sonoworld.com XSS vulnerability

Vulnerable URL: https://www.sonoworld.com/Client/SearchResults.aspx?SearchString=fetal heart'"--!...

cpotools.com XSS vulnerability

Vulnerable URL: http://www.cpotools.com/on/demandware.store/Sites-Bosch-Site/default/Search-Show?q=tools'"--!...

brooksrunning.com XSS vulnerability

Vulnerable URL: http://www.brooksrunning.com/enus/search?q=beast'"--!...

ucsf.edu XSS vulnerability

Vulnerable URL: http://www.ucsf.edu/search?search=alert/OPENBUGBOUNTY/...

echobridgeac.com XSS vulnerability

Vulnerable URL: http://www.echobridgeac.com/search.php?keyword=sd=homeent...

CVE-2016-7966

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign = or a space into the injected HTML, which greatly reduces the available HTML functionality...

CVE-2016-7966

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign = or a space into the injected HTML, which greatly reduces the available HTML functionality...

ljudfokus.se XSS vulnerability

Vulnerable URL: http://www.ljudfokus.se/showseek.php?searchstring=...

CVE-2016-7868

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution...

CVE-2016-7868

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution...

CVE-2016-7868

Adobe Flash Player suffers a buffer overflow/underflow in the RegExp class related to alternation, affecting versions 23.0.0.207 and earlier and 11.2.202.644 and earlier. Successful exploitation could lead to arbitrary code execution. Remediation: upgrade to version 24.0.0.186 or newer as the fix...

Splunk Enterprise SSRF Vulnerability (SP-CAAAPSR)

Splunk Enterprise is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Design/Logic Flaw

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Management Security Appliance SMA could allow an unauthenticated, remote attacker to impersonate the update server. More Information:...

CVE-2016-7873

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the PSDK class related to ad policy functionality method. Successful exploitation could lead to arbitrary code execution...

[SECURITY] Fedora 24 Update: php-simplesamlphp-saml2-2.3.3-1.fc24

A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp 1, used by OpenConext 2. This library started as a collaboration between UNINETT 3 and SURFnet 4 but everyone is invited to contribute. Autoloader: /usr/share/php/SAML2/autoload.php 1 https://www.simplesamlphp.org/ 2...

[SECURITY] Fedora 24 Update: php-simplesamlphp-saml2_1-1.10.3-1.fc24

A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp 1, used by OpenConext 2. This library started as a collaboration between UNINETT 3 and SURFnet 4 but everyone is invited to contribute. Autoloader: /usr/share/php/SAML21/autoload.php 1 https://www.simplesamlphp.org/ 2...

PT-2016-2960 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 23.0.0.207 and earlier Adobe Flash Player versions 11.2.202.644 and earlier Description: The issue is caused by a buffer boundary violation in the RegExp class of the Flash Player platform. Exploitation of this iss...

ALPINE-CVE-2016-9864

An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and ...

CVE-2016-9853

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

CVE-2016-9852

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...