Symantec Endpoint Protection Manager OpenSSL Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could exploit this vulnerability by sending a crafted HTTP or HTT...

Information disclosure

An information-disclosure issue was discovered in Postman through 6.3.0. It validates a server's X.509 certificate and presents an error if the certificate is not valid. Unfortunately, the associated HTTPS request data is sent anyway. Only the response is not displayed. Thus, all contained...

Samsung SmartThings Hub video-core RTSP Configuration Command Injection Vulnerability(CVE-2018-3856)

Summary An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this...

Augur: Subdomain takeover on slack.augur.net pointing to GitHub Pages

Summary The slack.augur.net record wasn't removed from the DNS after the migration to Discord invite.augur.net and was pointing to a non-existent page on GitHub Pages. So a subdomain takeover was possible and a proof-of-concept has been done to confirm this. Description Searching for subdomains o...

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

X (Formerly Twitter): Blind XSS in Mobpub Marketplace Admin Production | Sentry via demand.mopub.com (User-Agent)

Summary: I've identified a Blind XSS vulnerability that fires in the Mobpub Marketplace Admin Production | Sentry dashboard and can be triggered by sending a HTTPS request to an endpoint from the domain demand.mopub.com. Description: I've sent the following HTTPS request to the following URL...

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

DEBIAN-CVE-2008-7313

The httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796...

UBUNTU-CVE-2008-7313

The httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796...

tomcat: Infinite loop in the processing of https requests

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop...

CVE-2016-9562

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service null pointer exception and icman outage via an HTTPS request to the sap.comP4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835...

Null pointer dereference

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service null pointer exception and icman outage via an HTTPS request to the sap.comP4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835...

Trend Micro Control Manager task_controller Information Disclosure

An information disclosure vulnerability has been reported in Trend Micro Control Manager. The vulnerability is due to lack of validation of the 'url' parameter in the request for taskcontrol.php. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted HT...

CVE-2014-8950

Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the 1 URL Filtering or 2 Identity Awareness blade is used, allows remote attackers to cause a denial of service crash via vectors involving an HTTPS request...

Cross site request forgery (csrf)

Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the 1 URL Filtering or 2 Identity Awareness blade is used, allows remote attackers to cause a denial of service crash via vectors involving an HTTPS request...

CVE-2014-8950

Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the 1 URL Filtering or 2 Identity Awareness blade is used, allows remote attackers to cause a denial of service crash via vectors involving an HTTPS request...

CVE-2014-8950

The CVE-2014-8950 entry concerns Check Point Security Gateway versions R77 and R77.10. The vulnerability affects the URL Filtering and Identity Awareness blades, where an HTTPS request can trigger a denial-of-service (crash). The available documents confirm the affected product and blades, and th...