CVE-2017-5533

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability whic...

CVE-2017-5533

CVE-2017-5533 affects TIBCO JasperReports Server family (Server, Community Edition, ActiveMatrix BPM, AWS variants) with a vulnerability in the server content cache that fails to block remote access to web application contents, including configuration files. Affected releases are 6.4.0 across the...

CVE-2017-5533

Removed by vendor...

Design/Logic Flaw

Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript...

CVE-2014-3150

Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript...

CVE-2014-3150

CVE-2014-3150 affects Livebox 1.1. Remote authenticated attackers can upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted JavaScript. The connected sources corroborate the vulnerability but do not provide detailed root cause, affected...

Debian DSA-4030-1 : roundcube - security update

A file disclosure vulnerability was discovered in roundcube, a skinnable AJAX based webmail solution for IMAP servers. An authenticated attacker can take advantage of this flaw to read roundcube's configuration files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

[SECURITY] [DSA 4030-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4030-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 09, 2017 https://www.debian.org/security/faq -...

CVE-2017-16651

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid...

Design/Logic Flaw

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid...

CVE-2017-16651

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid...

CVE-2017-16651

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid...

CVE-2017-16651

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid...

CVE-2017-16651

CVE-2017-16651 - Roundcube Webmail file disclosure : Authenticated users can read arbitrary files on the host filesystem via the file-based attachment plugin workflow (_task=settings&_action=upload-display&_from=timezone). Affected versions include Roundcube before 1.1.10, 1.2.x before 1.2.7, and...

CVE-2017-16651

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid...

CVE-2017-16651

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host’s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid...

roundcube -- file disclosure vulnerability

MITRE reports: Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target syst...

SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:2907-1) (Optionsbleed)

This update for apache2 fixes the following issues : - Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni 1' in the configuration files. bsc1052830 - Allow ECDH again in modssl, it had been incorrectly disabled with the 2.2.34 update. bsc1064561 Following security issue has...

ZTE ZXR10 1800-2S Path Traversal Vulnerability

The ZTE ZXR10 1800-2S is a router from China's ZTE Corporation ZTE. A security vulnerability exists in the ZTE ZXR10 1800-2S prior to version 3.00.40, which originates from the program failing to properly restrict unauthorized users' access to resources. The vulnerability can be exploited by an...

ZTE ZXR10 1800-2S Improper Access Control Vulnerability

The ZTE ZXR10 1800-2S is a router from ZTE. The ZTE ZXR10 1800-2S fails to properly restrict the range of file download directories for web users, allowing remote attackers to exploit the vulnerability by submitting special requests to download configuration files and steal sensitive information...