5907 matches found
CVE-2012-6551
The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service broker resource consumption via HTTP requests...
CVE-2013-3060
The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests...
TP-Link TL-WR741N TL-WR741ND Routers - Multiple Denial of Service Vulnerabilities
TP-Link TL-WR741N TL-WR741ND Routers - Multiple Denial of Service Vulnerabilities source: https://www.securityfocus.com/bid/59325/info TP-LINK TL-WR741N and TL-WR741ND routers are prone to multiple denial-of-service vulnerabilities when handling specially crafted HTTP requests. Successful exploit...
TP-Link TL-WR741N / TL-WR741ND Routers - Multiple Denial of Service Vulnerabilities
source: https://www.securityfocus.com/bid/59325/info TP-LINK TL-WR741N and TL-WR741ND routers are prone to multiple denial-of-service vulnerabilities when handling specially crafted HTTP requests. Successful exploits will cause the device to crash, denying service to legitimate users. GET...
Moderate: Red Hat Security Advisory: haproxy security update
An updated haproxy package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.1.3. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Important: Red Hat Security Advisory: puppet security update
Updated puppet packages that fix several security issues are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
CVE-2012-4710
Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference...
Xxe
Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference...
CVE-2013-1653
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code v...
WordPress Plugin Occasions - Cross-Site Request Forgery
WordPress Plugin Occasions - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/58599/info The Occasions plugin for WordPress is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. Exploiting this issue may allow ...
Microsoft SharePoint Server Privilege Elevation Vulnerabilities (2780176)
This host is missing a critical security update according to Microsoft Bulletin MS13-024. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Qool CMS v2.0 RC2 XSRF Add Root Exploit
Summary Qool CMS is a content management system that helps web masters be more productive. Qool has been built with both worlds web master, web developer in mind. It is easy to create addons extensions for the system but you can really do without them too. Description Qool CMS allows users to...
CVE-2012-6026
The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 and earlier does not properly manage buffers, which allows remote attackers to cause a denial of service device reload via crafted HTTP requests, aka Bug ID CSCuc62460...
CVE-2012-6026
The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 and earlier does not properly manage buffers, which allows remote attackers to cause a denial of service device reload via crafted HTTP requests, aka Bug ID CSCuc62460...
Nmap NSE 6.01: whois
Queries the WHOIS services of Regional Internet Registries RIR and attempts to retrieve information about the IP Address Assignment which contains the Target IP Address. The fields displayed contain information about the assignment and the organisation responsible for managing the address space...
CVE-2013-0339
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...
osCommerce - Cross-Site Request Forgery
osCommerce - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/57892/info osCommerce is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain...
osCommerce - Cross-Site Request Forgery
source: https://www.securityfocus.com/bid/57892/info osCommerce is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized...
cURL - Buffer Overflow (PoC)
cURL - Buffer Overflow PoC cURL buffer overflow Wed 06 February 2013 Volema found remotely exploitable buffer overflow vulnerability in libcurl POP3, SMTP protocol handlers which lead to code execution RCE. When negotiating SASL DIGEST-MD5 authentication, the function Curlsaslcreatedigestmd5messa...
cURL Buffer Overflow
cURL buffer overflow Wed 06 February 2013 Volema found remotely exploitable buffer overflow vulnerability in libcurl POP3, SMTP protocol handlers which lead to code execution RCE. When negotiating SASL DIGEST-MD5 authentication, the function Curlsaslcreatedigestmd5message uses the data provided...