News aggregator

CVE-2016-0345

National Vulnerability Database - Wed, 02/21/2018 - 11:29
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain the installation path via vectors involving Birt report rendering. IBM X-Force ID: 111786.
Categories: Security News

CVE-2016-0348

National Vulnerability Database - Wed, 02/21/2018 - 11:29
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813.
Categories: Security News

CVE-2016-0351

National Vulnerability Database - Wed, 02/21/2018 - 11:29
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID: 111890.
Categories: Security News

CVE-2016-0366

National Vulnerability Database - Wed, 02/21/2018 - 11:29
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 112071.
Categories: Security News

CVE-2016-0367

National Vulnerability Database - Wed, 02/21/2018 - 11:29
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 112072.
Categories: Security News

CVE-2016-0369

National Vulnerability Database - Wed, 02/21/2018 - 11:29
XML external entity (XXE) vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 112088.
Categories: Security News

CVE-2013-0267

National Vulnerability Database - Wed, 02/21/2018 - 10:29
The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation.
Categories: Security News

CVE-2015-0203

National Vulnerability Database - Wed, 02/21/2018 - 10:29
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach.
Categories: Security News

CVE-2015-6569

National Vulnerability Database - Wed, 02/21/2018 - 10:29
Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack.
Categories: Security News

CVE-2018-5716

National Vulnerability Database - Wed, 02/21/2018 - 10:29
An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the goform/edit_lf_get_data URI, the attacker can retrieve the content of a file.
Categories: Security News

CVE-2018-7260

National Vulnerability Database - Wed, 02/21/2018 - 10:29
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Categories: Security News

CVE-2018-1164

National Vulnerability Database - Wed, 02/21/2018 - 09:29
This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540.
Categories: Security News

CVE-2018-1165

National Vulnerability Database - Wed, 02/21/2018 - 09:29
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4983.
Categories: Security News

CVE-2018-1166

National Vulnerability Database - Wed, 02/21/2018 - 09:29
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4984.
Categories: Security News

CVE-2018-1168

National Vulnerability Database - Wed, 02/21/2018 - 09:29
This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097.
Categories: Security News

Vuln: Cisco Jabber CVE-2018-0201 Cross Site Scripting Vulnerability

SecurityFocus Vulnerabilities - Wed, 02/21/2018 - 00:00
Cisco Jabber CVE-2018-0201 Cross Site Scripting Vulnerability
Categories: Security News

Vuln: Atlassian Floodlight Controller CVE-2015-6569 Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Wed, 02/21/2018 - 00:00
Atlassian Floodlight Controller CVE-2015-6569 Denial of Service Vulnerability
Categories: Security News

Vuln: Drupal Core DRUPAL-SA-CORE-2018-001 Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Wed, 02/21/2018 - 00:00
Drupal Core DRUPAL-SA-CORE-2018-001 Multiple Security Vulnerabilities
Categories: Security News

Vuln: Cisco Elastic Services Controller CVE-2018-0130 Unauthorized Access Vulnerability

SecurityFocus Vulnerabilities - Wed, 02/21/2018 - 00:00
Cisco Elastic Services Controller CVE-2018-0130 Unauthorized Access Vulnerability
Categories: Security News

Vuln: Drupal Core DRUPAL-SA-CORE-2018-001 Multiple Access Bypass Vulnerabilities

SecurityFocus Vulnerabilities - Wed, 02/21/2018 - 00:00
Drupal Core DRUPAL-SA-CORE-2018-001 Multiple Access Bypass Vulnerabilities
Categories: Security News

Pages