Kodak InSite 8.0 Cross Site Scripting

========================================= Class Input Validation Error CVE Remote Yes Local No Credit rsanchezr Vulnerable Kodak InSite 6.5 to 8.0 Kodak InSite is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage...

Adobe ColdFusion Multiple Vulnerabilities (APSB17-14)

Adobe ColdFusion is prone to cross site scripting XSS and remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Quagga VTY Interface Denial of Service (CVE-2017-5495)

A denial-of-service vulnerability has been discovered in Quagga. The vulnerability is due to an input validation error in the Quagga VTY service. A remote attacker can exploit this vulnerability by sending data without a newline character to a Quagga daemon's VTY interface...

Can't create the PVS connector - error returned at Test Credentials - "Failed to validate the Domain User and Password."

Configuration settings appeared correct but reviewing the unidesk-pvs-connector.log.json displayed the below: HandlerHelper: 'Application Error while processing 'Command' 'CreatePowerShellSessionCommand'': 'DefaultTitle="", MessageID="PowerShellCreateSession",...

FreeBSD : cURL -- ocsp status validation error (311e4b1c-f8ee-11e6-9940-b499baebfeaf)

The cURL project reports : SSLVERIFYSTATUS ignored curl and libcurl support 'OCSP stapling', also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling curl to use this feature, it uses that TLS extension to ask for a fresh proof of the server...

IBM WebSphere Application Server Multiple Vulnerabilities (swg21997743, swg21993797, swg21992315)

IBM WebSphere Application Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-10224

An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user...

Application Launch Fails Intermittently With Event ID 7

User launches published desktop via Storefront and can see the DesktopViewer. Desktop Viewer closes after a few seconds and logs the following error in the EventLog: Event ID: 1050 Citrix Desktop service connection validation failed on domain "for user" for reason "Deny" followed by Event ID7: "I...

Apple iTunes Code Execution And Information Disclosure Vulnerabilities (HT207274) - Windows

Apple iTunes is prone to information disclosure and code execution vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Web Server HTTP Request URL Injection (CVE-2014-8150)

A security bypass vulnerability exists in web servers. The vulnerability is due to an input validation error when handling a request's URL contains line feeds and carriage return...

TYPO3 'mso/idna-convert' Library Cross Site Scripting Vulnerability (Jul 2016)

TYPO3 is prone to a cross site scripting vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescripti...

CVE-2016-5392

The Kubernetes API server contains a watch cache that speeds up performance. Due to an input validation error OpenShift Enterprise may return data for other users and projects when queried by a user. An attacker with knowledge of other project names could use this vulnerability to view their...

Design/Logic Flaw

The viddecsetmetabuffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 2013 devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bu...

Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload (CVE-2016-1524; CVE-2016-1525)

An arbitrary file upload vulnerability exists in Netgear ProSafe NMS300. The vulnerability is due to inadequate access control and input validation error when accepting user uploaded files to fileUpload.do control. A remote unauthenticated attacker could exploit this vulnerability by sending...

phpMyAdmin Multiple Vulnerabilities -01 (May 2016) - Windows

phpMyAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

Code injection

media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly validate entry data structures, which allows attackers to gain privileges via a crafted application, as...

Oliver 1.3.0 / 1.3.1 Cross Site Scripting

Advisory Information Title: Multiple Reflected XSS vulnerabilities in Oliver formerly Webshare v1.3.1 Date published: 2016-15-04 Date of last update: 2014-03-04 Vendors contacted: Oliver formerly Webshare v1.3.1 Discovered by: Rv3Laboratory Research Team Severity: Medium 02. Vulnerability...

Mageia: Security Advisory (MGASA-2016-0113)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20151208)

It was found that the x86 ISA Instruction Set Architecture is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way sequential delivering of benign exceptions such as AC alignment check exception and DB debug exception...

Microsoft Windows Library Loading Remote Code Execution Vulnerability (CNVD-2015-08041)

Microsoft Windows is a series of operating systems released by the American company Microsoft. A remote code execution vulnerability exists in Microsoft Windows that originates from a program failing to properly validate input before loading a library. An attacker could exploit the vulnerability ...