805 matches found
Cybozu Office vulnerable to information disclosure
Overview Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in...
SUSE-SU-2016:2408-1 Security update for php5
This update for php5 fixes the following security issues: CVE-2016-6128: Invalid color index not properly handled bsc987580 CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif bsc988032 CVE-2016-6292: Null pointer dereference in exifprocessusercomment...
openSUSE Security Update : php5 (openSUSE-2016-1095)
This update for php5 fixes the following security issues : - CVE-2016-7124: Create an Unexpected Object and Don't Invoke wakeup in Deserialization - CVE-2016-7125: PHP Session Data Injection Vulnerability - CVE-2016-7126: selectcolors write out-of-bounds - CVE-2016-7127: imagegammacorrect allowed...
PHP < 5.6.25, 7.x < 7.0.10 Multiple Vulnerabilities (Sep 2016) - Linux
PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
IBM Security Privileged Identity Manager Authentication Vulnerability
IBM Security Privileged Identity Manager is an identity management product within IBM Identity Governance and Management, an identity governance solution from IBM USA, that protects, automates, and audits the use of privileged identities to help defend against insider threats and improve security...
Internet Bug Bounty: PHP Session Data Injection Vulnerability
PHP Session Data Injection Vulnerability bug report at: https://bugs.php.net/bug.php?id=72681 fix commit at: https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce Affected Versions ------------ Affected is PHP 5 Affected is PHP 7 = endptr goto breakouterloop; if p0 ==...
Vulnerability of Microsoft Lync Server software, allowing a remote attacker to compromise protected information
A cross-site scripting implementation that allows access to confidential information exists in Lync Server. This implementation is related to the improper processing browsing of specially crafted content. If it operates successfully, a malicious individual can execute scripts in the user’s browse...
SAP NetWeaver AS JAVA 7.5 Cross Site Scripting
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: XSS Sent: 29.09.2015 Reported: 30.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238765 Author: Vahagn Vardanyan ERPScan...
Information Disclosure Vulnerability in Hitachi Command Suite
Overview An Information Disclosure Vulnerability was found in Hitachi Command Suite. Impact An attacker might exploit this vulnerability to obtain sensitive session information. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Dell SonicWall Scrutinizer 11.0.1 SQL Injection / Code Execution
!/usr/local/bin/python """ Dell SonicWall Scrutinizer Summary: ======== This exploits an pre-auth SQL Injection in the login.php script within an update statement to steal session data. You could also steal login creds which require absolutely no hash cracking since the target uses symmetric...
Dell SonicWALL Scrutinizer 11.0.1 - setUserSkindeleteTab SQL Injection Remote Code Execution
Dell SonicWALL Scrutinizer 11.0.1 - setUserSkindeleteTab SQL Injection Remote Code Execution !/usr/local/bin/python """ Dell SonicWall Scrutinizer Summary: ======== This exploits an pre-auth SQL Injection in the login.php script within an update statement to steal session data. You could also ste...
Dell SonicWALL Scrutinizer 11.0.1 - setUserSkin/deleteTab SQL Injection Remote Code Execution
!/usr/local/bin/python """ Dell SonicWall Scrutinizer Summary: ======== This exploits an pre-auth SQL Injection in the login.php script within an update statement to steal session data. You could also steal login creds which require absolutely no hash cracking since the target uses symmetric...
Dell SonicWALL Scrutinizer 11.0.1 - setUserSkin/deleteTab SQL Injection Remote Code Execution
Exploit for windows platform in category remote exploits !/usr/local/bin/python """ Dell SonicWall Scrutinizer Summary: ======== This exploits an pre-auth SQL Injection in the login.php script within an update statement to steal session data. You could also steal login creds which require...
DEBIAN-CVE-2016-2111
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...
Samba Information Disclosure Vulnerability (CNVD-2016-02264)
Samba is a set of free software that enables the UNIX family of operating systems to connect to the SMB/CIFS network protocol of the Microsoft Windows operating system. A security vulnerability exists in Samba when the program is configured as a Domain Controller. This vulnerability can be...
samba: Spoofing vulnerability when domain controller is configured
It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine...
samba: Spoofing vulnerability when domain controller is configured
It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine...
samba: Spoofing vulnerability when domain controller is configured
It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine...
samba: Spoofing vulnerability when domain controller is configured
It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine...
samba: Spoofing vulnerability when domain controller is configured
It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine...