WordPress Depicter plugin cross-site request forgery vulnerability

WordPress Depicter plugin is a slider, popup and rotator image creation tool designed for WordPress, offering a no-code interface and rich customization features. The WordPress Depicter plugin suffers from a cross-site request forgery vulnerability, which originates from a web application that do...

Security Bulletin: Vulnerabilities in Websphere Liberty Profile (WLP) affect Power Management Console (CVE-2015-2017, CVE-2015-1927, CVE-2015-4938)

Summary Websphere liberty Profile is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-4938 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to spoof a servlet. An attacker could exploit this...

CVE-2013-0342

The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294...

Design/Logic Flaw

Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the...

Microsoft Windows DNS Client Service Response Spoofing Vulnerability

Description Microsoft Windows operating systems are prone to a vulnerability that lets attackers spoof DNS clients. This issue occurs because the software fails to employ properly secure random numbers when creating DNS transaction IDs. Successfully exploiting this issue allows remote attackers t...