PT-2015-6793 · Pcs +2 · Pcs +2

Name of the Vulnerable Software and Affected Versions: PCS versions 0.9.139 and earlier Description: A race condition exists in the pcsd web UI backend, allowing remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated. Th...

Apple OS X Speech UI Memory Corruption Vulnerability

Apple OS X is a BSD-based operating system distributed by Apple. A memory corruption vulnerability exists in the Apple OS X Speech UI, which allows remote attackers to exploit the vulnerability by submitting a special Unicode string and tricking an application into parsing it, which can execute...

Mac OS X : Apple Safari < 6.2.8 / 7.1.8 / 8.0.8 Multiple Vulnerabilities

The version of Apple Safari installed on the remote Mac OS X host is prior to 6.2.8 / 7.1.8 / 8.0.8. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw exists that allows an attacker to spoof UI elements by using crafted web pages. CVE-2015-3729 - Multiple memory...

UBUNTU-CVE-2015-3755

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL...

CVE-2015-3755

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL...

CVE-2015-3755

CVE-2015-3755 affects WebKit in Apple Safari (and WebKit-based components used in iOS before 8.4.1 and other products): WebKit could be induced to spoof the user interface via a malformed URL, enabling a remote attacker to mislead users. Affected versions include Safari before 6.2.8, 7.x before 7...

FreeBSD : RT -- two XSS vulnerabilities (83b38a2c-413e-11e5-bfcf-6805ca0b3d42)

Best Practical reports : RT 4.0.0 and above are vulnerable to a cross-site scripting XSS attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopec at Data Reliance Shared Service Center. RT 4.2.0 and above a...

Cross site scripting

Cross-site scripting XSS vulnerability in the DHCP Monitor page in the Web User Interface WebUI in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname...

CVE-2015-3626

Summary: CVE-2015-3626 is an XSS flaw in Fortinet FortiOS FortiGate WebUI, specifically the DHCP Monitor page. Affected: FortiOS versions prior to 5.2.4. Cause: insufficient input filtering on the DHCP hostname field allows injection of arbitrary script/HTML. References from NVD/NVD-listed detail...

CVE-2015-3626

Cross-site scripting XSS vulnerability in the DHCP Monitor page in the Web User Interface WebUI in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname...

Unspecified Vulnerability in Oracle Siebel Enterprise Siebel UI Framework Component (CNVD-2015-04723)

Oracle Siebel is a customer relationship management software. A security vulnerability exists in the Oracle Siebel Siebel Core - Server OM Svcs component, which can be exploited by remote attackers to compromise system integrity...

Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability

-------------------------------------------------------- Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability -------------------------------------------------------- Vendor ------ https://www.snorby.org/ Version ------- 2.6.2 Description ----------- During my research and testing of new IDS...

D-Link DNS Devices Authentication Bypass Vulnerability

Authentication bypass vulnerability in D-Link DNS devices. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX = "cpe:/o:dlink";...

abrt: default abrt event scripts lead to information disclosure

It was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. The fix for this issue prevents non-privileged use...

Huawei Home Gateway HG530 / HG520b Password Disclosure / Change

---- Exploit 1 ---- getRouterPassHuaweiHG530.py: ! /usr/bin/python import socket import sys import re if lensys.argv !=2: print " Please enter the target ip." print " Usage : " + sys.argv0 + " IPADDR" exit Create a TCP/IP socket targethost = sys.argv1 sock = socket.socketsocket.AFINET,...

UBUNTU-CVE-2015-1266

content/browser/webui/contentwebuicontrollerfactory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as...

Schneider Electric InduSoft Web Studio < 7.1.3.4 Multiple Information Disclosures (SEVD-2015-054-01)

Binary data scadaindusoftwebstudioSEVD2015-054-01.nbin...

Multiple Blue Coat Systems SSL Visibility Appliance Product Sensitive Information Vulnerabilities

Blue Coat Systems SSL Visibility Appliance SV800 and others are SSL visibility appliances from Blue Coat Systems, USA, which are at the heart of encrypted traffic management, providing visibility into SSL traffic and supporting the addition of SSL inspection capabilities to advanced threat...

Multiple Blue Coat Systems SSL Visibility Appliance Product Session Fixation Vulnerabilities

Blue Coat Systems SSL Visibility Appliance SV800 and others are SSL visibility appliances from Blue Coat Systems, USA, that are at the heart of encrypted traffic management, providing visibility into SSL traffic and supporting the addition of SSL inspection capabilities to advanced threat...

Multiple Blue Coat Systems SSL Visibility Appliance Product Information Disclosure Vulnerabilities

Blue Coat Systems SSL Visibility Appliance SV800 and others are SSL visibility appliances from Blue Coat Systems, USA, which are at the heart of encrypted traffic management, providing visibility into SSL traffic and supporting the addition of SSL inspection capabilities to advanced threat...