Apache Struts2 S2-054 Denial of Service Vulnerability

Struts2 is Apache Software Foundation is responsible for maintaining a MVC-based design pattern of the Web application framework for open source projects. Apache Struts2 suffers from a S2-054 denial of service vulnerability. Because the Apache Struts REST plugin uses an outdated JSON-lib library ...

CVE-2017-15707

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload...

CVE-2017-15707

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload...

Siemens SICAM RTUs SM-2556 COM Modules XSS / Bypass / Code Execution Vulnerabilities

Siemens SICAM RTUs SM-2556 COM modules firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00 suffer from authentication bypass, code execution, and cross site scripting vulnerabilities. ======================================================================= title: Authentication...

USN-3432-1: ca-certificates update | Cloud Foundry

Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20170717 package. Affected Cloud Foundry Products and Versions Cloud Foundry BOSH...

Nikto v2.1.6 - Web Server Scanner

Nikto is an Open Source GPL web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks...

WordPress Landing Pages Plugin Arbitrary Code Execution Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WordPress Landing Pages is one of the landing page plugin. A security vulnerability exists in versions of the...

Infogram: Outdated jQuery Version

During analysis, it was observed that the application is using outdated jQuery version i.e. 1.11.2...

Ubuntu: Security Advisory (USN-3432-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS : ca-certificates update (USN-3432-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3432-1 advisory. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20170717...

USN-3432-1 ca-certificates update

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20170717 package...

Design/Logic Flaw

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate...

Netsweeper Arbitrary File Upload Vulnerability

Netsweeper is a Web content filtering solution from Netsweeper Canada. An arbitrary file upload vulnerability exists in the webadmin/ajaxfilemanager/ajaxfilemanager.php file in Netsweeper versions prior to 3.1.10, 4.0.x versions prior to 4.0.9, and 4.1.x versions prior to 4.1.2. A remote attacker...

CVE-2017-7971

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate...

CVE-2017-7971

CVE-2017-7971 affects Schneider Electric PowerSCADA Anywhere v1.0 (used with PowerSCADA Expert v8.1/8.2) and Citect Anywhere v1.0. The issue is outdated TLS cipher suites and improper verification of peer SSL certificates, enabling potential man-in-the-middle or insecure communications. Public do...

Design/Logic Flaw

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload...

CVE-2017-9793

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload...

BSA-2017-429

Security Advisory ID : BSA-2017-429 Component : Struts REST Revision : 2.0: Interim A flaw was found in the Struts REST plugin when using an outdatedXStreamlibrary. An attacker could perform a denial of service attack using a malicious request with specially crafted XML payload. Affected Products...

Unikrn: Persistent XSS found on bin.pinion.gg due to outdated FlowPlayer SWF file with Remote File Inclusion vulnerability.

Description Hi. Today i looked to some outscope subdomains .pinion.gg for recon purposes. I discovered an interesting file on http://templ4d2.pinion.gg/motd2.manifest with next content: CACHE MANIFEST 2014-07-07 CACHE: http://bin.pinion.gg/bin/companions.min.js...

Powershell: Cannot connect to backup server because some of its components are out of date

Challenge Connect-VBRServer PowerShell cmdlet fails with the error: Connect-VBRServer : Cannot connect to backup server because some of its components are out of date. Cause This issue occurs when the Veeam Backup & Replication Console files on the remote machine where the command was run do not...