CVE-2018-19654

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a...

Default credentials

The forgotten-password feature in index.php/member/reset/resetemail.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force...

CVE-2018-11554

The forgotten-password feature in index.php/member/reset/resetemail.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force...

CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

Overview CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". Description Speculative execution is a technique used by many modern processors to improve performance by...

License count is incorrect on XMS console

We see consumed licenses on XMS console under Licensing tab is more while the total number of enrolled devices is less pulled a report from XM. The license file has been re-read on the licensing server and there is no change...

CVE-2014-9951

In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist...

Design/Logic Flaw

In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist...

Harvest: Client can redirect payment, causing payment discrepancy between Harvest and PayPal

Vulnerability details When a client views an invoice through the web interface, it'll show a "Pay with PayPal" button when a standard PayPal integration has been enabled. Clicking this button will submit a POST request to PayPal. This request contains a business parameter, which is the receiver o...

CVE-2016-9129

Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such...

CVE-2016-9129

CVE-2016-9129 affects Revive Adserver before 3.2.3. The issue is an information disclosure vulnerability where an attacker can determine whether an email address is associated with one or more user accounts by inspecting the password recovery message. This leaks partial confidentiality but cannot...

Job Fails with "Retrieved less bytes from the storage [0] than required"

Challenge A Backup or Backup Copy job fails with the error: Retrieved less bytes from the storage 0 than required Symptoms The point may or may not actually be present on the repository when you browse the storage itself. However, the key issue is that the point shows up as 0 B / Incomplete under...

Threat Outbreak Alert RuleID27478: Email Messages Distributing Malicious Software on January 27, 2017

Medium Alert ID: 52458 First Published: 2017 January 27 21:31 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID27478 may contain the following files: Name |...

Threat Outbreak Alert RuleID19516: Email Messages Distributing Malicious Software on November 20, 2015

Medium Alert ID: 42195 First Published: 2015 November 20 15:33 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID19516 may contain the following files: Name |...

httpd: HTTP request smuggling attack against chunked request parser

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...

CVE-2014-5204

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack...

SAP Router - Timing Attack Password Disclosure

No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL:...

Cerberus FTP Server SFTP Username Enumeration

This module uses a dictionary to brute force valid usernames from Cerberus FTP server via SFTP. This issue affects all versions of the software older than 6.0.9.0 or 7.0.0.2 and is caused by a discrepancy in the way the SSH service handles failed logins for valid and invalid users. This issue was...

SAP Router Password Timing Attack

Advisory ID Internal CORE-2014-0003 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL:https://www.coresecurity.com/core-labs/advisories/sap-router-password-timing-attack Date published: 2014-04-15 Date of last update: 2014-03-06 Vendors...

CVE-2014-0411

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle ha...

Design/Logic Flaw

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle ha...