CVE-2016-3963 (scalance_s613)
Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443.
Source: CVE-2016-3963 (scalance_s613)
[월:] 2016년 04월
CVE-2016-3963
CVE-2016-3963
Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443.
Source: CVE-2016-3963
CVE-2016-2513 (django)
CVE-2016-2513 (django)
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
Source: CVE-2016-2513 (django)
CVE-2016-2513
CVE-2016-2513
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
Source: CVE-2016-2513
CVE-2016-2512 (django)
CVE-2016-2512 (django)
The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://[email protected].
Source: CVE-2016-2512 (django)
CVE-2016-2512
CVE-2016-2512
The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://[email protected].
Source: CVE-2016-2512
CVE-2016-2381
CVE-2016-2381
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
Source: CVE-2016-2381
CVE-2016-1375
CVE-2016-1375
Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339.
Source: CVE-2016-1375
CVE-2016-1180
CVE-2016-1180
Cross-site scripting (XSS) vulnerability in the Social-button Premium plugin 1.0 for Cyber-Will EC-CUBE 2.13.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Source: CVE-2016-1180
CVE-2015-5969
CVE-2015-5969
The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.
Source: CVE-2015-5969