Cross-site scripting (XSS) vulnerability in Let’s PHP! p++BBS before 4.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2015-12-27 http://php.s3.to/bbs/bbs2.php http://jvn.jp/en/jp/JVN72891124/index.html
Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a...
The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL. Date...
SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL. Date published : 2015-12-27 https://www.kb.cert.org/vuls/id/630239 http://www.epiphanyhealthdata.com/blog/certresponse
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. Date...
NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port....
Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof...
The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) deactivate an alarm...
The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video...
The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up"...
Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419. Date published : 2015-12-26 http://www.securityfocus.com/bid/79678 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab
Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the...
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the...
Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with...