Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect Algo One - Counterparty Credit Risk

Summary Apache Tomcat could allow a remote attacker to bypass security restrictions Vulnerability Details CVE-ID: CVE-2017-5647 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An...

Domains & Hostings Manager PRO 3.0 - Authentication Bypass

Exploit Title: Domains & Hostings Manager PRO v 3.0 - Authentication Bypass Date: 13.01.2018 Vendor Homepage: http://endavi.com/ Software Buy: https://codecanyon.net/item/advanced-domains-and-hostings-pro-v3-multiuser/10368735 Demo: http://endavi.com/dhrprodemo/ Version: 3.0 Tested on: Windows 10...

Ubuntu 14.04 LTS : Subversion vulnerabilities (USN-2316-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2316-1 advisory. Lieven Govaerts discovered that the Subversion moddavsvn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote...

CVE-2014-0032

The getresource function in repos.c in the moddavsvn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via vectors related to the server root and request methods other than GET, as...

Command injection

The getresource function in repos.c in the moddavsvn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via vectors related to the server root and request methods other than GET, as...

CVE-2014-0032

The getresource function in repos.c in the moddavsvn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via vectors related to the server root and request methods other than GET, as...

blackicepro.txt

Hi! I'm using BlackICE PC Protection formerly known as BlackICE Defender for a very long time1, 2. It is one of my favorite hostbased intrusion detection systems and personal firewall for windows. During some tests for a paper on cross site scripting I've seen that there is an evasion possibility...

Microsoft IIS 2.03.04.05.05.1 - Internal IP Address Disclosure

Microsoft IIS 2.03.04.05.05.1 - Internal IP Address Disclosure source: https://www.securityfocus.com/bid/1499/info When a remote user attempts to access an area protected by basic authentication with no realm defined, while specifying HTTP 1.0, Microsoft IIS will return an Access Denied error...

CVE-1999-0448

The CVE-1999-0448 issue affects IIS 4.0 and Apache by allowing remote control over log HTTP request methods so that the actual requested URL can be hidden. Root cause is how the log records capture the method, potentially truncating or misrepresenting the request, enabling a malicious user to con...

CVE-1999-0448

IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request...

CVE-1999-0448

IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request...

PT-1999-1131 · Microsoft +1 · Iis +1

Name of the Vulnerable Software and Affected Versions: IIS version 4.0 Apache affected versions not specified Description: The issue allows a remote attacker to hide the URL they are requesting by taking advantage of how IIS 4.0 and Apache log HTTP request methods, regardless of their length...