Open-Xchange AppSuite Cross-Site Scripting Vulnerability (CNVD-2016-09993)

Open-Xchange AppSuite OX AppSuite is a suite of Web-based cloud desktop environments from Open-Xchange, Inc. in the United States. The environment allows users to manage email, tasks, files, etc. more intuitively. A cross-site scripting vulnerability exists in Open-Xchange AppSuite due to a failu...

Microsoft Exchange Server CVE-2016-3379 Cross Site Scripting Vulnerability

Description Microsoft Exchange Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow...

IBM WebSphere Portal XSS Vulnerability

IBM WebSphere Portal is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

IBM WebSphere Portal XSS Vulnerability

IBM WebSphere Portal is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

IBM WebSphere Portal XSS Vulnerability

IBM WebSphere Portal is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)

It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger...

Microsoft Internet Explorer CVE-2016-3245 Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute arbitrary script code in the context of the us...

ManageEngine ADSelfService Plus < 5.3 Build 5313 PasswordSelfServiceAPI XSS

The ManageEngine ADSelfService Plus application running on the remote host is affected by a cross-site scripting XSS vulnerability in PasswordSelfServiceAPI due to improper sanitization of user-supplied input to the 'PSSOPERATION' parameter. An unauthenticated, remote attacker can exploit this, v...

Juniper Junos Space < 15.1R3 Multiple Vulnerabilities (JSA10727)

According to its self-reported version number, the version of Junos Space running on the remote device is prior to 15.1R3. It is, therefore, affected by multiple unspecified vulnerabilities, including cross-site request forgery XSRF, default authentication credentials, information disclosure, and...

Microsoft Internet Explorer XSS Filter CVE-2016-3212 Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. They can then execute arbitrary script code in the context of th...

CVE-2016-4527

ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors...

CVE-2016-4527

ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors...

CVE-2016-4527

CVE-2016-4527 affects ABB PCM600. PTSecurity reports insecure password storage: PCM600 authentication accounts are stored as ASCII hex in manual program DB files, enabling a local attacker with access to PCM600 to obtain credentials. The vulnerability stems from how credentials are stored and is ...

VMware VRealize Operations Manager 6.x Oracle JRE JMX Deserialization RCE (VMSA-2016-0005)

The remote VMware vRealize Operations Manager vROps 6.x host is affected by a remote code execution vulnerability in the Oracle JRE JMX component due to a flaw related to the deserialization of authentication credentials. An unauthenticated, remote attacker can exploit this to execute arbitrary...

VMware product updates address critical and important security issues

a. Critical JMX issue when deserializing authentication credentials...

Microsoft Internet Explorer CVE-2016-0188 Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute arbitrary script code in the context of the us...

CANDID 'view.php' SQL Injection and Cross Site Scripting Vulnerabilities

CANDID is prone to sql injection and cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)

It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger...

OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)

It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger...

OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)

It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger...