Moderate: Red Hat Security Advisory: tomcat6 security update

Updated tomcat6 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Sixnet Sixview 2.4.1 - Web Console Directory Traversal

Exploit Title: Sixnet sixview web console directory traversal Date: 2014-04-21 Exploit Author: daniel svartman Vendor Homepage: www.sixnet.com Software Link: Not available, hardware piece - appliance Version: 2.4.1 Tested on: Sixnet Sixview web console Linux based appliance CVE : 2014-2976 PoV,...

Design/Logic Flaw

Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service web-interface outage via crafted HTTP requests to port 1 4999 or 2 80...

CVE-2014-2733

Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service web-interface outage via crafted HTTP requests to port 1 4999 or 2 80...

CVE-2014-2286

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service stack consumption and possibly execute arbitrary code via an...

OTRS Help Desk Multiple Vulnerabilities

OTRS Help Desk is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:otrs:otrs"; if description...

EMC CMCNE FileUploadController Information Disclosure (CVE-2014-2276)

An information disclosure vulnerability has been reported in EMC Connectrix Manager Converged Network Edition. The vulnerability is due to insufficient input validation in the FileUploadController servlet when processing certain HTTP requests. A remote unauthenticated attacker can exploit this...

MediaWiki < 1.19.14 / 1.21.8 / 1.22.5 ChangePassword XSRF

According to its version number, the instance of MediaWiki running on the remote host is affected by a cross-site request forgery vulnerability. A flaw exists with Special:ChangePassword within the includes/specials/SpecialChangePassword.php script where HTTP requests do not require explicit...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.2 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.2 and fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact...

Anonymous DoSer Denial of Service Tool

Anonymous DoSer is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...

HULK Denial of Service Tool

Hulk is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...

CVE-2014-2112

The SSL VPN aka WebVPN feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service memory consumption via crafted HTTP requests, aka Bug ID CSCuf51357...

Code injection

The SSL VPN aka WebVPN feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service memory consumption via crafted HTTP requests, aka Bug ID CSCuf51357...

GoldenEye Denial of Service Tool

GoldenEye is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...

Cisco IOS Software SSL VPN Denial of Service Vulnerability

A vulnerability in the Secure Sockets Layer SSL VPN subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a failure to process certain types of HTTP requests. To exploit the vulnerability, an attacke...

innoEDIT 6.2 RCE Vulnerability - Active Check

innoEDIT is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

WordPress Pingback Distributed Denial of Service

The XMLRPC Pingback function in WordPress can be used to force WordPress servers into sending HTTP requests to other servers. Remote attackers can leverage this function to conduct DDoS attacks by sending specially crafted HTTP requests to legitimate WordPress servers...

Updated lighttpd package fixes security vulnerabilities

SQL injection vulnerability in lighttpd before 1.4.35 when modmysqlvhost is in use, due to insufficient validation of hostnames in HTTP requests CVE-2014-2323. Possible path traversal vulnerabilities in lighttpd before 1.4.35 when either modevhost or modsimplevhost are in use, due to insufficient...

osCMax 2.5 - Cross-Site Request Forgery

osCMax 2.5 - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/66272/info osCmax is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions...

osCMax 2.5 - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/66272/info osCmax is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks...