Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2016-06713)

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, etc. and supports free switching among three languages Chinese, Japanese, and English. A cross-site scripting vulnerability exists in...

Cybozu Garoon Open Redirect Vulnerability (CNVD-2016-06711)

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, etc. and supports free switching among three languages Chinese, Japanese, and English. An open redirection vulnerability exists in Cyboz...

NUUO NVRmini 2 and NVRsolo Hardcoded Certificate Vulnerability

The NUUO NVRsolo and NVRmini 2 are both network video recorders from NUUO. A hardcoded certificate vulnerability exists in NUUO NVRmini 2 and NVRsolo versions 1.0.0 through 3.0.0, which stems from a program using hardcoded certificates. The vulnerability can be exploited by an attacker to log int...

Wireshark MMSE Dissector Remote Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. A remote denial of service vulnerability exists in Wireshark versions 1.12.0 through 1.12.12, which can be exploited by an attacker to crash an application and cause a denial of...

RubyGems Paperclip Excessive Logging Content Spoofing Vulnerability

RubyGems Paperclip is a plugin for extending ActiveRecord ORM model and providing simple file attachment functionality. A content spoofing vulnerability exists in RubyGems Paperclip versions 4.2.2 through 4.3.5. An attacker can exploit this vulnerability to spoof content...

WordPress Jetpack Plugin HTML Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language.Jetpack is one of the plugin packages that includes a variety of features such as social sharing, social login and social commenting. An HTML injection vulnerability exists in WordPress...

Apache Qpid Proton Security Bypass Vulnerability

Apache Qpid Proton is the United States Apache Apache Software Foundation developed a high-performance, lightweight messaging library. A security bypass vulnerability exists in Apache Qpid Proton versions 0.8 through 0.13.0, which can be exploited by an attacker to conduct a man-in-the-middle...

Samba libcli/smb/smbXcli_base.c Security Mechanism Bypass Vulnerability

Samba is a freeware implementation of the SMB protocol on Linux and UNIX systems, consisting of a server and a client program. Samba 4.0.0 - 4.4.4 libcli/smb/smbXclibase.c suffers from a security vulnerability in its implementation, which allows a man-in-the-middle attacker, via the...

CVE-2016-1193

Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors...

Apache Shiro Information Disclosure Vulnerability

Apache Shiro is the United States Apache Apache Software Foundation for the implementation of authentication , authorization , encryption and session management of the Java security framework . An information disclosure vulnerability exists in Apache Shiro versions 1.0.0 through 1.2.4, which stem...

PT-2016-5363

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.3.19 through 2.3.28 Description The issue allows remote attackers to execute arbitrary code via vectors related to an ! exclamation mark operator to the REST Plugin when Dynamic Method Invocation is enabled...

TYPO3 CMS Access Check Vulnerability

TYPO3 CMS is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 CMS versions 4.3.0 through 8.1.0 that stems from the program failing to properly perform access checks. An attacker can exploit the...

PT-2016-6141 · Pulse · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure PCS versions 7.4 through 7.4r13.3 Pulse Connect Secure PCS versions 8.0 through 8.0r9 Pulse Connect Secure PCS versions 8.1 through 8.1r1 Pulse Connect Secure PCS versions 8.2 through 8.2r0 Description: The issue allows...

IBM Algorithmics Algo Risk Application Cross-Site Scripting Vulnerability

IBM Algorithmics is a set of solutions from IBM in the United States that can help financial institutions and corporate finance departments to develop risk foresight. A cross-site scripting vulnerability exists in IBM Algorithmics Algo Risk Application versions 4.9.1 through 5.1.0. A remote...

Apache OpenMeetings OpenMeetings Administration Menu Directory Traversal Vulnerability

Apache OpenMeetings is the United States Apache Apache Software Foundation developed a set of multi-language customizable video conferencing and collaboration system, which supports audio, video and allows users to view each participant's desktop and so on. A directory traversal vulnerability...

Apache Struts I18NInterceptor Cross-Site Scripting Vulnerability

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source framework for creating enterprise-class Java Web applications . I18NInterceptor is used in one of the internationalization interceptor . A cross-site scripting vulnerability exists i...

Apache ActiveMQ Web Console Single Click Hijacking Vulnerability

Apache ActiveMQ is a popular messaging and integration model provider . A security vulnerability exists in Apache ActiveMQ 5.0.0 - 5.13.1 due to an unset X-Frame-Options header for HTTP responses in the Web Management Console. This allows attackers to perform unauthorized operations in the consol...

Cybozu Office Security Mechanism Bypass Vulnerability (CNVD-2016-01258)

Cybozu Office is a WEB-based cross-platform office solution developed by Cybozu Japan. A security mechanism bypass vulnerability exists in Cybozu Office versions 9.9.0 through 10.3.0, which can be exploited by a remote, authenticated user to bypass established access restrictions and read or writ...

Cybozu Office Security Mechanism Bypass Vulnerability (CNVD-2016-01257)

Cybozu Office is a WEB-based cross-platform office solution developed by Cybozu Japan. A security mechanism bypass vulnerability exists in Cybozu Office versions 9.9.0 through 10.3.0, which can be exploited by a remote, authenticated user to bypass established access restrictions and read or writ...

Cybozu Office Security Mechanism Bypass Vulnerability (CNVD-2016-01259)

Cybozu Office is a WEB-based cross-platform office solution developed by Cybozu Japan. A security mechanism bypass vulnerability exists in Cybozu Office versions 9.9.0 through 10.3.0, which can be exploited by a remote, authenticated user to bypass established access restrictions and read or writ...