9889 matches found
Cisco Identity Services Engine Unauthorized Access Vulnerability
Cisco Identity Services Engine versions prior to 2.0 contain a vulnerability that could allow a low-privileged authenticated, remote attacker to access specific web resources that are designed to be accessed only by higher-privileged administrative users. The vulnerability occurs because specific...
SAP Hostcontrol remote DOS
Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.0 – 7.5 Vendor URL: SAP Bug: DoS Reported: 01.11.2016 Vendor response: 02.11.2016 Date of Public Advisory: 13.06.2017 Reference: SAP Security Note 2389181 Authors: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: D...
Enable X-FRAME-Option in HTTP response headers in order to provide clickjacking protection
Crowd is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to frame crowd from a page hosted in a different domain and trick the user into performing an action they did not intend to perform, for example changing their display name. This issue can be...
Enable X-FRAME-Option in HTTP response headers in order to provide clickjacking protection
Crowd is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to frame crowd from a page hosted in a different domain and trick the user into performing an action they did not intend to perform, for example changing their display name. This issue can be...
IBM Mashups Center Denial of Service Vulnerability
IBM Mashups Center is a suite of platforms for business and IT people to create, publish, modify and share Web applications from IBM in the United States. A denial of service vulnerability exists in IBM Mashups Center. An attacker can exploit this vulnerability to consume CPU resources and cause ...
qemu -- denial of service vulnerability in USB EHCI emulation support
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the USB EHCI emulation support is vulnerable to an infinite loop issue. It occurs during communication between host controller interfaceEHCI and a respective device driver. These two communicate via a isochronous...
OpenMRS 2.3 (1.11.4) - 文件泄漏漏洞
No description provided by source. OpenMRS 2.3 1.11.4 Local File Disclosure Vulnerability Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS 1.9.7 Build 60bd9b Summary...
Waldo - Multithreaded Directory and Subdomain Bruteforcer
Waldo is a lightweight and multithreaded directory and subdomain bruteforcer implemented in Python. It can be used to locate hidden web resources and undiscovered subdomains of the specified target. Key Features Quickly and easily generate a list of all subdomains of target domain Discover hidden...
Directory traversal
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/...
Cisco Virtual Topology System TCP Connection Functionality Denial of Service Vulnerability
A vulnerability in TCP connection handling by Cisco Virtual Topology System VTS devices could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service DoS condition due to high CPU and memory utilization. The vulnerability is due to a lack of rate limiting in t...
net-snmp security and bug fix update
1:5.7.2-24 - Fixed lmSensorsTable not reporting sensors with duplicate names 1252053 - Fixed close overhead of extend commands 1252048 - Fixed out-of-bounds write in python code 1252034 1:5.7.2-23 - Fixed parsing of invalid variables in incoming packets 1248414 - Fixed...
Vulnerability of Firefox and Firefox ESR browsers, which allows attackers to circumvent existing access restrictions
The vulnerability of Firefox and Firefox ESR browsers is related to the improper use of shared resources between different sources. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions by avoiding the check-step during requests...
Moderate: Red Hat Security Advisory: file security and bug fix update
Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...
QEMU hw/virtio/virtio.c Denial of Service Vulnerability
QEMU is an open source emulator software. With virtio-net support enabled in QEMU, a security vulnerability in the hw/virtio/virtio.c handling could allow a remote attacker to exhaust client network resources, resulting in a denial of service...
How to Add SQL Database Connections to XenMobile Server
This article describes how to add / increase additional SQL database connections from XenMobile. By default XenMobile Server 10.x has 50 database connections to SQL database. Note: Please be sure that your SQL Server has enough resources RAM & CPU to handle the additional load on the server prior...
Shopify: SVG parser loads external resources on image upload
Uploading SVG that include will cause the server side parser to try to fetch external resources. I've tested in two ways. Creating an svg with an external loaded public google image that was rendered perfectly. Also tested a private server with nc and created an svg that uses xlink for private ur...
CVE-2007-1581
The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hashupdatefile function via a userspace 1 error or 2 stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PH...
CVE-2011-0528
Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors...
Unspecified Vulnerability in Oracle PeopleSoft Products (CNVD-2015-06956)
Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle. An unspecified vulnerability exists in Oracle PeopleSoft Products 9.2. It allows a remote, authenticated user to affect confidentiality via vector fin resources related to management security...
The vulnerability of the Firefox browser, which allows a hacker to execute arbitrary code or trigger a service failure.
The vulnerability of the WorkerPrivate::NotifyFeatures function in the Firefox browser is caused by synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure due to errors in the implementation ...