4662 matches found
Apache ActiveMQ Web Console Single Click Hijacking Vulnerability
Apache ActiveMQ is a popular messaging and integration model provider . A security vulnerability exists in Apache ActiveMQ 5.0.0 - 5.13.1 due to an unset X-Frame-Options header for HTTP responses in the Web Management Console. This allows attackers to perform unauthorized operations in the consol...
Cybozu Office Security Mechanism Bypass Vulnerability (CNVD-2016-01259)
Cybozu Office is a WEB-based cross-platform office solution developed by Cybozu Japan. A security mechanism bypass vulnerability exists in Cybozu Office versions 9.9.0 through 10.3.0, which can be exploited by a remote, authenticated user to bypass established access restrictions and read or writ...
Cybozu Office Security Mechanism Bypass Vulnerability (CNVD-2016-01257)
Cybozu Office is a WEB-based cross-platform office solution developed by Cybozu Japan. A security mechanism bypass vulnerability exists in Cybozu Office versions 9.9.0 through 10.3.0, which can be exploited by a remote, authenticated user to bypass established access restrictions and read or writ...
Cybozu Office Security Mechanism Bypass Vulnerability (CNVD-2016-01258)
Cybozu Office is a WEB-based cross-platform office solution developed by Cybozu Japan. A security mechanism bypass vulnerability exists in Cybozu Office versions 9.9.0 through 10.3.0, which can be exploited by a remote, authenticated user to bypass established access restrictions and read or writ...
PowerDNS Authoritative Server Packet Resolution Error Vulnerability
PowerDNS Authoritative Server provides DNS-related products and services. PowerDNS Authoritative Server versions 3.4.4-3.4.7 fail to properly process carefully constructed query packets and contain a packet parsing security vulnerability that can be exploited by remote attackers to cause a denial...
UBUNTU-CVE-2015-3148
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request...
CA Spectrum Elevation of Privilege Vulnerability
CA Spectrum formerly known as CA Spectrum Infrastructure Manage is a set of converged infrastructure management software developed by CA. The software provides fault management, application performance management and failure cause analysis and other functions. A security vulnerability exists in C...
CVE-2 0 1 5-0 2 0 4 OpenSSL FREAK Attack vulnerability detection methods and repair recommendations-vulnerability warning-the black bar safety net
0×0 1 Introduction Near the Lantern Festival on the occasion, OpenSSL and because of the FREAK attack(also known as the Factoring Attack on RSA-EXPORT Keys vulnerability or CVE-2 0 1 5-0 2 0 4. the vulnerability fights uproar. Apple and Google are in on Tuesday indicated that they are fixing the...
Symantec NetBackup OpsCenter Arbitrary Code Execution Vulnerability
Symantec NetBackup OpsCenter is a unified data protection management software from Symantec Symantec. The software allows centralized monitoring and reporting of the operational status of heterogeneous data protection environments through a console. A security vulnerability exists in Symantec...
DEBIAN-CVE-2014-9620
The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes...
DEBIAN-CVE-2014-4344
The accctxcont function in the SPNEGO acceptor in lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty continuation token at a certain point...
UBUNTU-CVE-2014-5177
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the 1 virDomainDefineXML, 2 virNetworkCreateXML, 3...
DEBIAN-CVE-2014-0172
Integer overflow in the checksection function in dwarfbeginelf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed compressed debug section in an ELF...
PYSEC-2014-54
Multiple cross-site scripting XSS vulnerabilities in 1 spamProtect.py, 2 pts.py, and 3 request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
DEBIAN-CVE-2013-6422
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification CURLOPTSSLVERIFYPEER, also disables the CURLOPTSSLVERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle MITM...
UBUNTU-CVE-2013-4435
Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...
DEBIAN-CVE-2013-5093
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...
python-keystoneclient: middleware memcache encryption and signing bypass
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass...
python-keystoneclient: middleware memcache encryption and signing bypass
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass...
DEBIAN-CVE-2012-2768
Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...