CVE-2012-4519

Zenphoto prior to 1.4.3.4 contains a cross-site scripting (XSS) vulnerability in the admin-news-articles.php date parameter. The issue allows injection of scripts in the admin interface. Root cause: improper handling of the date parameter leading to XSS. Impact is limited to compromising admin co...

Security Bulletin: User information can appear in the system audit log on the IBM SONAS (CVE-2014-3077)

Summary A fix is available for the IBM SONAS, for the security issue that user information is displayed in system audit log Vulnerability Details CVEID: CVE-2014-3077 DESCRIPTION: Under some circumstances, user details appear in the system log. An attacker could exploit this vulnerability to gain...

Security Bulletin: Apache Tomcat security vulnerability issues on IBM SONAS (CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)

Summary IBM SONAS is shipped with Apache Tomcat, for which fixes are available for five security vulnerabilities. Vulnerability Details CVEID: CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 DESCRIPTION: Apache Tomcat is used in IBM SONAS for providing graphical user interface for the...

Security Bulletin: Password provided for executing chkauth is logged in audit log on IBM Storwize V7000 Unified (CVE-2014-3077)

Summary A fix is available for IBM Storwize V7000 Unified, for the security issue that Password provided for executing chkauth is logged in audit log Vulnerability Details CVEID: CVE-2014-3077 DESCRIPTION: Under some circumstances, user details appear in the system audit log. An attacker could...