7690 matches found
cluthaprint.co.nz XSS vulnerability
Vulnerable URL: https://www.cluthaprint.co.nz/cart.php?id=9=0=8"';--=add\n Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 21398161 VIP website status:| No Check cluthaprint.co.nz S...
CVE-2017-3518
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control subcomponent: Discovery Framework. Supported versions that are affected are 12.1.0, 13.1.0 and 13.2.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access v...
Code injection
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control subcomponent: Discovery Framework. Supported versions that are affected are 12.1.0, 13.1.0 and 13.2.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access v...
CVE-2017-3499
CVE-2017-3499 affects Oracle Fusion Middleware’s Oracle Social Network Android Client (prior to 11.1.12.0.0). It is exploitable over HTTPS by an unauthenticated, network-accessing attacker, potentially leading to unauthorized access to confidential Oracle Social Network data. Root cause and speci...
CVE-2017-3499
Vulnerability in the Oracle Social Network component of Oracle Fusion Middleware subcomponent: Android Client. The supported version that is affected is prior to 11.1.12.0.0 17019101. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTPS to compromise...
Fedora 24 : php-pear-CAS (2017-d9d620366e)
Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...
Fedora 25 : php-pear-CAS (2017-2a90185a04)
Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...
CVE-2016-1520
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application...
Design/Logic Flaw
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application...
Session fixation
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have...
CVE-2016-1518
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have...
CVE-2016-1520
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application...
oppo.com XSS vulnerability
Vulnerable URL: http://www.oppo.com/my/supports/imei-check/checkimei.php?ino="--! Details: Description| Value ---|--- Patched:| Yes, at 21.09.2017 Latest check for patch:| 21.09.2017 01:13 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 9247 VIP website status:|...
USN-3262-1: curl vulnerability
It was discovered that curl incorrectly handled client certificates when resuming a TLS session. A remote attacker could use this to hijack a previously authenticated connection...
Django is_safe_url() the URL to jump to the filter function of the Bypass(CVE-2017-7233)
Source: same thread safety Emergency Response Center Author: Nearg1e@YSRC Foreign security researcher roks0n provided to the Django official of a vulnerability. On issafeurl function Django comes with a function: django. utils. http. issafeurlurl, host=None, allowedhosts=None, requirehttps=False...
Netflix's HTTPS Update Can't Combat Passive Traffic Analysis Attacks
Academics argue that Netflix’s recent upgrade to HTTPS is doing little to protect its users from a passive traffic analysis attack. According to Andrew Reed and Michael Kranch, researchers with the U.S. Military Academy at West Point, it wouldn’t take much work for an attacker to capture traffic...
[SECURITY] Fedora 25 Update: curl-7.51.0-6.fc25
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
Design/Logic Flaw
Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority CA and dynamically generates digital certificates that are sent to client browsers to...
Improper access control
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption...
CVE-2017-6339
Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority CA and dynamically generates digital certificates that are sent to client browsers to...