CVE-2015-5537

The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566...

CVE-2015-5537

Technical details about CVE-2015-5537 are not publicly provided in the supplied documents. No product/version/root-cause/impact/fix information is present here. Monitor for updates.

gebeld.nl XSS vulnerability

Vulnerable URL: http://www.gebeld.nl/zoeken.asp?Page=2=3&searchfield1;=plaats&searchfield2;=achternaam&queryfield1;=&queryfield2;="=Zoeken Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 13:23 GMT Vulnerability type:| XSS Vulnerability status:|...

alltypesofservices.com XSS vulnerability

Vulnerable URL: http://www.alltypesofservices.com/webpage/1000244/ask.php?q=%27%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 21.08.2015 Latest check for patch:| 21.08.2015 13:03 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

New Google Drive Phishing Scam Uncovered

Phishers have again leveraged users’ trust in Google with a newly discovered campaign designed to steal credentials that grant access to the multitude of Google’s online services. New phishing pages hosted on Google Drive were discovered by researcher Aditya K. Sood of Elastica Cloud Threat Labs...

madayp.com XSS vulnerability

Vulnerable URL: http://www.madayp.com/browse-business-cities/char:A" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 563801 Google Pagerank| 1 VIP website status:| No Check madayp.c...

CVE-2015-1288

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...

Design/Logic Flaw

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...

CVE-2015-1288

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...

CVE-2015-1288

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...

CVE-2015-1288

CVE-2015-1288 affects Google Chrome’s Spellcheck API: the Hunspell dictionary was downloaded without HTTPS, enabling potential MITM manipulation of spelling suggestions. Affected code path: downloading Hunspell dictionaries over plain HTTP. Impact, as stated, includes possible incorrect spelling ...

CVE-2015-1288

Removed by vendor...

Egress-Assess - Tool used to Test Egress Data Detection Capabilities

Egress-Assess is a tool used to test egress data detection capabilities. Setup To setup, run the included setup script, or perform the following: 1. Install pyftpdlib 2. Generate a server certificate and store it as "server.pem" on the same level as Egress-Assess. This can be done with the...

sanofi.fr XSS vulnerability

Vulnerable URL: http://www.sanofi.fr/l/fr/fr/search.jsp?Search=asd%22autofocus/onfocus=alert%28%27XSSPOSED%27%29%3E&submitSearch.x;=0&submitSearch.y;=0 Details: Description| Value ---|--- Patched:| Yes, at 08.08.2015 Latest check for patch:| 08.08.2015 23:56 GMT Vulnerability type:| XSS...

sammydress.com XSS vulnerability

Vulnerable URL: http://www.sammydress.com/product175"4488.html?i=0000211149 Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 12:52 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3492 Google Pagerank| 5 VIP...

SOL16903 - Microsoft Schannel vulnerability CVE-2015-1637

1 BIG-IP Edge Client for Windows uses Schannel.dll directly and indirectly through WinINet for HTTPS communication with Microsoft Windows. F5 recommends that users apply the applicable Microsoft update posted at . This link takes you to a resource outside of AskF5, and the third party could remov...

SOL16864 - SSL/TLS RC4 vulnerability CVE-2015-2808

Refer to the FirePass section of the Vulnerability Recommended Actions section. Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be no...

Sql injection

SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter...

CVE-2015-2849

SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter...

CVE-2015-2849

Summary (CVE-2015-2849) : The ANTlabs InnGate firmware (IG3100, InnGate 3.01 E, 3.10 E, 3.10 M, SG 4, SSG 4) contains a SQL injection vulnerability in the main.ant page. The issue arises from the ppli URL parameter; when using HTTPS, a remote attacker can induce arbitrary SQL commands on the unde...