Page 10 of 77 results (0.010 seconds)

CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0

Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1, and 10.0.0; and Interstage Studio 9.0.0, 9.1.0, 9.2.0, and 10.0.0, has unspecified impact and attack vectors related to "ihsrlog/rotatelogs." Desbordamiento de búfer en la funcionalidad Interstage HTTP Server log, tal como se utiliza en Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1 y 10.0.0, y Interstage Studio 9.0.0, 9.1.0, 9.2 0.0 y 10.0.0, tiene impacto y vectores de ataque no especificados relacionados con "ihsrlog / rotatelogs." • http://www.fujitsu.com/global/support/software/security/products-f/interstage-201302e.html http://www.securityfocus.com/bid/63929 http://www.securitytracker.com/id/1029398 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.9EPSS: 0%CPEs: 34EXPL: 0

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. El algoritmo RC4, tal como se usa en el protocolo TLS y protocolo SSL, tiene muchos "single-byte biases", lo que hace que sea más fácil para atacantes remotos realizar ataques de recuperación de texto claro a través de análisis estadístico de texto cifrado en un gran número de sesiones que utilizan el mismo texto claro. • http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html http://cr.yp.to/talks/2013.03.12/slides.pdf http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://marc.info/?l=bugtraq&m=143039468003789&w=2 http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4 http://security.gentoo.org/glsa/glsa-201406-19.xml http://www.isg.rhul.ac.uk/tls http://www.mozilla.org/security/announce/2013/mfsa2013& • CWE-326: Inadequate Encryption Strength •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Fujitsu e-Pares V01 L01 permite a atacantes remotos inyectar código web o HTML a través de vectores sin expecificar. • http://jvn.jp/en/jp/JVN58439007/index.html http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000021.html http://secunia.com/advisories/40029 http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html http://www.securityfocus.com/bid/40515 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0

Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión de Fujitsu e-Pares V01 L01, L03, L10, L20, L30 permite a atacantes remotos secuestrar sesiones web a través de vectores sin expecificar. • http://jvn.jp/en/jp/JVN36925871/index.html http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000023.html http://secunia.com/advisories/40029 http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html http://www.securityfocus.com/bid/40513 • CWE-287: Improper Authentication •

CVSS: 2.6EPSS: 0%CPEs: 7EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30 y L40 permite a atacantes remotos secuestar la autenticación de otros usuarios para peticiones que modifican "datos reservados" a través de vectores desconocidos. • http://jvn.jp/en/jp/JVN82465391/index.html http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000022.html http://secunia.com/advisories/40029 http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html http://www.securityfocus.com/bid/40517 • CWE-352: Cross-Site Request Forgery (CSRF) •