Security Bulletin: IBM Cúram Universal Access is vulnerable to CRLF Injection attack when not deployed on IBM WebSphere. (CVE-2014-4803)

Summary The Universal Access component of IBM Cúram Social Program Management, when not deployed on IBM WebSphere Application Server, is vulnerable to CRLF Injection attack; this is caused by improper sanitization/escaping of a parameter on one page. Vulnerability Details CVEID: CVE-2014-4803 A...

Security Bulletin: IBM Cúram Universal Access exposes caseworker usernames under specific circumstances.(CVE-2014-4843).

Summary IBM Universal Access contains a page where internal caseworker usernames are exposed as part of a URL. This information could be used in subsequent attacks against that particular user, e.g. to cause account lockout. Vulnerability Details CVE-2014-4843 CVSS Base Score: 4.3 CVSS Temporal...

CVE-2011-5169

CVE-2011-5169 affects SonicWall ViewPoint 6.0 SP2. The vulnerability is an SQL injection in sgms/reports/scheduledreports/configure/scheduleProps.jsp via the scheduleID parameter, allowing remote attackers to execute arbitrary SQL commands. Exploitation status and patch/remediation details are no...

SonicWall Viewpoint v6.0 SP2 - Multiple Web Vulnerabilities

Document Title: =============== SonicWall Viewpoint v6.0 SP2 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=195 Release Date: ============= 2011-09-27 Vulnerability Laboratory ID VL-ID: ====================================...

Microsoft Internet Explorer Document.Domain跨域同源覆盖漏洞

Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer存在绕过同源策略问题，远程攻击者可以利用漏洞访问其他目标域或者进行内容伪造攻击。 攻击者可以通过修改document.domain中的值，构建恶意WEB页，诱使用户访问来触发。 Microsoft Internet Explorer 6.0 SP2 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 - Citrix ICA Client for Windows 4.0...