7377 matches found
DSA-3486-1 chromium-browser - security update
Bulletin has no description...
LeaseWeb: Apache version disclosed on developer.leaseweb.com
HI For URL "http://developer.leaseweb.com/asdfadsf" apache version is disclosed in response header "Server" Connection: keep-alive Content-Encoding: gzip Content-Length: 174 Content-Type: text/html; charset=iso-8859-1 Date: Sat, 20 Feb 2016 05:11:18 GMT Server: Apache/2.4.7 Vary: User-Agent This...
JVN#31524757: EC-CUBE plugin "Help plug-in" vulnerable to SQL injection
EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability CWE-89. Impact Information stored in the database may be obtained or altered by a remote attacker. Solution Update the plugin Update to the latest version according to the information provided by the developer...
JVN#71428831: Cybozu Office vulnerable to open redirect
Cybozu Office contains an open redirect vulnerability in network functions. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest version...
Google Chrome Multiple Vulnerabilities (Feb 2016) - Linux
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
JVN#69278491: Cybozu Office vulnerable to cross-site scripting
Cybozu Office contains a cross-site scripting vulnerability CWE-79 in multiple functions. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected Cyboz...
JVN#48720230: Cybozu Office access restriction bypass vulnerability
Cybozu Office contains an access restriction bypass vulnerability in multiple functions. Impact A remote unauthenticated attacker may view the information about the groupware. An authenticated attacker may obtain privileged information or may cause specific functions to become unusable. Solution...
Design/Logic Flaw
The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...
CVE-2016-1627
The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...
CVE-2016-1627
Removed by vendor...
The vulnerability of the OpenJDK application developer’s tools allows a hacker to execute arbitrary code.
The vulnerability of the .desktop file in the OpenJDK application development kit lies in the fact that it contains a MIME registration, which is added to /etc/mailcap. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Scareware Signed with Apple Cert Targets Mac OS X Machines
A unique scareware campaign targeting Mac OS X machines has been discovered, and it’s likely the developer behind the malware has been at it a while since the installer that drops the scareware is signed with a legitimate Apple developer certificate. “Sadly, this particular developer certificate...
WordPress Update Fixes SSRF, Open Redirect Vulnerability
Developers at WordPress are encouraging users to upgrade to the latest version, 4.4.2, in order to resolve a handful of bugs and vulnerabilities in the content management system. The update pushed out on Tuesday addresses two main issues. Until yesterday an attacker could have potentially carried...
JVN#12165579: Vine MV vulnerable to cross-site scripting
Vine MV contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected Vine MV prior to commit...
JVN#54686544: HOME SPOT CUBE multiple vulnerabilities
HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains multiple vulnerabilities listed below. Cross-site scripting - CVE-2016-1136 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.3 CVSS v2|...
Use-after-free in NSS during SSL connections in low memory — Mozilla
Mozilla developer Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability...
Unspecified Vulnerability in Oracle Database XML Developer's Kit for C Component
Oracle Database is a large database of commercial nature. An unspecified security vulnerability exists in the Oracle Database XML Developer's Kit for C component, which could be exploited by remote attackers to conduct denial-of-service attacks...
Telegram (API) - Cross Site Request Forgery Vulnerabilities
Document Title: =============== Telegram API - Cross Site Request Forgery Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1648 Release Date: ============= 2016-01-17 Vulnerability Laboratory ID VL-ID: ====================================...
Ember.js XSS Vulnerability with User-Supplied JSON
By default, Ember will escape any values in Handlebars templates that use double curlies value. Developers can specifically opt out of this escaping behavior by passing an instance of SafeString rather than a raw string, which tells Ember that it should not escape the string because the developer...
[SECURITY] [DLA 383-1] claws-mail security update
Package : claws-mail Version : 3.7.6-4+squeeze2 CVE ID : CVE-2015-8614 CVE-2015-8708 "DrWhax" of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account...