OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)

It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger...

OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)

It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger...

OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)

It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger...

Exponent CMS 2.3.5 Cross Site Scripting

CVE-2015-8667 - Exponent CMS 2.3.5 Multiple Cross Site Scripting Vulnerabilities Product : Exponent CMS CVE : CVE-2015-8667 Author : Sachin Wagh Affected Version : Exponent CMS 2.3.5 Fixed Version: Exponent CMS 2.3.7 ============================================================================...

OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)

It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger...

Cisco Adaptive Security Appliance WebVPN Portal Cross-Site Scripting Vulnerability

Cisco Adaptive Security Appliances ASA, Adaptive Security Appliances Software is a set of firewall appliances from Cisco USA. The device also includes IPS Intrusion Prevention System, SSL VPN, IPSec VPN, anti-spam and other features. A cross-site scripting vulnerability exists in the Cisco Adapti...

hadoop2 -- unauthorized disclosure of data vulnerability

Arun Suresh reports: RPC traffic from clients, potentially including authentication credentials, may be intercepted by a malicious user with access to run tasks or containers on a cluster...

OSSEC Web UI 'searchid' Parameter Cross Site Scripting Vulnerability

OSSEC Web UI is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

FreeBSD : Salt -- multiple vulnerabilities (3934cc60-f0fa-4eca-be09-c8bd7ae42871)

Salt release notes : CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials in loglevel debug output on the Salt master. These credentials are now replaced with REDACTED in the...

Open-Xchange (OX) App Suite Multiple Vulnerabilities - 01 (Oct 2015)

Open-Xchange OX App Suite is prone to multiple vulnerabilities. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

devise-two-factor 1.1.0 and earlier vulnerable to replay attacks

A OTP replay vulnerability in devise-two-factor 1.1.0 and earlier allows local attackers to shoulder-surf a user's TOTP verification code and use it to login after the user has authenticated. By not "burning" a previously used TOTP, devise-two-factor allows a narrow window of opportunity aka the...

SolarWinds Orion IP Address Manager (IPAM) 'search.aspx' Cross Site Scripting Vulnerability

CVE-2012-4939SolarWinds Orion IP Address Manager IPAM is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affect...

CVE-2015-3754

The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site...

UBUNTU-CVE-2015-3754

The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site...

Moderate: Red Hat Security Advisory: ceph-deploy security update

An updated ceph-deploy package that fixes two security issues is now available for Red Hat Ceph Storage. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...

ceph-deploy: keyring permissions are world readable in ~ceph

It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file...

WordPress Plugin Landing Pages Cross-Site Scripting Vulnerability

WordPress is a set of blogging platform developed using the PHP language, support for setting up personal blog sites on PHP and MySQL servers.NewStatPress is a plugin for website access statistics management. A cross-site scripting vulnerability exists in the WordPress plugin Landing Pages. An...

Scientific Linux Security Update : virt-who on SL7.x (noarch) (20150305)

It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world- readable. A local user could use this flaw to obtain authentication credentials from this file. CVE-2014-0189 The virt-who package has been upgraded to upstre...

Moderate: Red Hat Security Advisory: virt-who security, bug fix, and enhancement update

An updated virt-who package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

Fortinet FortiWeb Multiple XSS Vulnerabilities (FG-IR-14-012)

Fortinet FortiWeb is prone to multiple reflective cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...