Lucene search
+L

2292 matches found

cve
cve
added 2015/05/30 7:0 p.m.47 views

CVE-2015-2855

CVE-2015-2855 affects Blue Coat SSL Visibility Appliance WebUI on SV800/SV1800/SV2800/SV3800 (3.6.x–3.8.x before 3.8.4). The issue is that the administrator cookie in HTTPS sessions does not set the Secure flag, allowing an attacker to capture the cookie by intercepting its transmission in an HTT...

4.3CVSS6.5AI score0.01451EPSS
Exploits0References3Affected Software1
cve
cve
added 2015/05/30 7:0 p.m.55 views

CVE-2015-2854

The CVE-2015-2854 entry concerns Blue Coat SSL Visibility Appliance WebUI (SV800, SV1800, SV2800, SV3800) versions 3.6.x–3.8.3. The root cause is improper X-Frame-Options handling in the WebUI, failing to enforce same-origin policy and enabling clickjacking via crafted IFRAMEs. Impact is remote, ...

4.3CVSS6.7AI score0.01422EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2015/05/30 7:0 p.m.32 views

CVE-2015-4138

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attackers to obtain potentially sensitive...

5.9AI score0.01431EPSS
Exploits0References2
cve
cve
added 2015/05/30 7:0 p.m.50 views

CVE-2015-2853

CVE-2015-2853 is a session-fixation vulnerability in the WebUI of Blue Coat SSL Visibility Appliance (SV800, SV1800, SV2800, SV3800) affecting versions 3.6.x–3.8.x up to 3.8.4. The root cause is that the session ID is set before authentication and is not invalidated or changed after login, enabli...

6.8CVSS6.9AI score0.01539EPSS
Exploits0References3Affected Software1
cve
cve
added 2015/05/30 7:0 p.m.48 views

CVE-2015-2852

Blue Coat SSL Visibility Appliance WebUI (SV800/SV1800/SV2800/SV3800; 3.6.x–3.8.x before 3.8.4) is affected by CVE-2015-2852, a CSRF flaw that lets an attacker hijack an administrator’s session by inducing a logged-in user to trigger a malicious request. Root cause is CSRF in the WebUI component,...

4.3CVSS7.3AI score0.00708EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2015/05/30 7:0 p.m.20 views

CVE-2015-2852

Cross-site request forgery CSRF vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators...

7.1AI score0.00708EPSS
Exploits0References3
cvelist
cvelist
added 2015/05/30 7:0 p.m.27 views

CVE-2015-2853

Session fixation vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack web sessions by providing a session ID...

6.6AI score0.01539EPSS
Exploits0References3
symantec
symantec
added 2015/05/29 8:0 a.m.31 views

SA96 : SSL Visibility Appliance Web-based Vulnerabilities

SUMMARY The SSL Visibility Appliance is susceptible to multiple web-based vulnerabilities in the administration console. The console is accessible only through the dedicated administration port. A remote attacker can use these vulnerabilities to obtain administrative access to the SSL Visibility...

6.8CVSS0.6AI score0.01539EPSS
Exploits0Affected Software1
cert
cert
added 2015/05/29 12:0 a.m.34 views

Blue Coat SSL Visibility Appliance contains multiple vulnerabilities

Overview Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800, versions 3.6.x to 3.8.3, contain multiple vulnerabilities. Description Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800, versions 3.6.x to 3.8.3, contain multiple vulnerabilities.CWE-352: Cross-Site...

6.8CVSS6.3AI score0.01539EPSS
Exploits0References8
ubuntucve
ubuntucve
added 2015/04/01 10:59 a.m.23 views

CVE-2015-0810

Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element...

4.3CVSS7.2AI score0.0147EPSS
Exploits0References2
atlassian
atlassian
added 2015/03/15 10:56 p.m.17 views

Restricted blog post visible in the month summary page

Steps to reproduce: 1. create a new blog post, and restrict it to yourself 2. log in as another user and go to Blogs in sidebar 3. blog is not visible in the blogs summary page 4. click a visible blog in the same month 5. click the month link in the breadcrumb 5. restricted blog title and excerpt...

