Elefant CMS Cross-Site Request Forgery Vulnerability

Elefant CMS is a content management system. Elefant CMS suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to execute arbitrary HTML and script code within a user's browser session in the context of an affected site...

SAP KERNEL SAP Message Server HTTP Daemon Denial of Service Vulnerability

SAP KERNEL is a set of basic technology platforms written in the C language. A security vulnerability in SAP KERNEL's SAP Message Server HTTP daemon can be exploited by remote attackers to submit a special request that could crash the application...

CVE-2017-5027

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page...

CVE-2017-5019

A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2016-5786

An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits credentials with the HTTP protocol, which could be sniffed by an attacker that may result in the compromise of account credentials...

DEBIAN-CVE-2016-3124

The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors...

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or otherwise affect the system.

The vulnerability of the privateClass extension in Google Chrome’s browser API is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor to remotely cause service failures or otherwise affect the system through a specially created HTML page...

The vulnerability of Google Chrome browser allows a perpetrator to bypass the certificate verification process.

The vulnerability of Google Chrome exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to bypass certificate verification by using a specially created HTML page...

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure.

The vulnerability of the V8 component in Google Chrome browsers arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause a service failure through a specially created HTML page...

snoopy: incomplete fixes for command execution flaws

Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers...

snoopy: incomplete fixes for command execution flaws

Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers...

CVE-2017-3402

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with...

CVE-2017-3414

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with...

CVE-2016-8329

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Mobile Application Platform. Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2016-8311

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Core. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with...

chromium-browser: universal xss in chrome://apps

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page...

PHP 'ext/pcre/php_pcre.c' Information Disclosure Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. PHP...

PHP 'process_nested_data()' Remote Code Execution Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

Moodle HTML Injection Vulnerability (CNVD-2017-00905)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. Moodle suffers from an HTML injection vulnerability due to the program failing to...

Unspecified Vulnerability in Oracle FLEXCUBE Universal Banking (CNVD-2017-00947)

Oracle FLEXCUBE Universal Banking is the United States Oracle Oracle company's set of real-time, online coverage of retail, group, investment banking, a comprehensive solution. The program supports multi-currency, multi-language and multi-entity operations. A remote security vulnerability exists ...