Design/Logic Flaw

After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as...

CVE-2015-5241

After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as...

Safari < 10.1.1 Multiple Vulnerabilities

Binary data 700117.prm...

DEBIAN-CVE-2017-9031

The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file...

UBUNTU-CVE-2017-9031

The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file...

Debian DLA-943-1 : deluge security update

It was discovered that there was a directory traversal attack vulnerability in the web user interface web in the deluge bittorrent client. For Debian 7 'Wheezy', this issue has been fixed in deluge version 1.3.3-2+nmu1+deb7u2. We recommend that you upgrade your deluge packages. NOTE: Tenable...

IBM Interact Cross-Site Scripting Vulnerability

IBM Interact is a suite of marketing solutions from IBM USA. The solution enables real-time interactions through a variety of data-enabled features and leverages multiple data sources and autonomous learning to optimize messaging. A cross-site scripting vulnerability exists in IBM Interact. A...

About the security content of Safari 10.1.1

About the security content of Safari 10.1.1 This document describes the security content of Safari 10.1.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

Release Notes for Veeam Backup & Replication 9.5 Update 2

More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge Release Notes for Veeam Backup & Replication 9.5 Update 2 Cause Please confirm you are running version 9.5.0.580, 9.5.0.711, 9.5.0.802, or 9.5.0.823 prior to...

CVE-2016-3032

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516...

CVE-2016-3032

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516...

CVE-2016-5888

IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 115084...

Design/Logic Flaw

Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://email protected/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site...

Oracle E-Business Suite Oracle Marketing Unauthorized Read Vulnerability

Oracle E-Business Suite E-Business Suite is Oracle's fully integrated suite of global business management software, of which Oracle Marketing is a component for managing marketing-related information and processes. A security vulnerability exists in the User Interface subcomponent of the Oracle...

Oracle Marketing Unauthorized Operation Vulnerability

Oracle E-Business Suite E-Business Suite is Oracle's fully integrated suite of global business management software, of which Oracle Marketing is a component for managing marketing-related information and processes. A security vulnerability exists in the User Interface subcomponent of the Oracle...

Oracle WebCenter Sites Unauthorized Operation Vulnerability

Oracle Fusion Middleware is a suite of business innovation platforms for enterprise and cloud environments from Oracle Corporation. Oracle WebCenter Sites is a web experience management component that enables marketers and business users to create and manage interactive social online experiences ...

Oracle WebCenter Sites Unauthorized Operation Vulnerability (CNVD-2017-06625)

Oracle Fusion Middleware is a suite of business innovation platforms for enterprise and cloud environments from Oracle Corporation. Oracle WebCenter Sites is a web experience management component that enables marketers and business users to create and manage interactive social online experiences ...

Design/Logic Flaw

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via...

pcs Cross-Site Request Forgery Vulnerability

PCS is a set of tools for configuring and managing Pacemaker and Corosync clustering software using the command line and web UI. A cross-site request forgery vulnerability exists in pc, which can be exploited by remote attackers to perform certain unauthorized actions and access affected...

CVE-2017-3585

Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: User Interface subsystem. The supported version that is affected is AK 2013. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to...