CVE-2026-20069 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Services Client-Side Request Smuggling Vulnerability

A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This...

Secure Time-Modulated Intelligent Reflecting Surface via Generative Flow Networks

We propose a novel directional modulation DM design for OFDM transmitters aided by a time-modulated intelligent reflecting surface TM-IRS. The TM-IRS is configured to preserve the integrity of transmitted signals toward multiple legitimate users while scrambling the signal in all other directions...

Heterogeneous Secure Transmissions in IRS-Assisted NOMA Communications: CO-GNN Approach

Intelligent Reflecting Surfaces IRS enhance spectral efficiency by adjusting reflection phase shifts, while Non-Orthogonal Multiple Access NOMA increases system capacity. Consequently, IRS-assisted NOMA communications have garnered significant research interest. However, the passive nature of the...

Spaf on the Morris Worm

Gene Spafford wrote an essay reflecting on the Morris Worm of 1988--thirty-five years ago. His lessons from then are still applicable today...

CVE-2019-13934

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability. This issue affects: Siemens AG Polarion All versions 19.2...

SUSE SLES12 Security Update : freeradius-server (SUSE-SU-2019:1181-1)

This update for freeradius-server fixes the following issues : Security issues fixed : CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points bsc1132549. CVE-2019-11234: Fixed an authentication bypass caused by...

SUSE SLED15 / SLES15 Security Update : freeradius-server (SUSE-SU-2019:1086-1)

This update for freeradius-server fixes the following issues : Security issues fixed : CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points bsc1132549. CVE-2019-11234: Fixed an authentication bypass caused by...

SUSE SLES12 Security Update : freeradius-server (SUSE-SU-2019:1039-1)

This update for freeradius-server fixes the following issues : Security issues fixed : CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points bsc1132549. CVE-2019-11234: Fixed an authentication bypass caused by...

CVE-2018-13409

An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges...

openEMR 4.2.0 Cross Site Scripting / SQL Injection

Advisory: Multiple reflecting/stored XSS- and SQLi-vulnerabilities in openEMR v.4.2.0 Advisory ID: SROEADV-2015-08 Author: Steffen Rösemann Affected Software: openEMR v.4.2.0 Release-date: 28th Dec 2014 Vendor URL: http://www.open-emr.org Vendor Status: patched CVE-ID: to be assigned after releas...

Zeuscart 4.0 - Multiple Vulnerabilities

Zeuscart 4.0 - Multiple Vulnerabilities Advisory: Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities in Zeuscart v.4 Advisory ID: SROEADV-2015-12 Author: Steffen Rösemann Affected Software: Zeuscart v.4 Vendor URL: http://zeuscart.com/ Vendor Status: pending CVE-ID: will ask...

Piwigo 2.7.3 - Multiple Vulnerabilities

Piwigo 2.7.3 - Multiple Vulnerabilities Advisory: Reflecting XSS- and SQL Injection vulnerability in CMS Piwigo = v. 2.7.3 Advisory ID: SROEADV-2015-06 Author: Steffen Rösemann Affected Software: CMS Piwigo = v. 2.7.3 Release date: 9th January 2015 Vendor URL: http://piwigo.org Vendor Status:...

Piwigo 2.7.3 - Multiple Vulnerabilities

Advisory: Reflecting XSS- and SQL Injection vulnerability in CMS Piwigo = v. 2.7.3 Advisory ID: SROEADV-2015-06 Author: Steffen Rösemann Affected Software: CMS Piwigo = v. 2.7.3 Release date: 9th January 2015 Vendor URL: http://piwigo.org Vendor Status: patched CVE-ID: - =========================...

CMS Piwigo 2.7.3 Cross Site Scripting / SQL Injection

Advisory: Reflecting XSS- and SQL Injection vulnerability in CMS Piwigo = v. 2.7.3 Advisory ID: SROEADV-2015-06 Author: Steffen Rösemann Affected Software: CMS Piwigo = v. 2.7.3 Release date: 9th January 2015 Vendor URL: http://piwigo.org Vendor Status: patched CVE-ID: - =========================...

CMS Saurus 4.7 Cross Site Scripting

Advisory: Reflecting XSS vulnerabilities in CMS Saurus v. 4.7 CE Advisory ID: SROEADV-2015-05 Author: Steffen Rösemann Affected Software: CMS Saurus v. 4.7 CE, released: 12.08.2014 Vendor URL: http://www.saurus.info Vendor Status: patched CVE-ID: - ========================== Vulnerability...

ferretCMS 1.0.4-alpha - Multiple Vulnerabilities

Advisory: Advisory ID: SROEADV-2015-10 Author: Steffen Rösemann Affected Software: ferretCMS v. 1.0.4-alpha Vendor URL: https://github.com/JRogaishio/ferretCMS Vendor Status: vendor will patch eventually CVE-ID: - Tested on: - Firefox 35, Iceweasel 31 - Mac OS X 10.10, Kali Linux 1.0.9a...

Vaadin Framework 7.0.0 - 7.3.6 XSS Vulnerability

Vaadin Framework is prone to a cross-site scripting XSS vulnerability because the application fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

CMS Websitebaker 2.8.3 SP3 Cross Site Scripting

Advisory: Reflecting XSS vulnerability in CMS Websitebaker v.2.8.3 SP3 Advisory ID: SROEADV-2015-03 Author: Steffen Rösemann Affected Software: CMS Websitebaker v.2.8.3 SP3 Vendor URL: http://www.websitebaker.org/de/home.php Vendor Status: Vendor did not respond CVE-ID: CVE-2015-0553 Tested with:...

CMS b2evolution 5.2.0 Cross Site Scripting Vulnerability

CMS b2evolution version 5.2.0 suffers from a cross site scripting vulnerability. Advisory: Reflecting XSS vulnerability in CMS filemanager of b2evolution v. 5.2.0 Author: Steffen Rösemann Affected Software: CMS b2evolution v. 5.2.0 Release-Date: 6th-Dec-2014 Vendor URL: http://b2evolution.net/...

CMS b2evolution 5.2.0 Cross Site Scripting

Advisory: Reflecting XSS vulnerability in CMS filemanager of b2evolution v. 5.2.0 Advisory ID: SROEADV-2014-09 Author: Steffen Rösemann Affected Software: CMS b2evolution v. 5.2.0 Release-Date: 6th-Dec-2014 Vendor URL: http://b2evolution.net/ Vendor Status: did not respond to issue CVE-ID: -...