Cisco Data Center Network Manager getModules SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Cisco Data Center Network Manager getAllTemplate SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Cisco Data Center Network Manager getSanIslListWithPM SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Cisco Data Center Network Manager getVpcHistory SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Cisco Data Center Network Manager getSanZoneList SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

SUSE-SU-2019:3067-1 Security update for squid

This update for squid to version 4.9 fixes the following issues: Security issues fixed: - CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi bsc1140738. - CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. -...

OPENSUSE-SU-2019:2540-1 Security update for squid

This update for squid to version 4.9 fixes the following issues: Security issues fixed: - CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi bsc1140738. - CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. -...

Squid Cross-Site Request Forgery Vulnerability

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A cross-site request forgery vulnerability exists in the HTTP request processing in Squid, which arises from a WEB...

The vulnerability of the ASP.NET Core software platform, related to errors in handling web requests, allows attackers to escalate their privileges and execute cross-site scripting attacks.

The vulnerability of the ASP.NET Core software platform is related to errors in processing web requests using templates. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and carry out a cross-site scripting attack by sending an email containing a malicious lin...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

Cisco Unified Contact Center Express Request Processing Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the...

Low: mod_http2

Issue Overview: A vulnerability was found in Apache HTTP Server 2.4. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. CVE-2019-0196 Affected Packages...

The vulnerability of Web servers Embedthis GoAhead and Embedthis Appweb, related to POST HTTP request processing errors, allows attackers to trigger a service failure.

The vulnerability of Embedthis GoAhead and Embedthis Appweb web servers is related to HTTP request processing errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the Windows operating system’s DNS server, related to errors in processing DNS requests, allows a perpetrator to cause a service failure.

The vulnerability of the Windows operating system’s DNS server is related to errors in processing DNS requests. Exploiting this vulnerability can allow a malicious actor to cause service interruptions through a specially crafted request...

The vulnerability of the ASP.NET Core software platform, related to errors in request processing, allows a hacker to cause a service failure.

The vulnerability of the ASP.NET Core software platform is related to errors in request processing. Exploiting this vulnerability can allow a malicious actor to cause service failures by sending specially crafted requests to the ASP.NET Core application...

Denial Of Service (DoS)

Microsoft .NET Framework is vulnerable to denial of serviceDoS attacks. A remote user could send specially crafted requests to the target .NET web application to trigger a request processing error in the Microsoft Common Object Runtime Library and cause denial of service conditions which leads...

Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2019-13859)

Microsoft ASP.NET Core is a framework of cross-platform open source framework from Microsoft. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. A denial of service vulnerability exists in Microsoft ASP.NET Core...

The vulnerability of the Ruby library for handling web resources, Sprockets, related to request processing errors, allows a hacker to gain unauthorized access to information.

The vulnerability of the Ruby library for handling web resources, Sprockets, is related to request processing errors. Exploiting this vulnerability allows an attacker to remotely access files located outside of the application’s root directory and gain unauthorized access to protected information...

jenkins: Failures to process form submission data could result in secrets being displayed or written to logs

An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with...

HackerOne: Corrupted Authorization header can cause logs not to be ingested properly in ████████

HackerOne ingests different logs in ██████, one of them being nginx access logs from our load balancers. The default log format of our load balancer configuration is shown below. As can be seen in the format, the HTTP user specified in the Authorization header $remoteuser is placed between the...