7622 matches found
[SECURITY] Fedora 18 Update: curl-7.27.0-10.fc18
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
CVE-2013-1337
Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation WCF endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka...
CVE-2013-1225
Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager 1 HTTP or 2 HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka...
CVE-2013-1221
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted 1 HTTP or 2 HTTPS request, aka Bug ID CSCub38384...
CVE-2013-1222
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted 1 HTTP or 2 HTTPS request, aka Bug ID CSCub38379...
CVE-2013-1223
The log viewer in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted 1 HTTP or 2 HTTPS request, aka Bug ID CSCub38372...
Xxe
Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager 1 HTTP or 2 HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka...
Directory traversal
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted 1 HTTP or 2 HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369...
Cross site request forgery (csrf)
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted 1 HTTP or 2 HTTPS request, aka Bug ID CSCub38384...
Cross site request forgery (csrf)
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted 1 HTTP or 2 HTTPS request, aka Bug ID CSCub38379...
CVE-2013-1224
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted 1 HTTP or 2 HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369...
CVE-2013-1224
CVE-2013-1224 affects Cisco Unified CVP (Resource Manager) prior to 9.0.1 ES 11. A directory traversal flaw allows remote attackers to overwrite arbitrary files by sending crafted HTTP or HTTPS requests that bypass parameter validation (Bug CSCub38369). The issue is tied to the Resource Manager c...
CVE-2013-1222
The CVE-2013-1222 issue affects Cisco Unified Customer Voice Portal (CVP) Software prior to 9.0.1 ES 11, where the Tomcat Web Management feature does not properly configure Tomcat components. This allows remote attackers to launch arbitrary custom web applications via a crafted HTTP or HTTPS requ...
[SECURITY] Fedora 18 Update: curl-7.27.0-9.fc18
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
[SECURITY] Fedora 19 Update: curl-7.29.0-6.fc19
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
Puppet Enterprise Console Detection
Puppet Enterprise Console, a web management interface for Puppet Enterprise, was detected on the remote web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66234; scriptversion"1.5"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"Puppet Enterprise Console...
Puppet Multiple Vulnerabilities (2013/03/12)
According to its self-reported version number, the version of Puppet Open Source or Puppet Enterprise running on the remote host has the following vulnerabilities : - A vulnerability that allows an authenticated client to execute arbitrary code on a puppet master. CVE-2013-1640 - A vulnerability...
[SECURITY] Fedora 19 Update: curl-7.29.0-5.fc19
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
curl / libcURL "tailmatch()" Cookie信息泄露漏洞
CVECAN ID: CVE-2013-1944 cURL是命令行传输文件工具,支持FTP、FTPS、HTTP、HTTPS、GOPHER、TELNET、DICT、FILE和LDAP。 cURL/libcURL 7.29.0及之前版本的函数"tailmatch" lib/cookie.c通过matching tail根据域名匹配cookie路径域时出错,导致泄露另一个域的cookie。 0 cURL 7.x 厂商补丁: cURL ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://curl.haxx.se/...
USN-1801-1: curl vulnerability
YAMADA Yasuharu discovered that libcurl was vulnerable to a cookie leak when doing requests across domains with matching tails. curl did not properly restrict cookies to domains and subdomains. If a user or automated system were tricked into processing a specially crafted URL, an attacker could...