4 matches found
EUVD-2017-3296
Malware in sbrugna...
K21942600: A virtual server with a Client SSL profile may accept non-SSL traffic
Security Advisory Description A Client SSL profile using a cipher group and an option that modifies supported ciphers for example no-dtls or no-ssl accepts plain text connections, in addition to correctly handling SSL traffic. This issue occurs when all of the following conditions are met: A...
CVE-2017-11686
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method...
Cross site scripting
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method...