Security Bulletin: IBM Sterling Secure Proxy is vulnerable to denial-of-service due to Jetty

Summary A security vulnerability in Jetty's ThreadLimitHandler.getRemote can be exploited by unauthorized users to cause remote denial-of-service DoS attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. IBM Sterling Secure Proxy...

EUVD-2014-3032

Malware in sbrugna...

WordPress Uncanny Groups for LearnDash plugin <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add vulnerability

Missing Authorization to Authenticated Group Leader+ User Group Add vulnerability discovered by Karl Emil Nikka in WordPress Plugin Uncanny Groups for LearnDash versions = 6.1.0.1...

WordPress plugin Uncanny Groups for LearnDash 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-38964 · WordPress · Uncanny Groups For Learndash

Name of the Vulnerable Software and Affected Versions: The Uncanny Groups for LearnDash plugin for WordPress versions up to, and including, 6.1.0.1 Description: The issue arises from the plugin's failure to properly restrict what users a group leader can edit. This allows authenticated attackers...

CVE-2023-50874 WordPress Ajax Load More Plugin <= 6.1.0.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More allows Stored XSS.This issue affects WordPress Infinite Scroll – Ajax Load More: from n/a through 6.1.0.1...

Security Bulletin: Deserialization Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4728)

Summary IBM Sterling B2B Integrator has addressed the deserialization vulnerability. Vulnerability Details CVEID: CVE-2019-4728 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrust...

Security Bulletin: Information Disclosure Vulnerability Affects IBM Sterling B2B Integrator (CVE-2020-4761)

Summary IBM Sterling B2B Integrator has addressed an information disclosure security vulnerability. Vulnerability Details CVEID: CVE-2020-4761 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information when a detailed technical error...

CVE-2022-1461

Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1...

CVE-2022-1459

Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1...

IBM Sterling File Gateway Denial of Service Vulnerability

IBM Sterling File Gateway is an application for transferring files between internal and external partners, allowing you to more securely and reliably transfer files with trading partners. IBM Sterling File Gateway versions 2.2.0.0-5.2.6.53, 6.0.0.0- 6.0.0.6, 6.0 .1.0-6.0.3.4, and 6.1.0.0-6.1.0.1...

Security Bulletin: Session Fixation Vulnerability Affects BM Sterling File Gateway (CVE-2021-20473)

Summary IBM Sterling File Gateway has addressed the security vulnerability. Vulnerability Details CVEID: CVE-2021-20473 DESCRIPTION: IBM Sterling File Gateway User Interface does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

CVE-2014-3011

IBM OpenPages GRC Platform 6.1.0.1 before IF4 is affected by CVE-2014-3011. The vulnerability allows remote attackers to perform link injection via unspecified vectors, with network access, low attack complexity, no authentication required, and potential partial integrity impact (I). No specific ...

CVE-2013-6305

CVE-2013-6305 affects IBM Platform Symphony 5.2 (before build 229037) and 6.1.0.1 (before build 229073). The root cause is reuse of the same credentials encryption key across different customers’ installations, enabling context-dependent attackers to obtain sensitive information by leveraging kno...

Null pointer dereference

FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager TSM FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly handle a certain failure to allocate memory, which allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash...