Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 28225 of 28407

CVE-2016-8602

Posted by Cyberthreat Blog | Apr 14, 2017 | CVE Notifications |

The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls...

CVE-2016-4890

Posted by Cyberthreat Blog | Apr 14, 2017 | CVE Notifications |

ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generationg cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.

CVE-2016-4455

Posted by Cyberthreat Blog | Apr 14, 2017 | CVE Notifications |

The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by...

CVE-2016-6489

Posted by Cyberthreat Blog | Apr 14, 2017 | CVE Notifications |

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

CVE-2016-4888

Posted by Cyberthreat Blog | Apr 14, 2017 | CVE Notifications |

Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Author: Cyberthreat Blog

CVE-2016-8602

CVE-2016-4890

CVE-2016-4455

CVE-2016-6489

CVE-2016-4888