Multiple Cross-Site Scripting Vulnerabilities in Zimbra Collaboration

Zimbra can provide open source email server software and shared calendars. Multiple cross-site scripting vulnerabilities in versions prior to Zimbra Collaboration 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors also known as bugs 104552 and 104703...

CVE-2017-5196

Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service out-of-bounds read and crash via vectors involving strings that are not UTF8...

CVE-2016-0897

Pivotal Cloud Foundry PCF Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors...

JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment...

CVE-2016-3422

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D...

Firmware Bug in OSX Could Allow Installation of Low-Level Rootkits

There is a vulnerability buried deep in the firmware of many Apple laptops that could allow an attacker to overwrite the machine’s BIOS and install a rootkit, gaining complete control of the Mac. The vulnerability lies in the UEFI system on some older MacBooks, and researcher Pedro Vilaca...

CVE-2015-0120

Buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 has unspecified impact and remote attack vectors...

CVE-2015-0120

Summary of CVE-2015-0120 details : IBM Tivoli Storage Manager FastBack Mount is affected by a buffer overflow in the CRYPTO_S_EncryptBufferToBuffer path when handling network input, with vulnerable versions up to 6.1.11.1. The issue can be triggered remotely via TCP port 30051 (and from local hos...

Fedora 12 setroubleshootd Local Root Proof Of Concept

setroubleshoot tries to find out which rpm a particular file belongs to when it finds SELinux access violation reports. The idea is probably to have convenient reports for the admin which type enforcement rules have to be relaxed. setroubleshoot runs as root although in its own domain. In util.py...

CVE-2014-7885

Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager ESM before 6.8c have unknown impact and remote attack vectors...

CVE-2014-7884

Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors...

CVE-2014-7885

Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager ESM before 6.8c have unknown impact and remote attack vectors...

CVE-2014-7885

HP ArcSight Enterprise Security Manager (ESM) prior to 6.8c is affected by multiple remote vulnerabilities (CVE-2014-7885). The Nessus entry cites XSS due to failure to validate tooltip input and CSRF allowing changes to rules or resources via a crafted link; affected versions include ESM before ...

Code injection

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...

CVE-2014-9688

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...

CVE-2014-9688

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...

OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security...

CVE-2014-9843

The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors...

CVE-2014-0479

reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compareversions and reportbug/checkversions.py...

JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0403...