KLA10541 Multiple vulnerabilities in Juniper Junos

Multiple serious vulnerabilities have been found in Juniper Junos. Malicious users can exploit these vulnerabilities to gainprivileges, execute arbitrary code orspoof user interface. Below is a complete list of vulnerabilities 1. XSS vulnerability can be exploited remotely via unspecified vectors...

USN-2550-1 firefox vulnerabilities

Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. CVE-2015-0801 Bobby Holley discovered that...

CVE-2015-0997

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack...

CVE-2015-0997

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack...

CVE-2015-0997

Schneider Electric InduSoft Web Studio (before 7.1.3.4 SP3 Patch 4) and InTouch Machine Edition 2014 (before 7.1.3.4 SP3 Patch 4) expose an authentication flaw: the HMI UI lists all valid usernames, enabling remote brute-force access. Root cause involves use of hard-coded/cleartext credentials in...

KLA10506 Multiple vulnerabilities in Websense products

Multiple serious vulnerabilities have been found in Websense products. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute or inject arbitrary code, spoof user interface and read or write arbitrary files. Below is a complete lis...

KLA10489 Multiple vulnerabilities in IBM PowerVC

Multiple vulnerabilities have been found in IBM PowerVC. Malicious users can exploit these vulnerabilities to spoof user interface or obtain sensitive information. Below is a complete list of vulnerabilities 1. Improper certificate validation can be exploited remotely via a specially designed...

Code injection

The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL...

Apple Safari WebKit Vulnerabilities Patched

Apple on Tuesday pushed out new versions of its Safari browser that address 17 security vulnerabilities in the WebKit engine. Safari 8.04, 7.14 and 6.24 patch multiple memory corruption issues in WebKit, Apple said. “These issues were addressed through improved memory handling,” Apple said in its...

Mac OS X : Apple Safari < 6.2.4 / 7.1.4 / 8.0.4 Multiple Vulnerabilities

The version of Apple Safari installed on the remote Mac OS X host is prior to 6.2.4 / 7.1.4 / 8.0.4. It is, therefore, affected by multiple memory corruption vulnerabilities in WebKit due to improperly validated user-supplied input. A remote attacker, using a specially crafted website, can exploi...

KLA10591 Code injection in Microsoft Exchange Server

Multiple XSS vulnerabilities were found in Microsoft Exchange Server. By exploiting these vulnerabilities malicious users can inject arbitrary web script or spoof user interface. These vulnerabilities can be exploited remotely via a specially designed URL, msgParam or other unknown vectors...

Untangle NGFW 9 / 10 / 11 XSS / Code Execution

Multiple issues have been discovered in the Untangle NGFW virtual appliance. The vendor was unresponsive and uncooperative to the researcher. - Persistent XSS leading to root Authentication requiredConfirmed in versions 9 and 11 up to rev r39357 Throughout the Untangle user interface there are...

jquery-ui: XSS vulnerability in jQuery.ui.dialog title option

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...

RHEL 7 : GNOME Shell (RHSA-2015:0535)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:0535 advisory. GNOME Shell and the packages it depends upon provide the core user interface of the Red Hat Enterprise Linux desktop, including functions such as...

KLA10484 Interface spoofing vulnerability in McAfee Agent

An unspecified vulnerability was found in McAfee Agent. By exploiting this vulnerability malicious users conduct clicjacking attack. This vulnerability can be exploited remotely via a specially designed web page. Original advisories McAfee bulletin Related products McAfee-Agent CVE list...

Google Chrome UI Out-of-Bounds Read Vulnerability

Google Chrome is a simple and efficiently designed web browsing tool developed by Google. An out-of-bounds read vulnerability exists in Google Chrome UI, which can be exploited by attackers to construct a malicious web page and trick users into parsing it, which can crash the application...

Unspecified Vulnerability in Oracle Siebel UI Framework Component (CNVD-2015-00687)

Oracle Siebel is a customer relationship management software. A security vulnerability exists in the Portal Framework subcomponent of the Oracle Siebel UI Framework component, which allows remote attackers to exploit the vulnerability to compromise system confidentiality...

Unspecified Vulnerability in Oracle Enterprise Manager Ops Center User Interface Framework Subpart

Oracle Enterprise Manager is an enhanced management suite for ORACLE Fusion endpoint software. A security vulnerability in the Oracle Enterprise Manager Ops Center User Interface Framework child allows remote attackers to exploit the vulnerability to compromise system integrity...

Unspecified Vulnerability in Oracle Siebel UI Framework Component (CNVD-2015-00683)

Oracle Siebel is a customer relationship management software. A security vulnerability exists in the Portal Framework subcomponent of the Oracle Siebel UI Framework component, which allows remote attackers to exploit the vulnerability to compromise system confidentiality...

Unspecified Vulnerability in Oracle Siebel UI Framework Component (CNVD-2015-00685)

Oracle Siebel is a customer relationship management software. A security vulnerability in the Oracle Siebel UI Framework component, AX/HI Web UI child, allows remote attackers to exploit the vulnerability to compromise system integrity...