463 matches found
GlobaLeaks - The Open-Source Whistleblowing Software
GlobaLeaks is open-source / free software intended to enable secure and anonymous whistleblowing initiatives developed by the Hermes Center for Transparency and Digital Human Rights. For the user manual refer to the GlobaLeaks's User Manual. For the developer documentation refer to the GlobaLeaks...
Description of the security update for SharePoint Enterprise Server 2016: June 12, 2018
Description of the security update for SharePoint Enterprise Server 2016: June 12, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...
CVE-2018-0334
A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading...
CVE-2018-0334
A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading...
Wordpress Codestyling Localization plugin multiple cross-site request forgery vulnerabilities
WordPress is the WordPress Software Foundation's set of blogging platform using the PHP language development, the platform supports in PHP and MySQL server set up personal blog site.Codestyling Localization is one of the localization language development translation package plugin. Multiple...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress...
CVE-2015-4179
Multiple cross-site request forgery CSRF vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress...
CVE-2015-4179
CVE-2015-4179: Multiple CSRF vulnerabilities in WordPress Codestyling Localization plugin versions 1.99.30 and earlier. Affected component: Codestyling Localization plugin for WordPress; root cause is CSRF weaknesses allowing unauthorized actions. Exploitation details are not provided in the supp...
CVE-2015-4179
Multiple cross-site request forgery CSRF vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress...
CloudBees Jenkins Translation Assistance Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins is the U.S. CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . Translation Assistance Plugin is used to assist in the...
Cross site request forgery (csrf)
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator...
SSRF vulnerability in APPCMS admin\download_frame.php file
APPCMS is a professional APP content management system that provides a variety of extension modules, such as information, recommended positions, topics, friendly links, body internal links and so on, to help webmasters better personalize their own websites. An SSRF vulnerability exists in the...
SimpleWall - Simple tool to configure Windows Filtering Platform (WFP)
Simple tool to configure Windows Filtering Platform WFP which can configure network activity on your computer. The lightweight application is less than a megabyte, and it is compatible with Windows Vista and higher operating systems. You can download either the installer or portable version. For...
Unauthorized Access
Apache Hadoop Mapreduce is vulnerable to unauthorized access. If a file with world-readable access permissions is localized through YARN's localization mechanism, the file will be stored in a world-readable location that can then be accessed by a malicious user...
CVE-2017-3166
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any...
Design/Logic Flaw
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any...
CVE-2017-3166
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any...
CVE-2017-3166
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any...
CVE-2017-3166
CVE-2017-3166 affects Apache Hadoop: if a file in an encryption zone is world-readable and localized via YARN localization, it can be stored in a world-readable location and shared with any requesting application. Affected Hadoop versions per the document: 2.6.1–2.6.5, 2.7.0–2.7.3, and 3.0.0-alph...
Commerce invoices - Highly Critical - SQL Injection and Cross Site scripting - DRUPAL-SA-CONTRIB-2017-070
Commerce Invoices allows you to enter an Invoice number, Company name and Amount and it will generate an Invoice that the client can pay on your site using any payment method supported by Drupal commerce. SQL Injection The module did not properly use Drupal's database API when querying the databa...