23 matches found
CVE-2017-9637
Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that...
Dashbuilder: insecure handling of CSRF token
It has been reported that CSRF tokens are not properly handled in JBoss BPM suite dashbuilder. Old tokens generated during an active session can be used to bypass CSRF protection. In addition, the tokens are sent in query string so they can be exposed through the browser's history, referrers, web...
Mozilla Thunderbird Path String Vulnerability
Mozilla Thunderbird is the United States Mozilla Foundation developed from the Mozilla Application Suite independent of the e-mail client software, support for IMAP, POP mail protocol and HTML mail format. A path string vulnerability exists in Mozilla Thunderbird versions prior to 52.5.2. An...