X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request. Date published : 2015-04-04 http://www.kb.cert.org/vuls/id/924124 https://blog.x-cart.com/5-1-11-released.html
Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter. Date published : 2015-04-04 http://www.kb.cert.org/vuls/id/924124 https://blog.x-cart.com/5-1-11-released.html
The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for...
EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login...
Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file. Date published : 2015-04-03 http://www.securityfocus.com/bid/73405 http://www.securityfocus.com/archive/1/535142/100/0/threaded
Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. Date published : 2015-04-03...
Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network. Date published : 2015-04-03 https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03
The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file. Date published : 2015-04-03 https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03
Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types. Date published : 2015-04-03 https://www.exploit-db.com/exploits/36369/...
Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter. Date published : 2015-04-03 http://www.securityfocus.com/bid/73342 http://www.securityfocus.com/archive/1/534934/100/0/threaded
The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member...
Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell...
Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors. Date published : 2015-04-03 http://www.securityfocus.com/bid/73481 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04626732
Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. Date published : 2015-04-03 https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01