MINI-5236-V33J-GR9H

Bulletin has no description...

MINI-483F-5236-C5H8

Bulletin has no description...

CVE-2023-5236 vulnerabilities

Vulnerabilities for packages: infinispan...

WordPress NinjaTeam Chat for Telegram plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via username Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin NinjaTeam Chat for Telegram versions = 1.1...

CVE-2011-5236

Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

Linux Distros Unpatched Vulnerability : CVE-2015-5236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy SOP checks. As the...

RHEL 6 : icedtea-web (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - icedtea-web: SOP checks based on codebase and not applet origin CVE-2015-5236 Note that Nessus has not tested for...

RHEL 7 : icedtea-web (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - icedtea-web: SOP checks based on codebase and not applet origin CVE-2015-5236 Note that Nessus has not tested for...

CVE-2024-5236

A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teachersalaryinvoice1.php. The manipulation of the argument date leads to sql injection. The attack can be...

CVE-2024-5236 Campcodes Complete Web-Based School Management System teacher_salary_invoice1.php sql injection

A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teachersalaryinvoice1.php. The manipulation of the argument date leads to sql injection. The attack can be...

CVE-2024-5236 Campcodes Complete Web-Based School Management System teacher_salary_invoice1.php sql injection

A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teachersalaryinvoice1.php. The manipulation of the argument date leads to sql injection. The attack can be...

CVE-2023-5236

creationtimestamp| type| source ---|---|--- 2023-12-20 15:43:13+00:00| seen| https://t.me/arpsyndicate/2044...

Rocky Linux 8 : postgresql:13 (RLSA-2021:5236)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5236 advisory. - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker ca...

Ubuntu 16.04 ESM : pngcrush vulnerability (USN-5236-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5236-1 advisory. Brian Carpenter discovered that pngcrush incorrectly handled specially crafted file. An attacker could possibly use this issue to cause a denial of service. Tenab...

K55922302: XSS in F5 WebSafe Dashboard vulnerability CVE-2016-5236

Security Advisory Description Cross-Site-Scripting XSS vulnerabilities in F5 WebSafe Dashboard allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature. CVE-2016-5236 Impact An attacker with a privileged account may be able to inje...

CVE-2015-5236

creationtimestamp| type| source ---|---|--- 2022-07-07 20:18:21+00:00| seen| https://t.me/cibsecurity/45754...

CVE-2015-5236

It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy SOP checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value...

DEBIAN-CVE-2015-5236

It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy SOP checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value...

UBUNTU-CVE-2015-5236

It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy SOP checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value...

CVE-2015-5236

The CVE-2015-5236 entry concerns IcedTea-Web, where the codebase attribute of the HTML tag used in the SOP check is not required to match the applet’s actual origin. This could allow a malicious site to bypass Same Origin Policy by spoofing the codebase value. Public documentation provided refer...