|Paid content will be excluded from the download.
| Matches : 106906
|The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features.
MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext.
Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php.
url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
Heap-based buffer overflow in Adobe Flash Player before 184.108.40.2063 and 19.x through 21.x before 220.127.116.11 on Windows and OS X and before 18.104.22.1687 on Linux, Adobe AIR before 22.214.171.124, Adobe AIR SDK before 126.96.36.199, and Adobe AIR SDK & Compiler before 188.8.131.52 allows attackers to execute arbitrary code via unspecified vectors.
Adobe Flash Player before 184.108.40.2063 and 19.x through 21.x before 220.127.116.11 on Windows and OS X and before 18.104.22.1687 on Linux, Adobe AIR before 22.214.171.124, Adobe AIR SDK before 126.96.36.199, and Adobe AIR SDK & Compiler before 188.8.131.52 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960 ...
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10033. Reason: This candidate is a duplicate of CVE-2016-10033. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2016-10033 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Pages:      Start    10069    10070    10071    10072    10073    10074    10075    10076    10077    10078    10079    10080    10081    10082    ..   10690
© 2013 SecPod Technologies