BINOM3 Electric Power Quality Meter Sensitive Information Disclosure Vulnerability

The BINOM3 Electric Power Quality Meter is a universal multifunctional power quality monitor. BINOM3 Electric Power Quality Meter is vulnerable to sensitive information disclosure. Since the management portal is configured for HTTP by default, an attacker in the right position could sniff all log...

CVE-2016-6839

CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

HTTP Information Disclosure Vulnerability

HTTP HyperText Transfer Protocol is one of the most widely used network protocols on the Internet. HTTP was designed to provide a means of publishing and receiving HTML pages, and the resources requested through the HTTP protocol are identified by Uniform Resource Identifiers URIs.HTTP/2 is one o...

Siemens SIPROTEC 4/SIPROTEC Compact Denial of Service Vulnerability

SIPROTEC 4 and SIPROTEC Compact devices provide a wide range of centralized protection, control and automation functions for substations and other applications. A denial of service vulnerability exists in Siemens SIPROTEC 4, SIPROTEC Compact devices, versions prior to EN100 Ethernet 4.29. A remot...

Novell GroupWise HTML Injection Vulnerability

Novell GroupWise is a cross-platform collaboration software. An HTML injection vulnerability exists in Novell GroupWise 2014 SP1, 2014 R2 SP1, and 2014 versions, which stems from the program failing to adequately filter user-submitted input. An attacker could be allowed to exploit the vulnerabili...

Foreman HTML Injection Vulnerability

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. An HTML injection vulnerability exists in Foreman, which arises from the program's failure to adequately...

PHP SPL Extended Integer Overflow Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.SPL Standard PHP Library is a collection of interfaces and class extensions for solving typical problems. SPL Standard PHP Library is an extensio...

PHP Gettext Remote Code Execution Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and program extensions in C, C++, etc. Gettext is one of the...

spacewalk-java: Multiple XSS flaws

A stored cross-site scripting XSS flaw was found in the way spacewalk-java displayed group names. An attacker can embed HTML and Javascript in the values for group names in Satellite, allowing them to inject malicious content into the web page that is then displayed when viewing the snapshot data...

UBUNTU-CVE-2016-5137

The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy CSP implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs,...

Multiple Vulnerabilities in Digitalstrom Konfigurator

The Digitalstrom Konfigurator is a smart home device from the Swiss company Digitalstrom. HTML injection vulnerabilities and cross-site scripting vulnerabilities exist in Digitalstrom Konfigurator. These vulnerabilities can be exploited by remote attackers to perform unauthorized actions, execute...

PHP Remote Code Execution Vulnerability (CNVD-2016-05253)

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A remote code execution vulnerability exists in versions of PHP prior to 5.5.36. An attacker could exploit this...

PHP suffers from httpoxy remote proxy infection vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. httpoxy is a set of vulnerabilities that affect application code running in a CGI environment. The vulnerabilities exist primarily in multiple w...

The vulnerability of the SPSS Statistics data analysis system allows a perpetrator to execute arbitrary codes on 32-bit platforms.

The vulnerability of the ActiveX component of SPSS Statistics is related to errors in the code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on 32-bit platforms using a specially crafted HTML document...

The vulnerability of the microprogramming software of Siemens Simatic S7-1200 programmable logic controllers allows a malicious individual to inject HTML headers.

The software of the programmable logic controller Simatic S7-1200 contains a vulnerability that allows a malicious individual to inject an HTML header into the device’s web server...

The vulnerability of the Cisco Wireless LAN Controller 4100 software allows for circumventing access restrictions.

Vulnerability exists in Cisco Wireless LAN Controller WLC devices due to the widespread use of the Aironet IOS software. This leads to a state where the controller acts as an administrative HTTP server. Exploiting this vulnerability allows malicious actors to bypass access restrictions by...

The vulnerability of the automated system for managing technological processes, SIMATIC WinCC, allows a remote attacker to gain unauthorized access to confidential information.

A vulnerability in Siemens SIMATIC WinCC software exists, related to an error that occurs when processing a specially crafted HTTP packet. Exploiting this vulnerability allows a malicious individual to gain access to confidential information by sending a specially crafted HTTP request to ports...

CVE-2016-5306

Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445...

DEBIAN-CVE-2016-5301

The parsechunkheader function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service crash via a crafted 1 HTTP response or possibly a 2 UPnP broadcast...

PHP '_php_mb_regex_ereg_replace_exec' function double release vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A double-release vulnerability exists in PHP's phpmbregexeregreplaceexec function, which can be exploited by an...