21 matches found
EUVD-2012-2550
Malware in sbrugna...
EUVD-2012-2551
Malware in sbrugna...
EUVD-2012-3321
Malware in sbrugna...
CVE-2012-2565
Bloxx Web Filtering before 5.0.14 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach...
CVE-2012-2564
Multiple cross-site request forgery CSRF vulnerabilities in the administrative interface in Bloxx Web Filtering before 5.0.14 allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions...
CVE-2012-2566
Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypass intended IP address and domain restrictions, and trigger misleading log entries, via a crafted...
CVE-2012-2563
Multiple cross-site scripting XSS vulnerabilities in Bloxx Web Filtering before 5.0.14 allow 1 remote attackers to inject arbitrary web script or HTML via web traffic that is examined within the Bloxx Reports component, and allow 2 remote authenticated administrators to inject arbitrary web scrip...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Bloxx Web Filtering before 5.0.14 allow 1 remote attackers to inject arbitrary web script or HTML via web traffic that is examined within the Bloxx Reports component, and allow 2 remote authenticated administrators to inject arbitrary web scrip...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the administrative interface in Bloxx Web Filtering before 5.0.14 allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different...
CVE-2012-2564
Multiple cross-site request forgery CSRF vulnerabilities in the administrative interface in Bloxx Web Filtering before 5.0.14 allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions...
CVE-2012-3343
Cross-site request forgery CSRF vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different...
CVE-2012-2563
CVE-2012-2563 refers to multiple XSS vulnerabilities in Bloxx Web Filtering prior to 5.0.14, including Persistent XSS in Bloxx Reports and in various administrative menu functions. The associated CVE also covers related issues (CVE-2012-2564 CSRF, CVE-2012-2565/2566 related risks) described in th...
CVE-2012-3343
CVE-2012-3343 describes a CSRF vulnerability in Microdasys prior to 3.5.1-B708, used in Bloxx Web Filtering prior to 5.0.14 and other products. The issue allows remote attackers to hijack the authentication of arbitrary users by triggering requests that lead to error pages containing XSS sequence...
CVE-2012-2564
Bloxx Web Filtering before 5.0.14 is affected by multiple CSRF vulnerabilities in the administrative interface that allow remote attackers to hijack authentication and perform administrative actions. The underlying issue is Cross-Site Request Forgery in the admin UI, with potential for informatio...
CVE-2012-2566
CVE-2012-2566 concerns Bloxx Web Filtering prior to 5.0.14. The issue is that the product does not correctly interpret the X-Forwarded-For header during HTTPS access-control and logging, which can allow an unauthenticated user to bypass IP/domain restrictions and produce misleading logs. The entr...
CVE-2012-2566
Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypass intended IP address and domain restrictions, and trigger misleading log entries, via a crafted...
CVE-2012-2563
Multiple cross-site scripting XSS vulnerabilities in Bloxx Web Filtering before 5.0.14 allow 1 remote attackers to inject arbitrary web script or HTML via web traffic that is examined within the Bloxx Reports component, and allow 2 remote authenticated administrators to inject arbitrary web scrip...
CVE-2012-2565
Bloxx Web Filtering before 5.0.14 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach...
CVE-2012-2565
CVE-2012-2565 affects Bloxx Web Filtering before 5.0.14. The issue is that password hashes are computed without a salt, enabling context-dependent attackers to recover cleartext passwords via rainbow tables. Impact, if exploited, includes potential password compromise for administrator credential...