1065 matches found
JVN#73182875: Multiple vulnerabilities in Cybozu Garoon
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2017-2090 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVSS v2| AV:N/AC:L/Au:S/C:P/I:P/A:P|...
DLA-832-1 bitlbee - security update
Bulletin has no description...
DSA-3784-1 viewvc - security update
Bulletin has no description...
DLA-811-1 libplist - security update
Bulletin has no description...
DLA-809-1 tcpdump - security update
Bulletin has no description...
DLA-804-1 libgd2 - security update
Bulletin has no description...
JVN#09460804: Knowledge vulnerable to cross-site request forgery
Knowledge provided by support-project.org is an open-source knowledge base platform. Knowledge contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Update to the...
DLA-795-1 tiff - security update
Bulletin has no description...
PT-2017-03: Buffer Overflow in Checker ATM Security
The specialists of the Positive Research center have detected a Buffer Overflow vulnerability in hecker ATM Security. An attacker able to spoof the control server can cause a buffer overflow and execute arbitrary code. How to fix Update your software up to the latest version Advisory status...
DSA-3743-2 python-bottle - regression update
Bulletin has no description...
DLA-778-1 pcsc-lite - security update
Bulletin has no description...
DSA-3751-1 libgd2 - security update
Bulletin has no description...
DSA-3750-1 libphp-phpmailer - security update
Bulletin has no description...
Cybozu Garoon vulnerable to cross-site request forgery
Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site request forgery vulnerability CWE-352. Yasuda Yuya reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...
Downloads Resources over HTTP
Overview Affected versions of nodeschnaps insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution ...
Cryptographically Weak PRNG
Overview Affected versions of randomatic generate random values using a cryptographically weak psuedo-random number generator. This may result in predictable values instead of random values as intended. Recommendation Update to version 3.0.0 or later. References - Commit 4a52695 - GitHub Advisory...
SUSE-SU-2016:2670-1 Security update for gd
This update for gd fixes the following issues: - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf bsc1004924 - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf bsc1005274...
Update Software Latest - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Update Software Latest published at the 'play' market has multiple vulnerabilities...
Usermin cross-site scripting vulnerabilties
Overview Usermin is a web-based interface used to manage webmail. Usermin contains reflected cross-site scripting vulnerabilities in /filter/saveforward.cgi, /filter/save.cgi and /man/search.cgi. Toshinobu Honjo of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC...
JVN#11288252: Cybozu Office vulnerable to Reflected File Download (RFD)
Cybozu Office contains a Reflected File Download RFD vulnerability. Impact If a user accesess a malicious page while logged in, unintended files may be downloaded. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected...