JVN#61317238: ETX-R vulnerable to cross-site request forgery

ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Apply a Workaround The following workarounds may mitigate the...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3572)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-3572 advisory. 2.6.39-400.280.1 - Fix cpu bootup stall with large cpu count Zhenzhong Duan Orabug: 23481040 - megaraidsas : Update threshold based reply post host index...

Ubiquiti airOS - Arbitrary File Upload (Metasploit)

Exploit for unix platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ubiquiti airOS Arbitrary File Upload', 'Description' = %q This module exploits a pre-auth fi...

ICA Session Gets Disconnected When the Web Session Times Out

ICA session gets disconnected when the web session times out...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3554)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-3554 advisory. kernel-uek 4.1.12-37.2.2 - sctp: Prevent soft lockup when sctpaccept is called during a timeout event Karl Heiss Orabug: 23222731 CVE-2015-8767 Tenable has...

CVE-2016-2094

The HTTPS NIO Connector allows remote attackers to cause a denial of service thread consumption by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability...

CVE-2016-2094

The HTTPS NIO Connector allows remote attackers to cause a denial of service thread consumption by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability...

Design/Logic Flaw

The HTTPS NIO Connector allows remote attackers to cause a denial of service thread consumption by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability...

CVE-2016-2094

The vulnerability CVE-2016-2094 affects Tomcat’s HTTPS NIO Connector, where a remote attacker can cause a denial of service by opening a socket and not sending an SSL handshake, triggering a read-timeout and thread consumption. The provided documents describe the vulnerability and impact but do n...

CVE-2016-2094

The HTTPS NIO Connector allows remote attackers to cause a denial of service thread consumption by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability...

Unbreakable Enterprise kernel security update

2.6.39-400.278.2 - sctp: Prevent soft lockup when sctpaccept is called during a timeout event Karl Heiss Orabug: 23222773 CVE-2015-8767...

kernel: SCTP denial of service during timeout

A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctpaccept during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a deni...

OpenSSH < 6.9 Multiple Vulnerabilities

Binary data 9308.prm...

Symantec Brightmail 10.6.0-7 - LDAP Credentials Disclosure (Metasploit)

Exploit for java platform in category web applications Exploit Title: Symantec Brightmail ldap credential Grabber Date: 18/04/2016 Exploit Author: Fakhir Karim Reda Vendor Homepage:...

Changme - A Default Credential Scanner

Changeme is designed to be simple to add new credentials without having to write any code or modules. changeme keeps credential data separate from code. All credentials are stored in yaml files so they can be both easily read by humans and processed by changeme. Credential files can be created by...

Foxit Reader < 7.3.4 Multiple Vulnerabilities

The version of Foxit Reader installed on the remote Windows host is prior to 7.3.4. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists that is triggered when handling FlateDecode streams. An unauthenticated, remote attacker can exploit this, via a crafted PDF...

EAP: HTTPS NIO connector uses no timeout when reading SSL handshake from client

A read-timeout flaw was found in the HTTPS NIO Connector handling of SSL handshakes. A remote, unauthenticated attacker could create a socket and cause a thread to remain occupied indefinitely so long as the socket remained open denial of service...

EAP: HTTPS NIO connector uses no timeout when reading SSL handshake from client

A read-timeout flaw was found in the HTTPS NIO Connector handling of SSL handshakes. A remote, unauthenticated attacker could create a socket and cause a thread to remain occupied indefinitely so long as the socket remained open denial of service...

EAP: HTTPS NIO connector uses no timeout when reading SSL handshake from client

A read-timeout flaw was found in the HTTPS NIO Connector handling of SSL handshakes. A remote, unauthenticated attacker could create a socket and cause a thread to remain occupied indefinitely so long as the socket remained open denial of service...

EAP: HTTPS NIO connector uses no timeout when reading SSL handshake from client

A read-timeout flaw was found in the HTTPS NIO Connector handling of SSL handshakes. A remote, unauthenticated attacker could create a socket and cause a thread to remain occupied indefinitely so long as the socket remained open denial of service...