2017-09-25

 
RSS for product
CVE-2015-4667
 
Multiple hardcoded credentials in Xsuite 2.3.0 and 2.4.3.0.

 
RSS for product
CVE-2010-3050
 
Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).

 
RSS for product
CVE-2010-3049
 
Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).

 
RSS for product
CVE-2017-14506
 
geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.

 
RSS for product
CVE-2017-14683
 
geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.

 
RSS for product
CVE-2015-5184
 
The Hawtio console in A-MQ allows remote attackers to obtain sensitive information and perform other unspecified impact.

 
RSS for product
CVE-2015-5263
 
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.

 
RSS for product
CVE-2015-5182
 
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.

 
RSS for product
CVE-2015-5183
 
The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.

 
RSS for product
CVE-2015-5181
 
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.

 
RSS for product
CVE-2015-5169
 
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.

 
RSS for product
CVE-2012-6696
 
inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836.

 
RSS for product
CVE-2011-4667
 
The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions.

 
RSS for product
CVE-2015-4668
 
Open redirect vulnerability in Xsuite 2.3.0 and 2.4.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.

 
RSS for product
CVE-2015-4669
 
The MySQL "root" user in Xsuite 2.3.0 and 2.4.3.0 does not have a password set, which allows local users to access databases on the system.

 
RSS for product
CVE-2015-5237
 
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.

 
RSS for product
CVE-2015-5282
 
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.

 
RSS for product
CVE-2015-6748
 
Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.

 
RSS for product
CVE-2015-7315
 
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.

 
RSS for product
CVE-2015-7316
 
Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.

 
RSS for product
CVE-2015-7317
 
Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.

 
RSS for product
CVE-2015-7318
 
Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.

 
RSS for product
CVE-2017-1235
 
IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread could potentially cause denial of service. IBM X-Force ID: 123914.

 
RSS for product
CVE-2017-12905
 
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.

 
RSS for product
CVE-2017-1346
 
IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461.

 


Copyright 2017, cxsecurity.com

 

Back to Top