Promise Technology WebPam Pro-E Appliance HTTP Response Header Injection Vulnerability

Promise Technology WebPam Pro-E devices are a data center device from Promise Technology. A security vulnerability exists in the Promise Technology WebPam Pro-E devices due to a failure to filter parameters in the PHPSESSID cookie. The vulnerability can be exploited by remote attackers to conduct...

Palo Alto Networks Firewalls Remote Root Code Execution Vulnerability

Three separate bugs can be used together to remotely execute commands as root through the web management interface without authentication on PAN-OS versions 6.1.18 and earlier, PAN-OS versions 7.0.18 and earlier, PAN-OS versions 7.1.13 and earlier, and PAN-OS versions 8.0.5 and earlier. Full...

Palo Alto Networks Firewalls Remote Root Code Execution

Hello, This is a public advisory for CVE-2017-15944 which is a remote root code execution bug in Palo Alto Networks firewalls. Three separate bugs can be used together to remotely execute commands as root through the web management interface without authentication on: PAN-OS 6.1.18 and earlier,...

diia.de XSS vulnerability

Open Bug Bounty ID: OBB-446290 Description| Value ---|--- Affected Website:| diia.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Timing Attack

craftcms/cms is vulnerable to timing attack. The application uses the strcmp function that compares hashes in non-constant time, allowing an attacker to use the timing of the request to progressively identify the current PHP session id...

Muviko 1.0 SQL Injection

Exploit Title: Muviko - Video CMS v1.0 a 'q' Parameter SQL Injection Date: 02.08.2017 Vendor Homepage: https://muvikoscript.com/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview Muviko is a movie & video content manageme...

NfSen 1.3.7 AlienVault OSSIM 4.3.1 - customfmt Command Injection

NfSen 1.3.7 AlienVault OSSIM 4.3.1 - customfmt Command Injection Exploit Title: NfSen/AlienVault remote root exploit command injection in customfmt parameter Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault USM/OSSIM 4.3.1...

NfSen < 1.3.7 / AlienVault OSSIM 4.3.1 - 'customfmt' Command Injection

Exploit Title: NfSen/AlienVault remote root exploit command injection in customfmt parameter Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault USM/OSSIM 4.3.1 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/...

NfSen 1.3.7 / AlienVault OSSIM 4.3.1 customfnt Command Injection

Exploit Title: NfSen/AlienVault remote root exploit command injection in customfmt parameter Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault USM/OSSIM 4.3.1 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/...

NfSen 1.3.7 / AlienVault USM/OSSIM 5.3.4 Command Injection

Exploit Title: NfSen/AlienVault remote root exploit IPC query command injection Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault 5.3.4 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/ Vendor Homepage:...

NfSen < 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection

Exploit Title: NfSen/AlienVault remote root exploit IPC query command injection Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault 5.3.4 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/ Vendor Homepage:...

NfSen 1.3.7 AlienVault OSSIM 5.3.4 - Command Injection

NfSen 1.3.7 AlienVault OSSIM 5.3.4 - Command Injection Exploit Title: NfSen/AlienVault remote root exploit IPC query command injection Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault 5.3.4 Date: 2017-07-10 Vendor Homepage:...

CVE-2017-6971

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862...

CVE-2017-6971

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862...

Code injection

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862...

Fedora 25 : php (2016-03518b366b)

18 Aug 2016 PHP 7.0.10 Core: - Fixed bug php72629 Caught exception assignment to variables ignores references. Laruence - Fixed bug php72594 Calling an earlier instance of an included anonymous class fatals. Laruence - Fixed bug php72581 previous property undefined in Exception after...

UBUNTU-CVE-2016-7125

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection...

Symantec Endpoint Protection Manager and Client Unauthorized Access Vulnerability

Symantec Endpoint Protection SEP is a suite of antivirus software from Symantec, Inc.SEP Manager and Client are the management and client software. An unauthorized access vulnerability exists in SEP Manager and Client version 12.1, which can be exploited by an attacker to access the PHP JSESSIONI...

JAVA serialization and deserialization, as well as vulnerability remediation-vulnerability warning-the black bar safety net

Last week, the network security personnel once again in the Black production before being tumbled, Joomla exposure to high-risk 0Day vulnerabilities, without requiring a user login will be able to trigger. Joomla vulnerability in the official release of the upgrade version and before the patch, i...

CVE-2007-1700

The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the...