7677 matches found
CVE-2013-1223
The log viewer in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted 1 HTTP or 2 HTTPS request, aka Bug ID CSCub38372...
Cross site request forgery (csrf)
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted 1 HTTP or 2 HTTPS request, aka Bug ID CSCub38379...
Directory traversal
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted 1 HTTP or 2 HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369...
Xxe
Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager 1 HTTP or 2 HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka...
Cross site request forgery (csrf)
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted 1 HTTP or 2 HTTPS request, aka Bug ID CSCub38384...
CVE-2013-1224
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted 1 HTTP or 2 HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369...
CVE-2013-1224
CVE-2013-1224 affects Cisco Unified CVP (Resource Manager) prior to 9.0.1 ES 11. A directory traversal flaw allows remote attackers to overwrite arbitrary files by sending crafted HTTP or HTTPS requests that bypass parameter validation (Bug CSCub38369). The issue is tied to the Resource Manager c...
CVE-2013-1222
The CVE-2013-1222 issue affects Cisco Unified Customer Voice Portal (CVP) Software prior to 9.0.1 ES 11, where the Tomcat Web Management feature does not properly configure Tomcat components. This allows remote attackers to launch arbitrary custom web applications via a crafted HTTP or HTTPS requ...
[SECURITY] Fedora 18 Update: curl-7.27.0-9.fc18
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
[SECURITY] Fedora 19 Update: curl-7.29.0-6.fc19
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
Puppet Multiple Vulnerabilities (2013/03/12)
According to its self-reported version number, the version of Puppet Open Source or Puppet Enterprise running on the remote host has the following vulnerabilities : - A vulnerability that allows an authenticated client to execute arbitrary code on a puppet master. CVE-2013-1640 - A vulnerability...
Puppet Enterprise Console Detection
Puppet Enterprise Console, a web management interface for Puppet Enterprise, was detected on the remote web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66234; scriptversion"1.5"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"Puppet Enterprise Console...
[SECURITY] Fedora 19 Update: curl-7.29.0-5.fc19
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
curl / libcURL "tailmatch()" Cookie信息泄露漏洞
CVECAN ID: CVE-2013-1944 cURL是命令行传输文件工具,支持FTP、FTPS、HTTP、HTTPS、GOPHER、TELNET、DICT、FILE和LDAP。 cURL/libcURL 7.29.0及之前版本的函数"tailmatch" lib/cookie.c通过matching tail根据域名匹配cookie路径域时出错,导致泄露另一个域的cookie。 0 cURL 7.x 厂商补丁: cURL ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://curl.haxx.se/...
USN-1801-1: curl vulnerability
YAMADA Yasuharu discovered that libcurl was vulnerable to a cookie leak when doing requests across domains with matching tails. curl did not properly restrict cookies to domains and subdomains. If a user or automated system were tricked into processing a specially crafted URL, an attacker could...
SSL Enabled but some link point to http:// instead of https://
This scenario will happen if enable both HTTP8090 and HTTPS8433 and 'Server Base Url' is set to HTTP. Reproduce procedures 1. Access confluence via HTTPS 2. Click menu 'Space' at the top menu 3. At 'Space Directory' page, click any of the menu at the left side eg. All spaces etc. then click link ...
SSL Enabled but some link point to http:// instead of https://
This scenario will happen if enable both HTTP8090 and HTTPS8433 and 'Server Base Url' is set to HTTP. Reproduce procedures 1. Access confluence via HTTPS 2. Click menu 'Space' at the top menu 3. At 'Space Directory' page, click any of the menu at the left side eg. All spaces etc. then click link ...
SSL Enabled but some link point to http:// instead of https://
This scenario will happen if enable both HTTP8090 and HTTPS8433 and 'Server Base Url' is set to HTTP. Reproduce procedures 1. Access confluence via HTTPS 2. Click menu 'Space' at the top menu 3. At 'Space Directory' page, click any of the menu at the left side eg. All spaces etc. then click link ...
Sophos Web Protection Appliance 3.7.8.1 XSS / Command Execution
Sophos Web Protection Appliance version 3.7.8.1 suffers from OS command injection, cross site scripting, and file disclosure vulnerabilities. ======================================================================= title: Multiple vulnerabilities product: Sophos Web Protection Appliance vulnerable...
[SSLyze v0.6] SSL Server Configuration Scanning Tool
SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers. Features SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility...