Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
All posts by 007admin
CVE-2016-4319
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.
CVE-2016-4317
Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.
CVE-2016-4318
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.
CVE-2016-5051
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application.
CVE-2016-4320
Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.
CVE-2016-4334
Jive before 2016.3.1 has an open redirect from the external-link.jspa page.
CVE-2015-8275
LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files.
CVE-2016-5054
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay.
CVE-2016-5053
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.