2244 matches found
TYPO3 Formhandler Extension Cross-Site Scripting Vulnerability
TYPO3 is a Swiss TYPO3 Association maintains a free and open source content management system framework CMS/CMF. formhandler is one of the Web development form Form module extension plug-in . A cross-site scripting vulnerability exists in versions 2.3.1 and 2.0.2 of the TYPO3 Formhandler extensio...
NetApp Snap Creator Framework Clickjacking Vulnerability
NetApp Snap Creator Framework is the United States NetApp company's set of integrated NetApp functionality plug-ins and popular third-party applications framework. A clickjacking vulnerability exists in NetApp Snap Creator Framework version 4.3P1, which can be exploited by an attacker to compromi...
Apple iOS and OS X kernel denial of service vulnerability
Apple iOS and OS X are both products of the American Apple company. The former is an operating system developed for mobile devices and the latter is a specialized operating system developed for Mac computers. kernel is one of the kernel components. A security vulnerability exists in the kernel of...
Apple iOS WebKit Information Disclosure Vulnerability (CNVD-2016-01842)
Apple iOS is the operating system used by Apple for a number of smart devices. WebKit is a set of open-source web browser engines developed by KDE, Apple, Google and other companies, and is currently used by browsers such as Apple Safari and Google Chrome. Versions of iOS prior to 9.3 have a...
Apple iOS WebKit Information Disclosure Vulnerability (CNVD-2016-01843)
Apple iOS is the operating system used by Apple for a number of smart devices. WebKit is a set of open-source web browser engines developed by KDE, Apple, Google and other companies, and is currently used by browsers such as Apple Safari and Google Chrome. Versions of iOS prior to 9.3 and Safari...
Apple iOS Profiles Spoofing Vulnerability
iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. A security vulnerability exists in the implementation of Profiles before iOS 9.3 where certificates are not properly validated, and attackers can spoof this with...
Apple iOS IOHIDFamily Memory Corruption Vulnerability
iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. A memory corruption security vulnerability exists in the IOHIDFamily implementation in versions prior to iOS 9.3, which allows attackers to exploit the...
Apple iOS AppleUSBNetworking Memory Corruption Vulnerability
iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. A security vulnerability exists in the implementation of AppleUSBNetworking in versions prior to iOS 9.3, due to a failure to authenticate data from USB devices...
DEBIAN-CVE-2016-1977
The Machine::Code::decoder::analysis::setref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service stack memory corruption via a crafted Graphite smart font...
Cisco ACE 4710 Application Control Engine Command Injection Vulnerability
Cisco ACE 4710 Application Control Engine is the United States Cisco Cisco a set of ACE application switch series and used to increase the security and stability of data center applications load balancing and application delivery solutions. A command injection vulnerability exists in the Cisco AC...
CVE-2016-1149
Cross-site scripting XSS vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150...
CVE-2016-0405
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4 allows local users to affect confidentiality via vectors related to Cluster Manageability and Serviceability...
VulnCheck KEV: CVE-2015-7756
The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b,...
Cyrus IMAP index_urlfetch Information Disclosure Vulnerability
Cyrus IMAP Server is an e-mail server developed at Carnegie Mellon University. A security vulnerability exists in the function indexurlfetch in Cyrus IMAP versions 2.3.x-2.3.19, 2.4.x-2.4.18, 2.5.x-2.5.4 index.c. A remote attacker can exploit this vulnerability to obtain sensitive information by...
UBUNTU-CVE-2015-5804
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and...
WordPress GD bbPress Attachments plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports the PHP and MySQL server to set up a personal blog site. gd bbPress Attachments is one of the support for uploading attachments to the bbPress open-source forum progra...
WordPress GD bbPress Attachments Plugin Directory Traversal Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports the PHP and MySQL server to set up a personal blog site. gd bbPress Attachments is one of the support for uploading attachments to the bbPress open-source forum progra...
WordPress wp-powerplaygallery plugin 'upload.php' has multiple SQL injection vulnerabilities
WordPress is a blogging platform developed using the PHP language. WordPress wp-powerplaygallery plugin version 3.3 and earlier, there are multiple sql injection vulnerabilities in the implementation of upload.php, which can be exploited by an attacker to access or modify data, etc...
GetSimple CMS suffers from multiple cross-site scripting vulnerabilities (CNVD-2015-04182)
GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in Cagintranet Networks GetSimple CMS versions prior to...
The vulnerability of the Gentoo Linux operating system, which allows a malicious intruder to compromise the accessibility of protected information
The vulnerability of the openssh package up to version 4.3p2-r5 of the Gentoo Linux operating system can lead to a violation of the accessibility of protected information. This vulnerability can be exploited remotely...