TP-Link TL-WR2543ND Router - Admin Panel Multiple Cross-Site Request Forgery Vulnerabilities

source: https://www.securityfocus.com/bid/57877/info TP-LINK TL-WR2543ND is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests. Exploiting these issues may allow a remote attacker to change a device's configuration and...

Glossword 1.8.12 XSS / CSRF / Shell Upload / Database Disclosure

Glossword version 1.8.12 suffers from database backup disclosure, cross site request forgery, cross site scripting, and remote shell upload vulnerabilities. =================================================== Vulnerable Software: Glossword 1.8.12 Tested version: Glossword 1.8.12 Download:...

nginx Security Bypass Vulnerability - Windows

nginx is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx"; if description...

Design/Logic Flaw

Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host v...

CVE-2012-6112

classes/GoogleSpell.php in the PHP Spellchecker aka Google Spellchecker addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote...

CVE-2012-6112

classes/GoogleSpell.php in the PHP Spellchecker aka Google Spellchecker addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote...

Design/Logic Flaw

classes/GoogleSpell.php in the PHP Spellchecker aka Google Spellchecker addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote...

CVE-2012-6112

classes/GoogleSpell.php in the PHP Spellchecker aka Google Spellchecker addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote...

CVE-2012-6112

classes/GoogleSpell.php in the PHP Spellchecker aka Google Spellchecker addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote...

RHEL 4 / 5 : jbossweb (RHSA-2010:0584)

An updated jbossweb package that fixes two security issues is now available for JBoss Enterprise Application Platform 4.2 and 4.3 for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System...

RHEL 6 : Ruby on Rails in Subscription Asset Manager (RHSA-2013:0154)

Updated rubygem-actionpack, rubygem-activesupport, and rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Subscription Asset Manager. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scorin...

Apache Tomcat NIO Connector Denial of Service (CVE-2012-4534)

A denial of service vulnerability has been reported in Apache Tomcat. The vulnerability is due to an infinite loop in NIO Connector when a client breaks the connection in the middle of reading the response for a request to a big file. An unauthenticated, remote attacker can exploit this...

Critical: Red Hat Security Advisory: Ruby on Rails security update

Updated rubygem-actionpack, rubygem-activesupport, ruby193-rubygem-actionpack, and ruby193-rubygem-activesupport packages that fix multiple security issues are now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having critical security...

CVE-2013-0005

The WCF Replace function in the Open Data aka OData protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service resource consumption and daemon restart via craft...

Denial of service

The WCF Replace function in the Open Data aka OData protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service resource consumption and daemon restart via craft...

CVE-2013-0005

The WCF Replace function in the Open Data aka OData protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service resource consumption and daemon restart via craft...

Watson Management Console 4.11.2.G Directory Traversal

Exploit Title: Watson Management Console Directory Traversal Vulnerability Google Dork: allintitle:Watson Management Console Contacted Vendor : 17/12/2012 as well as 31/12/2012 The Vendor Did Not Respond . Date: 1/2/2013 Exploit Author: Dhruv Shah Vendor Homepage: http://www.schmid-telecom.com/...

Watson Management Console 4.11.2.G - Directory Traversal

Watson Management Console 4.11.2.G - Directory Traversal Exploit Title: Watson Management Console Directory Traversal Vulnerability Google Dork: allintitle:Watson Management Console Contacted Vendor : 17/12/2012 as well as 31/12/2012 The Vendor Did Not Respond . Date: 1/2/2013 Exploit Author: Dhr...

PT-2013-2056 · Microsoft · Management Odata Iis Extension +3

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 3.5 through 4 Management OData IIS Extension on Windows Server 2012 Description: A denial of service issue exists in the OData protocol implementation, allowing remote attackers to cause a denial of service v...

CVE-2012-6471

Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests...