News aggregator

CVE-2017-15950

National Vulnerability Database - Tue, 10/31/2017 - 10:29
Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive mode.
Categories: Security News

CVE-2017-3933

National Vulnerability Database - Tue, 10/31/2017 - 10:29
Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack.
Categories: Security News

CVE-2017-3934

National Vulnerability Database - Tue, 10/31/2017 - 10:29
Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver.
Categories: Security News

CVE-2017-3935

National Vulnerability Database - Tue, 10/31/2017 - 10:29
Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type.
Categories: Security News

CVE-2015-9245

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.
Categories: Security News

CVE-2016-10699

National Vulnerability Database - Tue, 10/31/2017 - 03:29
D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs.
Categories: Security News

CVE-2017-14373

National Vulnerability Database - Tue, 10/31/2017 - 03:29
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Categories: Security News

CVE-2017-15977

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
Categories: Security News

CVE-2017-15978

National Vulnerability Database - Tue, 10/31/2017 - 03:29
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
Categories: Security News

CVE-2017-15979

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.
Categories: Security News

CVE-2017-15980

National Vulnerability Database - Tue, 10/31/2017 - 03:29
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.
Categories: Security News

CVE-2017-15981

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
Categories: Security News

CVE-2017-15982

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
Categories: Security News

CVE-2017-15983

National Vulnerability Database - Tue, 10/31/2017 - 03:29
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
Categories: Security News

CVE-2017-15984

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.
Categories: Security News

CVE-2017-15985

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
Categories: Security News

CVE-2017-15986

National Vulnerability Database - Tue, 10/31/2017 - 03:29
CPA Lead Reward Script allows SQL Injection via the username parameter.
Categories: Security News

CVE-2017-15987

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.
Categories: Security News

CVE-2017-15988

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.
Categories: Security News

CVE-2017-15989

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.
Categories: Security News

Pages