CVE-2016-6231
Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.
Source: CVE-2016-6231
[월:] 2016년 08월
CVE-2016-4069 (leap, webmail)
CVE-2016-4069 (leap, webmail)
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.
Source: CVE-2016-4069 (leap, webmail)
CVE-2016-4069
CVE-2016-4069
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.
Source: CVE-2016-4069
CVE-2016-7089 (rapidstream)
CVE-2016-7089 (rapidstream)
WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN.
Source: CVE-2016-7089 (rapidstream)
CVE-2016-7089
CVE-2016-7089
WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN.
Source: CVE-2016-7089
CVE-2016-6909 (fortios, fortiswitch)
CVE-2016-6909 (fortios, fortiswitch)
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.
CVE-2016-5812 (oncell_g3001_firmware, oncell_g3100v2_firmware)
CVE-2016-5812 (oncell_g3001_firmware, oncell_g3100v2_firmware)
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file.
Source: CVE-2016-5812 (oncell_g3001_firmware, oncell_g3100v2_firmware)
CVE-2016-5799 (oncell_g3001_firmware, oncell_g3100v2_firmware)
CVE-2016-5799 (oncell_g3001_firmware, oncell_g3100v2_firmware)
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
Source: CVE-2016-5799 (oncell_g3001_firmware, oncell_g3100v2_firmware)
CVE-2016-5799
CVE-2016-5799
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
Source: CVE-2016-5799
CVE-2016-5812
CVE-2016-5812
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file.
Source: CVE-2016-5812