Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 28226 of 28407

CVE-2016-6489

Posted by Cyberthreat Blog | Apr 14, 2017 | CVE Notifications |

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

CVE-2016-4888

Posted by Cyberthreat Blog | Apr 14, 2017 | CVE Notifications |

Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2017-7188

Posted by Cyberthreat Blog | Apr 14, 2017 | CVE Notifications |

Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.

CVE-2016-6299

Posted by Cyberthreat Blog | Apr 14, 2017 | CVE Notifications |

The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.

CVE-2016-4889

Posted by Cyberthreat Blog | Apr 14, 2017 | CVE Notifications |

ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.

Author: Cyberthreat Blog

CVE-2016-6489

CVE-2016-4888

CVE-2017-7188

CVE-2016-6299

CVE-2016-4889