121 matches found
Cross-Site Scripting (XSS)
Wordpress is vulnerable to cross-site scripting XSS attacks. The attacks are possible because of the incomplete fix for CVE-2015-3440. It leads to improper storage of long comment due to the limitations on the MySQL TEXT data type...
IBM WebSphere MQ Man-in-the-Middle Hijacking Vulnerability
IBM WebSphere MQ is a messaging middleware product from IBM, USA. IBM WebSphere MQ sends cryptographic data in clear text over the network, allowing remote attackers to exploit the vulnerability to sniff the network for sensitive information...
USN-3194-1: OpenJDK 7 vulnerabilities
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes...
Ubuntu: Security Advisory (USN-3179-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Phoenix Contact ILC Information Disclosure Vulnerability
Phoenix Contact ProConOs and MultiProg are programmable logic controllers PLCs for use in industrial PCs from the Phoenix Contact group. An information disclosure vulnerability exists in Phoenix Contact ILC PLCs due to sensitive information being stored in clear text. An attacker could exploit th...
USN-3087-2: OpenSSL regression
USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Shi Lei discovered that OpenSSL incorrectly handled the OCSP Statu...
CVE-2015-8834
Cross-site scripting XSS vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. NOTE: this vulnerability exists because of an...
samba: Man-in-the-middle attacks possible with NTLMSSP authentication
Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or...
samba: Man-in-the-middle attacks possible with NTLMSSP authentication
Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or...
WordPress <= 4.2.1 - XSS
This vulnerability in wp-includes/wp-db.php allows an attacker to inject arbitrary web script or HTML via a long comment which is improperly stored because there are some limitations on the MySQL TEXT data type. Solution Update WordPress...
GE SNMP/Web Interface adapter information disclosure vulnerability
The GE SNMP/Web Interface adapter is a web server from General Electric that displays current information about an uninterruptible power supply. The GE SNMP/Web Interface adapter file contains information stored in clear text, allowing remote attackers to exploit this vulnerability to obtain...
Smart Traffic Sniffing: NetRipper
Smart Traffic Sniffing NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before...
Cross site scripting
Cross-site scripting XSS vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type...
CVE-2015-3440
Cross-site scripting XSS vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type...
CVE-2015-3440
Cross-site scripting XSS vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type...
UBUNTU-CVE-2015-1360
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and...
VulnCheck KEV: CVE-2012-2539
Microsoft Word allows attackers to execute remote code or cause a denial-of-service DoS via crafted RTF data...
Minor flaw allows Hacker to hijack Avira Antivirus customers accounts
Cross site scripting vulnerabilities are mistakenly considered unimportant, but they could allow attackers to inject client-side script in web pages visited by victims. A cross-site scripting xss vulnerability may be exploited by hackers to bypass access controls going beyond the exceptions. An...
CVE-2006-7037
Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to 1 bypass password protection by replacing the password field with a hash of a known...
Morris Guestbook v1
Homepage: http://www.tuttophp.altervista.org/morrisguest-ing.htm Description: Morris Guestbook is a text-based guestbook with the following features: Data storing on text file, paging of messages on screen, words crypting, counting of inserted messages, blockage of messages with both html tags...