Vulnerabilities > 7PK - Security Features
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-20 | CVE-2016-1927 | 7PK - Security Features vulnerability in PHPmyadmin The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. | 7.5 |
| 2016-02-18 | CVE-2015-8286 | 7PK - Security Features vulnerability in Zhuhai Raysharp Firmware Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000. | 9.8 |
| 2016-02-17 | CVE-2016-2398 | 7PK - Security Features vulnerability in Comcast Xfinity Home Security System Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions. | 6.5 |
| 2016-02-17 | CVE-2016-2072 | 7PK - Security Features vulnerability in Citrix Netscaler The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 6.1 |
| 2016-02-16 | CVE-2015-7576 | 7PK - Security Features vulnerability in Rubyonrails Ruby on Rails The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences. | 3.7 |
| 2016-02-15 | CVE-2015-5010 | 7PK - Security Features vulnerability in IBM products IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 7.5 |
| 2016-02-10 | CVE-2016-0950 | 7PK - Security Features vulnerability in Adobe Connect Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors. | 5.3 |
| 2016-02-06 | CVE-2015-7914 | 7PK - Security Features vulnerability in Sauter Moduweb Vision 1.5.5 Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password. | 8.1 |
| 2016-01-30 | CVE-2016-1140 | 7PK - Security Features vulnerability in Kddi Home Spot Cube Firmware 2.0 KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors. | 6.1 |
| 2016-01-27 | CVE-2016-2047 | 7PK - Security Features vulnerability in multiple products The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com." | 5.9 |