CVE-2017-14419

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 and REV. B with firmware through FW208WWb02 devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also...

UBUNTU-CVE-2015-5168

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206...

UBUNTU-CVE-2015-5206

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168...

PT-2017-13463 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue concerns the D-Link NPAPI extension used in D-Link DIR-850L devices, which participates in mydlink Cloud...

Centreon Cross-Site Scripting Vulnerability

Centreon formerly known as Merethis Centreon is an open source IT monitoring software suite from Centreon France that needs to be paired with Nagios to manage Nagios via the web and third-party components to enable monitoring of networks, operating systems and applications. A cross-site scripting...

Paessler PRTG Network Monitor Cross-Site Scripting Vulnerability

Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler AG, Germany. A cross-site scripting vulnerability exists in versions prior to Paessler PRTG Network Monitor 17.2.32.2279. A remote attacker can exploit this vulnerability to inject arbitrary...

evilvte: User-assisted execution of arbitrary code

Background VTE based, highly customizable terminal emulator Description Steve Kemp of Debian identified a flaw in evilvte which does not properly validate hypertext links. Please review the Debian bug report referenced below. Impact Remote attackers could execute arbitrary code by enticing a user...

CVE-2016-6029

IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the...

Oracle PeopleSoft Enterprise PRTL Interaction Hub Unauthorized Operation Vulnerability (CNVD-2017-28221)

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, and more.PeopleSoft Enterprise PRTL Interaction Hub is one of the enterprise and Customer Interaction...

CVE-2017-10215

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products subcomponent: EPPCMDEFNCATG. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2017-10174

Vulnerability in the Oracle iSupport component of Oracle E-Business Suite subcomponent: Service Request. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTT...

CVE-2017-10182

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications subcomponent: OPERA Export Functionality. Supported versions that are affected are 5.4.0.x, 5.4.1.x and 5.4.3.x. Difficult to exploit vulnerability allows high privileged attacker with...

CVE-2017-10123

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Container. The supported version that is affected is 12.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server...

CVE-2017-10083

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily exploitable vulnerability allows...

CVE-2017-10039

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite subcomponent: Web Client. Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM...

CVE-2017-10045

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Integration Broker. Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

[SECURITY] Fedora 24 Update: evince-3.20.1-3.fc24

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

Joomla! cross-site scripting vulnerability (CNVD-2017-26330)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A cross-site scripting vulnerability exists in versions of Joomla! prior to 3.7.4. The vulnerability stems from the program's failure to adequately...

Cisco ASR 5000 Series Aggregation Services Router Security Bypass Vulnerability

Cisco ASR 5000 Series Aggregation Services Routers are the ASR 5000 series multifunction routers from Cisco. A redirection vulnerability exists in Cisco ASR 5000 Series Aggregation Services RoutersGGSN, which allows remote attackers to exploit the vulnerability to redirect traffic by changing the...

Code Execution Vulnerability in ESPCMS

ESPCMS is an enterprise website management system built on LAMP development. A code execution vulnerability exists in ESPCMS. An attacker can exploit this vulnerability to execute arbitrary php statements...