64 matches found
Multiple vulnerabilities in Cybozu Office
Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Directory traversal in the "Customapp" function CWE-22 - CVE-2019-6022 Browse restriction bypass in the application "Address" CWE-284 - CVE-2019-6023 Two vulnerabilities were reported by the following...
Insufficient Entropy In Key Generation Algorithm
The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by...
Cross-Site Scripting in the Management Web Interface
A reflected cross-site scripting XSS vulnerability exists in the management web interface. PAN-OS contains an unauthenticated vulnerability that may allow for a reflected cross-site scripting XSS attack of the management web interface. ref PAN-76455 / CVE-2017-9459. Successful exploitation of thi...
Cross-Site Scripting in the Management Web Interface
A reflected cross-site scripting XSS vulnerability exists in the management web interface. PAN-OS contains an unauthenticated vulnerability that may allow for a reflected cross-site scripting XSS attack of the management web interface. ref PAN-76455 / CVE-2017-9459. Successful exploitation of thi...
Tampering of temporary export files in the Management Web Interface
A vulnerability exists in the Management Web Interface that could allow an attacker to tamper with export files. The Management Web Interface does not properly validate specific request parameters which can potentially allow arbitrary data to be written to export files. Ref PAN- 70436 /...
CVE-2016-5673
CVE-2016-5673 affects UltraVNC Repeater prior to 1300, which does not restrict destination IP addresses or TCP ports. This allows a remote attacker to induce the repeater (acting as a proxy) to open connections to arbitrary hosts/ports, e.g., exploiting a :: substring between IP and port. The vul...
Cross-site scripting vulnerability
A cross-site scripting vulnerability exists in the web interface whereby data provided by the user is stored without sanitization. Ref 90635 CVE-2016-2219. This issue affects the management interface of the device, where an authenticated administrator may be tricked into injecting malicious...
CVE-2015-5576
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict discovery of memory addresses, which allows...
The vulnerability of Google Chrome browser allows a perpetrator to replace data.
The android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java file of the Google Chrome browser contains errors related to improper restriction of URL identifiers when creating pop-up windows. As a result, attackers may be able to replace the data displayed in the pop-up windows...
CVE-2014-0557
CVE-2014-0557 affects Adobe Flash Player (and related AIR components) across Windows, OS X, Linux, and Android/APIs. The vulnerability arises from improper restriction of memory address discovery, enabling bypass of ASLR via unspecified vectors. The CVSS 2.0 base metrics indicate a high-severity,...
CVE-2014-0545
Technical details for CVE-2014-0545 are not publicly available in the provided documents. The connected EUVD entries mention malware and generic memory-leakage contexts without product/version/impact specifics. Monitor for updates.
AIX 5.3 TL 8 : xntpd (IZ68659)
'NTP mode 7 MODEPRIVATE is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 MODECONTROL, while routine NTP time transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 request or a mode 7 error response from an address that is not listed in a 'restrict...
CVE-2011-4592
The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron...
Multiple Cybozu products vulnerable to authentication bypass
Overview Multiple Cybozu products contain an authentication bypass vulnerability. Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of ...
JVN#87730223 Multiple Cybozu products vulnerable to authentication bypass
Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product. Impact A remote attacker may view or modify information stored b...
CVE-2010-0962
The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT...
tomcat RemoteFilterValve Information disclosure
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...
CVE-2008-3271
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...
Cross site request forgery (csrf)
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...
CVE-2008-3271
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...