toServerObject Directory Traversal (CVE-2014-2626)
A directory traversal vulnerability exists in HP Network Virtualization software. The vulnerability is due to insufficient input validation of user parameters passed to "toServerObject" method. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to...
CVE-2014-1830
Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...
Progea Movicon < 11.2 Build 1086 Multiple Vulnerabilities
Binary data 7142.pasl...