0.9AI score
Exploits0Affected Software1
atlassian
atlassian
added 2015/03/15 10:56 p.m.34 views

Restricted blog post visible in the month summary page

Steps to reproduce: 1. create a new blog post, and restrict it to yourself 2. log in as another user and go to Blogs in sidebar 3. blog is not visible in the blogs summary page 4. click a visible blog in the same month 5. click the month link in the breadcrumb 5. restricted blog title and excerpt...

0.9AI score
Exploits0Affected Software1
atlassian
atlassian
added 2015/03/15 10:56 p.m.26 views

Restricted blog post visible in the month summary page

Steps to reproduce: 1. create a new blog post, and restrict it to yourself 2. log in as another user and go to Blogs in sidebar 3. blog is not visible in the blogs summary page 4. click a visible blog in the same month 5. click the month link in the breadcrumb 5. restricted blog title and excerpt...

0.9AI score
Exploits0
osv
osv
added 2015/02/12 7:58 a.m.10 views

SUSE-SU-2015:0515-1 Security update for gnome-settings-daemon

gnome-settings-daemon was updated to fix a bug and a security issue: Security issue fixed: - CVE-2014-7300: The lockscreen can be bypassed with the Print Screen button. Bug fixed: - Do not hide the cursor while there was no mutter running bsc905158...

7.2CVSS6.2AI score0.00473EPSS
Exploits0References4
zdt
zdt
added 2015/01/08 12:0 a.m.56 views

WordPress Shopping Cart 3.0.4 - Unrestricted File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Shopping Cart 3.0.4 Unrestricted File Upload Date: 29-10-2014 Software Link: https://wordpress.org/plugins/wp-easycart/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website:...

6.5CVSS0.4AI score0.51617EPSS
Exploits7
osv
osv
added 2014/11/22 10:54 a.m.68 views

MGASA-2014-0483 Updated moodle package fixes security vulnerabilities

In Moodle before 2.6.5, without forcing encoding, it was possible that UTF7 characters could be used to force cross-site scripts to AJAX scripts although this is unlikely on modern browsers and on most Moodle pages MSA-14-0035. In Moodle before 2.6.5, an XSS issue through $searchcourse in...

7.5CVSS5.9AI score0.02427EPSS
Exploits0References18
nessus
nessus
added 2014/10/10 12:0 a.m.55 views

F5 Networks BIG-IP : GnuTLS vulnerability (SOL15637)

The gnutlsciphertext2compressed function in lib/gnutlscipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service buffer over-read and crash via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. C Tenable Network Security, Inc. The...

5CVSS6.3AI score0.35584EPSS
Exploits1References3
atlassian
atlassian
added 2014/10/01 2:52 p.m.26 views

Confluence Security Settings not respected by Confluence Questions

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47587. panel Hi Atlassian team, in our Confluence configuration we set "User email visibility" to "only visible to site...

1.8AI score
Exploits0Affected Software1
atlassian
atlassian
added 2014/10/01 2:52 p.m.18 views

Confluence Security Settings not respected by Confluence Questions

Hi Atlassian team, in our Confluence configuration we set "User email visibility" to "only visible to site administrators" However, we use the Confluence Questions plugin and if we click there on a Contact and "Contact info", the email is displayed even to anonymous users. As I am on vaccation fo...

1.7AI score
Exploits0Affected Software1
atlassian
atlassian
added 2014/10/01 2:52 p.m.21 views

Confluence Security Settings not respected by Confluence Questions

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47587. panel Hi Atlassian team, in our Confluence configuration we set "User email visibility" to "only visible to site...

1.8AI score
Exploits0Affected Software1
Rows per page
Query Builder