Novell GroupWise HTML Injection Vulnerability

Novell GroupWise is a cross-platform collaboration software. An HTML injection vulnerability exists in Novell GroupWise 2014 SP1, 2014 R2 SP1, and 2014 versions, which stems from the program failing to adequately filter user-submitted input. An attacker could be allowed to exploit the vulnerabili...

Foreman HTML Injection Vulnerability

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. An HTML injection vulnerability exists in Foreman, which arises from the program's failure to adequately...

PHP SPL Extended Integer Overflow Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.SPL Standard PHP Library is a collection of interfaces and class extensions for solving typical problems. SPL Standard PHP Library is an extensio...

PHP Gettext Remote Code Execution Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and program extensions in C, C++, etc. Gettext is one of the...

spacewalk-java: Multiple XSS flaws

A stored cross-site scripting XSS flaw was found in the way spacewalk-java displayed group names. An attacker can embed HTML and Javascript in the values for group names in Satellite, allowing them to inject malicious content into the web page that is then displayed when viewing the snapshot data...

UBUNTU-CVE-2016-5137

The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy CSP implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs,...

PHP Remote Code Execution Vulnerability (CNVD-2016-05253)

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A remote code execution vulnerability exists in versions of PHP prior to 5.5.36. An attacker could exploit this...

Multiple Vulnerabilities in Digitalstrom Konfigurator

The Digitalstrom Konfigurator is a smart home device from the Swiss company Digitalstrom. HTML injection vulnerabilities and cross-site scripting vulnerabilities exist in Digitalstrom Konfigurator. These vulnerabilities can be exploited by remote attackers to perform unauthorized actions, execute...

PHP suffers from httpoxy remote proxy infection vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. httpoxy is a set of vulnerabilities that affect application code running in a CGI environment. The vulnerabilities exist primarily in multiple w...

The vulnerability of the SPSS Statistics data analysis system allows a perpetrator to execute arbitrary codes on 32-bit platforms.

The vulnerability of the ActiveX component of SPSS Statistics is related to errors in the code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on 32-bit platforms using a specially crafted HTML document...

The vulnerability of the microprogramming software of Siemens Simatic S7-1200 programmable logic controllers allows a malicious individual to inject HTML headers.

The software of the programmable logic controller Simatic S7-1200 contains a vulnerability that allows a malicious individual to inject an HTML header into the device’s web server...

The vulnerability of the Cisco Wireless LAN Controller 4100 software allows for circumventing access restrictions.

Vulnerability exists in Cisco Wireless LAN Controller WLC devices due to the widespread use of the Aironet IOS software. This leads to a state where the controller acts as an administrative HTTP server. Exploiting this vulnerability allows malicious actors to bypass access restrictions by...

The vulnerability of the automated system for managing technological processes, SIMATIC WinCC, allows a remote attacker to gain unauthorized access to confidential information.

A vulnerability in Siemens SIMATIC WinCC software exists, related to an error that occurs when processing a specially crafted HTTP packet. Exploiting this vulnerability allows a malicious individual to gain access to confidential information by sending a specially crafted HTTP request to ports...

CVE-2016-5306

Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445...

DEBIAN-CVE-2016-5301

The parsechunkheader function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service crash via a crafted 1 HTTP response or possibly a 2 UPnP broadcast...

Multiple Huawei OceanStor Products Transmitting Token in Plaintext Vulnerability

Huawei OceanStor 5300 and others are storage products from Huawei, a Chinese company. A security vulnerability exists in multiple Huawei OceanStor products, which originates from a program sending session tokens in plaintext in HTTP headers. A remote attacker could exploit the vulnerability by...

PHP 'wddx_deserialize' function double release vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A double-release vulnerability exists in PHP's wddxdeserialize function, which can be exploited by a remote attacker to execute arbitrary code...

PHP '_php_mb_regex_ereg_replace_exec' function double release vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A double-release vulnerability exists in PHP's phpmbregexeregreplaceexec function, which can be exploited by an...

UBUNTU-CVE-2016-5771

splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash via crafted...

The vulnerability of the PHP interpreter allows attackers to cause errors in the application’s operation.

The vulnerability of the PHP format printer component is related to the repeated release of memory. Exploiting this vulnerability can allow a remote attacker to cause an error in the application’s operation...