MercadoPago Android App Information Disclosure

Advisory ID Internal CORE-2014-0011 1. Advisory Information Title: MercadoPago Android App Information Disclosure Advisory ID: CORE-2014-0011 Date published: 2014-12-19 Date of last update: 2014-12-17 Vendors contacted: Mercadolibre Release mode: Coordinated release 2. Vulnerability Information...

Command injection

The Clientless SSL VPN feature in Cisco Adaptive Security Appliance ASA Software 8.x before 8.25.44, 8.3.x before 8.32.39, 8.4.x before 8.45.7, 8.6.x before 8.61.12, 9.0.x before 9.02.6, and 9.1.x before 9.11.7 allows remote attackers to cause a denial of service device reload via crafted HTTPS...

CVE-2013-3454

Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via...

Default credentials

Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via...

CVE-2013-3454

Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via...

CVE-2013-3454

CVE-2013-3454 affects Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices. The issue is a default password for the pwrecovery account, enabling remote attackers to modify configuration or perform arbitrary acti...

Design/Logic Flaw

Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted...

Design/Logic Flaw

Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host v...

CVE-2013-1450

Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host v...

Cisco Security Agent Management Center Code Execution (CVE-2011-0364)

CSA is an endpoint host based security solution that combines zero-update attack protection, data loss prevention, and signature-based antivirus. It defends servers and desktops against new attacks, and enforces acceptable-use and compliance policies within a simple management infrastructure. An...

Buffer overflow

Multiple buffer overflows in the AirDefense Airsensor M520 with firmware 4.3.1.1 and 4.4.1.4 allow remote authenticated users to cause a denial of service HTTPS service outage via a crafted query string in an HTTPS request to 1 adLog.cgi, 2 post.cgi, or 3 ad.cgi, related to the "files filter."...

airsensor-dos.txt

!/usr/bin/perl -w Airsensor M520 HTTPD Remote Preauth Denial Of Service and Buffer Overflow PoC The vulnerability is caused due to an unspecified error in the cgis files filter used for configure propierties. This can be exploited by sending a specially crafted HTTPS request necessary...

Oracle web cache buffer overflow

Heap overflow on invalid HTTP/HTTPS request...

Apache 2 mod_ssl denial-of-service

Joe Orton reports a memory leak in Apache 2's modssl. A remote attacker may issue HTTP requests on an HTTPS port, causing an error. Due to a bug in processing this condition, memory associated with the connection is not freed. Repeated requests can result in consuming all available memory...