Practico 13.9 - Multiple Vulnerabilities

Practico 13.9 Multiple Vulnerabilities Vendor: Practico Product web page: http://www.codigoabierto.org Affected version: 13.9 Summary: Practico is a free CMS software project released under license GNU GPL v2.0 for creating web applications in a completely visual and fast fashion. Without...

DoS Vulnerability (fixed in Node v0.8.26 and v0.10.21)

DoS Vulnerability fixed in Node v0.8.26 and v0.10.21 Node.js is vulnerable to a denial of service attack when a client sends many pipelined HTTP requests on a single connection, and the client does not read the responses from the connection. We recommend that anyone using Node.js v0.8 or v0.10 to...

Xxe

Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity referenc...

Fortinet FortiAnalyzer - Cross-Site Request Forgery

Fortinet FortiAnalyzer - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/63663/info FortiAnalyzer is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain...

Fortinet FortiAnalyzer - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/63663/info FortiAnalyzer is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions in the context of...

[Firefox] убираем кодирование кавычек в URL | Firefox URL quote encoding patch

See next post for English description! Патч призван устранить кодирование кавычек ',", в HTTP запросах. Начиная с версии 3.0 коммит, Firefox стал урл-кодировать одинарную кавычку ' в %27. Данное поведение нередко может помешать обнаружить SQL инъекцию в веб-приложениях, например, при участии...

Upgrade Attack

Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, HTTP requests ar...

Upgrade Attack

Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, HTTP requests ar...

Design/Logic Flaw

Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 allows remote attackers to cause a denial of service memory consumption and dropped connections via a recursive href in an HTML page, which triggers a large number of HTTP RW pipeline pre-fetch requests...

ymlp.com validated-email grabber from online newsletter company

Obtains email addresses from subscribers to mailinglists of clients of ymlp.com. This is 73 lines of proof-of-concept-Java 7 source code 1 file that does 10 http requests to ymlp.com to obtain one email-address. The emailaddress is printed to stdout along with logging information. This is repeate...

Amazon Linux AMI : httpd (ALAS-2013-193)

Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the...

Amazon Linux AMI : httpd24 (ALAS-2013-194)

Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the...

[CookieCatcher] Session Hijacking Tool

CookieCatcher is an open source application which was created to assist in the exploitation of XSS Cross Site Scripting vulnerabilities within web applications to steal user session IDs aka Session Hijacking. The use of this application is purely educational and should not be used without proper...

AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities

Multiple vulnerabilities have been found in AVTECH AVN801 DVR and potentially other devices sharing the affected firmware that could allow a remote attacker to exploit multiple buffer overflows resulting in arbitrary code execution or bypass CAPTCHA functionality for logging into the administrati...

DeWeS 0.4.2 - Directory Traversal Vulnerability

Exploit for windows platform in category web applications High-Tech Bridge Security Research Lab discovered path traversal vulnerability in DeWeS web server that is supplied in package with Twilight CMS Windows version, which can be exploited to read arbitrary files on vulnerable system. 1 Path...

Twilight CMS DeWeS Web Server <= 0.4.2 Directory Traversal Vulnerability - Active Check

Twilight CMS with DeWeS Web Server is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Xxe

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

CVE-2013-4701

The CVE-2013-4701 issue affects the PHP OpenID Library up to version 2.2.2 and earlier, where Auth/Yadis/XML.php processes XRDS data containing an external entity declaration. This XXE flaw enables a remote attacker to read arbitrary files, make HTTP requests to internal/intranet hosts, or trigge...

CVE-2013-4701

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

[The Burp SessionAuth] Extension for Detection of Possible Privilege escalation vulnerabilities

Normally a web application should identify a logged in user by data which is stored on the server side in some kind of session storage. However, in web application audits someone can often observe that internal user identifiers are transmitted in HTTP requests as parameters or cookies. Applicatio...