5907 matches found
Cisco Prime Data Center Network Manager DownloadServlet Information Disclosure (CVE-2013-5487)
An information disclosure vulnerability exists in Cisco Prime Data Center Network Manager. The vulnerability is due to lack of authentication and insufficient input validation in DownloadServlet when processing HTTP requests. A remote unauthenticated attacker can download arbitrary files from...
Symantec Endpoint Protection Manager XML External Entity Denial Of Service (CVE-2013-5014)
A XML external entity XXE vulnerability exists in Symantec Endpoint Protection Manager SEPM. This is due to an incorrectly configured XML parser in the management console that readily processes XML external entities. A remote unauthenticated attacker may exploit this vulnerability via specially...
SEC Consult SA-20140228-1 :: Authentication bypass (SSRF) and local file disclosure in Plex Media Server
SEC Consult Vulnerability Lab Security Advisory 20140228-1 ======================================================================= title: Authentication bypass SSRF and local file disclosure product: Plex Media Server vulnerable version: =0.9.9.2.374-aa23a69 fixed version: =0.9.9.3 impact: Critic...
Design/Logic Flaw
core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information vi...
Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities
Summary This is a light weight CRM which simplifies process of managing staff, client and projects. Description Multiple stored XSS and CSRF vulnerabilities exist when parsing user input to several POST parameters. The application allows users to perform certain actions via HTTP requests without...
NetGear DGN2200 N300 Wireless Router Multiple Vulnerabilities (Feb 2014) - Active Check
NetGear DGN2200 N300 Wireless Routers are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2014-0253
CVE-2014-0253 affects multiple .NET Framework versions (1.1 SP1, 2.0 SP2, 3.5/3.5.1, 4, 4.5, 4.5.1). The issue is improper handling of TCP connection states, allowing a remote attacker to cause a denial of service by sending crafted HTTP requests that trigger persistent resource consumption, resu...
VulnCheck KEV: CVE-2014-0253
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service ASP.NET daemon hang via crafted HTTP requests that trigger persistent resource consumption for a 1 stale or...
CVE-2014-1699
Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service monitoring-service outage via malformed HTTP requests to port 4999...
Code injection
Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service monitoring-service outage via malformed HTTP requests to port 4999...
CVE-2014-1699
CVE-2014-1699 affects Siemens SIMATIC WinCC OA before version 3.12 P002 January. The vulnerability resides in the integrated Web server on port 4999/TCP and stems from improper input validation, allowing remote attackers to trigger a denial of service (monitoring-service outage) by sending malfor...
CVE-2014-1699
Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service monitoring-service outage via malformed HTTP requests to port 4999...
CVE-2014-1664
The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file...
Authentication flaw
The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file...
CVE-2014-1664
The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file...
[Netsparker v3.2] Web Application Security Scanner
Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker. It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting XSS, Remote Code Executi...
CVE-2013-0340
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
Xxe
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
Xxe
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...
CVE-2013-0340
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...