Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related...
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly...
Westermo WeOS before 4.19.0 uses the same SSL private key across different customers’ installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key. Date published...
HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. Date published : 2016-01-30 http://www.securityfocus.com/bid/82259 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953244
Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or...
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. Date published : 2016-01-30 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-uc http://www.securitytracker.com/id/1034868
The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330. Date published : 2016-01-30 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors. Date published...
Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM before 1.2.2 and -JOB WEB SYSTEM High Income 1.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors....
Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before 2015-11-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2016-01-30 https://github.com/ikeay/vinemv/commit/f41efbcac1f9262a161ebc1babfcf55fae9e939a http://jvn.jp/en/jp/JVN12165579/index.html
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. Date published : 2016-01-30 http://www.au.kddi.com/mobile/service/smartphone/wifi/homespot/#anc06 http://jvn.jp/en/jp/JVN54686544/index.html
KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors. Date published : 2016-01-30 http://www.au.kddi.com/mobile/service/smartphone/wifi/homespot/#anc06 http://jvn.jp/en/jp/JVN54686544/index.html
Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Date published : 2016-01-30 http://www.au.kddi.com/mobile/service/smartphone/wifi/homespot/#anc06 http://jvn.jp/en/jp/JVN54686544/index.html
CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. Date published : 2016-01-30 http://www.au.kddi.com/mobile/service/smartphone/wifi/homespot/#anc06 http://jvn.jp/en/jp/JVN54686544/index.html