Novell Service Desk clientImportUploadForm Directory Traversal (CVE-2016-1593)

A directory traversal vulnerability exists in Novell Service Desk. The vulnerability is due to an input validation error when accepting user uploaded files via the clientImportUploadForm form. A remote authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the...

Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload (CVE-2016-1524; CVE-2016-1525)

An arbitrary file upload vulnerability exists in Netgear ProSafe NMS300. The vulnerability is due to inadequate access control and input validation error when accepting user uploaded files to fileUpload.do control. A remote unauthenticated attacker could exploit this vulnerability by sending...

[SECURITY] [DLA 484-1] graphicsmagick security update

Version : 1.3.16-1.1+deb7u1 CVE ID : CVE-2015-8808 CVE-2016-2317 CVE-2016-2318 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 Debian Bug : 814732 Several security vulnerabilities were discovered in graphicsmagick a tool to manipulate image files. GraphicsMagick is a fork of...

CVE-2016-1801

CVE-2016-1801 affects Apple CFNetwork Proxies in iOS (before 9.3.2), OS X (before 10.11.5), and tvOS (before 9.2.1). The vulnerability is an information leak in the handling of HTTP/HTTPS requests, allowing a privileged network-position attacker to obtain sensitive user data through URL handling....

DSA-3580-1 imagemagick - security update

Bulletin has no description...

Oracle GlassFish Server ThemeServlet Directory Traversal

A directory traversal vulnerability exists in Oracle GlassFish Server. The vulnerability is due to insufficient input validation while processing HTTP requests to the /theme/ URI. A remote, unauthenticated attacker can exploit this vulnerability by sending a malicious request to the vulnerable...

CVE-2016-1670

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resourcedispatcherhostimpl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID...

CVE-2016-1670

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resourcedispatcherhostimpl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID...

Race condition

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resourcedispatcherhostimpl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID...

CVE-2016-1670

Removed by vendor...

CVE-2016-1670

CVE-2016-1670 is a race-condition flaw in Google Chrome (Chromium core) prior to 50.0.2661.102. The issue affects ResourceDispatcherHostImpl::BeginRequest in content/browser/loader/resource_dispatcher_host_impl.cc, where a renderer process could cause the loader to reuse request IDs, enabling a r...

CVE-2016-1670

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resourcedispatcherhostimpl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID...

CVE-2016-1670

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resourcedispatcherhostimpl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID...

CVE-2016-1670

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resourcedispatcherhostimpl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID...

Amazon Linux AMI : ImageMagick (ALAS-2016-699) (ImageTragick)

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...

Cisco Finesse Server-Side Request Forgery Vulnerability

Cisco Finesse is a set of call center management software from the U.S. company Cisco Cisco. The software enhances call center service quality, improves customer experience, and increases agent satisfaction. A server-side request forgery vulnerability exists in Cisco Finesse, which stems from the...

Oracle Application Testing Suite DownloadServlet file Directory Traversal (CVE-2016-0482)

A directory traversal vulnerability exists in Oracle Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with the "file" parameter. A remote unauthenticated attacker can exploit this vulnerability by sendin...

Oracle Application Testing Suite DownloadServlet scriptPath Directory Traversal (CVE-2016-0484)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter scriptPath. A remote, unauthenticated attacker can exploit this vulnerability by...

Cisco IOS Software SSL VPN Denial of Service Vulnerability (cisco-sa-20140326-ios-sslvpn)

A vulnerability in the Secure Sockets Layer SSL VPN subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

Oracle ATS DownloadServlet scriptName Directory Traversal (CVE-2016-0478)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/olt/download" URI with parameter scriptName. A remote unauthenticated attacker can exploit this vulnerability by...