openSUSE: Security Advisory for cacti (openSUSE-SU-2017:3051-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

FreeBSD : cacti -- multiple vulnerabilities (db570002-ce06-11e7-804e-c85b763a2f96)

cacti reports : Changelog issue1057: CVE-2017-16641 - Potential vulnerability in RRDtool functions issue1066: CVE-2017-16660 in remoteagent.php logging function issue1066: CVE-2017-16661 in view log file issue1071: CVE-2017-16785 in globalsession.php Reflection XSS %NASLMINLEVEL 70300 C Tenable...

RHEL 6 / 7 : Red Hat JBoss Enterprise Application Platform 6.4.18 (RHSA-2017:3240)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3240 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release...

RHEL 7 : httpd (RHSA-2017:3194)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3194 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: It was discovered that...

RHEL 6 / 7 : Red Hat JBoss Web Server (RHSA-2017:3113)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3113 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implement...

reflector - Burp plugin able to find reflected XSS on page in real-time while browsing on site

Burp Suite extension is able to find reflected XSS on page in real-time while browsing on web-site and include some features as: Highlighting of reflection in the response tab. Test which symbols is allowed in this reflection. Analyze of reflection context. Content-Type whitelist. How to use Afte...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2756-1) (Optionsbleed)

This update for apache2 fixes several issues. These security issues were fixed : - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS bsc1058058 - CVE-2017-9788: Uninitialized memory reflection in modauthdigest could have lead to leakage of...

Remote code execution

By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz...

SUSE-SU-2017:1961-1 Security update for apache2

This update for apache2 fixes the following issues: Security issue fixed: - CVE-2017-9788: Uninitialized memory reflection in modauthdigest. bsc1048576 Bug fixes: - Include individual sysconfig.d files instead of the whole sysconfig.d directory. - Include sysconfig.d/include.conf after httpd.conf...

Apache Httpd < 2.4.27 : Uninitialized memory reflection in mod_auth_digest

The value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by modauthdigest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior...

Apache Httpd < 2.2.34 : Uninitialized memory reflection in mod_auth_digest

The value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by modauthdigest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior...

CVE-2017-8920

irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS...

MS15-076 Windows: DCOM DCE/RPC Local NTLM Reflection Elevation of Privilege (CVE-2015-2370)

Windows: DCOM DCE/RPC-Local NTLM Reflection Elevation of Privilege Platform: Windows 8.1 Update not tested on Windows 7, 10 Class: Elevation of Privilege Summary: Local DCOM DCE/RPC connections can be reflected back to a listening TCP socket allowing access to an NTLM authentication challenge for...

APT29 Used Domain Fronting, Tor to Execute Backdoor

APT29, a/k/a Cozy Bear, has been utilizing a technique called domain fronting in order to secure backdoor access to targets for nearly two years running, experts said Monday. The nation state attackers have reportedly been pairing the anonymity software Tor with a Tor plugin that specializes in...

APT29 Domain Fronting With TOR

Mandiant has observed Russian nation-state attackers APT29 employing domain fronting techniques for stealthy backdoor access to victim environments for at least two years. There has been considerable discussion about domain fronting following the release of a paper detailing these techniques...

DDoS of Past, Present and Future

The pervasiveness of technology has meant automation of tasks, allowing better productivity, with more time to do more. However, the dark side of technology would be that enterprises and individuals alike are vulnerable to cybercrimes, compromise of identities, loss of data and subject to malicio...

Information Disclosure Vulnerability in Multiple Micro Focus Products

Micro Focus Host Access Management and Security Server MSS, formerly known as Attachmate Host Access Management and Security Server and others are products of Micro Focus, a British company.MSS is a MSS is a server that provides access management and security; Reflection for the Web RWeb, formerl...

CVE-2016-5765

Administrative Server in Micro Focus Host Access Management and Security Server MSS and Reflection for the Web RWeb and Reflection Security Gateway RSG and Reflection ZFE ZFE allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory...

CVE-2016-5765

Administrative Server in Micro Focus Host Access Management and Security Server MSS and Reflection for the Web RWeb and Reflection Security Gateway RSG and Reflection ZFE ZFE allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory...

CVE-2016-5765

The CVE-2016-5765 entry describes a remote, unauthenticated directory-traversal information-disclosure in Micro Focus MSS and related products (RWeb, RSG, ZFE, and older components). Affected: MSS 12.3 before 12.3.326, MSS 12.2 before 12.2.342; RSG 12.1 before 12.1.362; RWeb 12.3 before 12.3.312,...