CVE-2016-5450

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to UIF Open UI...

Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Enterprise Manager Base Platform Component (CNVD-2016-05465)

Oracle Enterprise Manager Grid Control is a suite of systems management software from Oracle Corporation. The software provides centralized monitoring, lifecycle management, and other functions for the Oracle IT architecture. enterprise Manager Base Platform is one of the system management platfo...

Unspecified Vulnerability in Oracle Siebel CRM Siebel UI Framework Component (CNVD-2016-05471)

Oracle Siebel CRM is the United States Oracle Oracle company's set of customer relationship management solutions , which includes sales management , marketing management , customer service systems , call centers and other modules.Siebel UI Framework is one of the framework components based on the...

Tenable Nessus 6.x < 6.8 Multiple Vulnerabilities

According to its self-reported version number, the Tenable Nessus application running on the remote host is 6.x prior to 6.8. It is, therefore, affected by multiple vulnerabilities : - A buffer overflow condition exists in the Expat XML parser due to improper validation of user-supplied input whe...

KLA10846 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities ...

The vulnerability of Google Chrome browser allows a violator to circumvent access restrictions.

The vulnerability of the content/browser/webui/contentwebuicontrollerfactory.cc file of Google Chrome is related to security configuration errors. Exploiting this vulnerability can allow an attacker, operating remotely, to circumvent access restrictions due to errors in processing requests to the...

[SECURITY] Fedora 23 Update: libreoffice-5.0.6.2-9.fc23

LibreOffice is an Open Source, community-developed, office productivity sui te. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites...

The vulnerability of the Firefox browser, which allows a malicious individual to circumvent restrictions

Mozilla Firefox browser contains a vulnerability related to errors in the implementation of the SOW System Only Wrapper software module. Exploiting this vulnerability allows malicious actors to circumvent restrictions on XUL content by using the XB content area, thereby enabling certain cloning...

The vulnerability of the Mozilla SeaMonkey software package, which allows a malicious individual to circumvent restrictions

Mozilla SeaMonkey’s software contains a vulnerability related to errors in the implementation of the SOW System Only Wrapper program module. Exploiting this vulnerability allows malicious actors to circumvent restrictions on XUL content by using the XB content area, thereby enabling certain cloni...

The vulnerability of the Android operating system, which allows a hacker to gain access to arbitrary files

The vulnerability of the Android operating system’s user interface lies in the lack of access control mechanisms. Exploiting this vulnerability allows a malicious actor to carry out a “tabjacking” attack remotely, gaining access to arbitrary files through a specially crafted window...

[SECURITY] Fedora 22 Update: phpMyAdmin-4.6.3-1.fc22

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

iBilling 3.7.0 Cross Site Scripting

Cross Site Scripting Stored: http://localhost/ibilling/index.php Parameters: msg, desc, account, phone, company, address, city, state, zip, tags, description, ref POST...

iBilling 3.7.0 - Persistent Cross-Site Scripting / Reflected Cross-Site Scripting

Exploit for php platform in category web applications iBilling v3.7.0 Multiple Stored and Reflected Cross Site Scripting Vulnerabilities Vendor: iBilling Product web page: http://www.ibilling.io/ Affected version: 3.7.0 Summary: The features you want, the simplicity you need! Beautifully designed...

iBilling 3.7.0 - Persistent Cross-Site Scripting / Reflected Cross-Site Scripting

iBilling v3.7.0 Multiple Stored and Reflected Cross Site Scripting Vulnerabilities Vendor: iBilling Product web page: http://www.ibilling.io/ Affected version: 3.7.0 Summary: The features you want, the simplicity you need! Beautifully designed for best User Interface & User Experience. The softwa...

PT-2016-2202 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android 6.x versions prior to 2016-06-01 Description: The issue is related to the Framework UI permission-dialog implementation, which allows attackers to conduct tapjacking attacks. This can be achieved by creating a partially overlapping...

Apache CloudStack Authentication Bypass Vulnerability (CNVD-2016-03958)

Apache CloudStack is open source software for deploying and managing large networks of virtual machines. After multiple versions of Apache CloudStack enabled SAML-based authentication, a remote attacker exploited this vulnerability to bypass authentication and access the user interface...

Authentication flaw

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin...

CVE-2016-0910

EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors...

Fortinet FortiSandbox Cross-Site Scripting Vulnerability (CNVD-2016-03774)

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A cross-site scripting vulnerability exists in the Web User Interface WebUI of...

CVE-2015-7360

Multiple cross-site scripting XSS vulnerabilities in the Web User Interface WebUI in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 serial parameter to alerts/summary/profile/; the 2 urlForCreatingReport parameter to csearch/report/export/...