Author: Cyberthreat Blog

ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generationg cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.

The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by...

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.