httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2017:0906 An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20170412)

Security Fixes : - It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack...

WordPress Spider Event Calendar 1.5.51 Plugin - Blind SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================= MGC ALERT 2017-003 - Original release date: April 06, 2017 - Last revised: April 10, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score...

WordPress Spider Event Calendar 1.5.51 Blind SQL Injection

============================================= MGC ALERT 2017-003 - Original release date: April 06, 2017 - Last revised: April 10, 2017 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score ============================================= I. VULNERABILITY...

Unnamed Vulnerability in Apple iOS/tvOS/macOS/watchOS HTTPProtocol Component

iOS is a mobile operating system developed by Apple Inc. First announced at the Macworld conference on January 9, 2007, it was originally designed for use with the iPhone, and has since been applied to the iPod touch, iPad, and Apple TV. tvOS is an Apple-developed system based on iOS. tvOS is the...

DEBIAN-CVE-2017-7443

apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0ad regular expression...

HTTP Protocol Remote Code Execution

A remote code execution vulnerability exists in HTTP protocol. By sending a request containing a specially crafted EXE file, a remote attacker can exploit this vulnerability in order to execute arbitrary code on the effected system...

Design/Logic Flaw

An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits credentials with the HTTP protocol, which could be sniffed by an attacker that may result in the compromise of account credentials...

CVE-2016-5786

An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits credentials with the HTTP protocol, which could be sniffed by an attacker that may result in the compromise of account credentials...

CVE-2016-5786

An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits credentials with the HTTP protocol, which could be sniffed by an attacker that may result in the compromise of account credentials...

CVE-2016-5786

CVE-2016-5786 affects OmniMetrix OmniView (Version 1.2). The vulnerability arises because the OmniView web application transmits credentials using HTTP (cleartext), enabling network-level interception and potential credential compromise. The issue is categorized under cleartext transmission of se...

About the security content of Safari 10 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

Oracle FLEXCUBE Private Banking Security Bypass Vulnerability (CNVD-2017-00790)

Oracle FLEXCUBE Private Banking is a product of Oracle Corporation USA. It plans, records, tracks and manages client wealth across a range of asset classes and tools to increase financial advisor productivity and improve client relationships. A remote security bypass vulnerability exists in Oracl...

Oracle FLEXCUBE Private Banking Security Bypass Vulnerability (CNVD-2017-00792)

Oracle FLEXCUBE Private Banking is a product of Oracle Corporation USA. It plans, records, tracks and manages client wealth across a range of asset classes and tools to increase financial advisor productivity and improve client relationships. A remote security bypass vulnerability exists in Oracl...

Unspecified Vulnerability in Oracle FLEXCUBE Universal Banking (CNVD-2017-00946)

Oracle FLEXCUBE Universal Banking is the United States Oracle Oracle company's set of real-time, online coverage of retail, group, investment banking, a comprehensive solution. The program supports multi-currency, multi-language and multi-entity operations. A remote security vulnerability exists ...

Unspecified Vulnerability in Oracle FLEXCUBE Universal Banking (CNVD-2017-00950)

Oracle FLEXCUBE Universal Banking is the United States Oracle Oracle company's set of real-time, online coverage of retail, group, investment banking, a comprehensive solution. The program supports multi-currency, multi-language and multi-entity operations. A remote security vulnerability exists ...

Unspecified Vulnerability in Oracle FLEXCUBE Universal Banking (CNVD-2017-00939)

Oracle FLEXCUBE Universal Banking is the United States Oracle Oracle company's set of real-time, online coverage of retail, group, investment banking, a comprehensive solution. The program supports multi-currency, multi-language and multi-entity operations. A remote security vulnerability exists ...

Oracle E-Business Suite Remote Vulnerability (CNVD-2017-00964)

Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. Oracle Universal Work Queue is one of the universal work queue component. A remote vulnerability exists in the Oracle Universal Work Queue component o...

Oracle E-Business Suite Remote Vulnerability (CNVD-2017-00963)

Oracle E-Business Suite E-Business Suite is a fully integrated suite of global business management software from Oracle Corporation, of which Oracle Advanced Outbound Telephony is a component that improves the efficiency of customer interaction calls. A remote vulnerability exists in the Oracle...

Oracle E-Business Suite Remote Vulnerability (CNVD-2017-00966)

Oracle E-Business Suite E-Business Suite is a fully integrated suite of global business management software from Oracle Corporation, of which Oracle One-to-One Fulfillment is a component that sends information, letters and statements to customers. A remote vulnerability exists in the Oracle...