Nuvoton NPCT75x 信息泄露漏洞

Nuvoton NPCT75x is a series of Trusted Platform Module products from Nuvoton Japan. An information disclosure vulnerability exists in Nuvoton NPCT75x, which could allow an attacker to extract elliptic curve private keys by launching a side-channel attack against ECDSA. The following products and...

IBM Spectrum Symphony Information Disclosure Vulnerability

IBM Spectrum Symphony is a suite of enterprise-class management software for running compute- and data-intensive distributed applications on shared grids from IBM in the United States. A security vulnerability exists in IBM Spectrum Symphony versions 7.1.2 and 7.2.0.2. The vulnerability can be...

CVE-2018-1706

IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341...

CVE-2018-1708

IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343...

CVE-2018-1706

IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting in the Web UI, allowing a user to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. CVSS v3 base score 5.4 (network, low complexity, user interaction required, privileges LOW; scope CHANGED...

Security Bulletin: Arbitrary URL Redirection (CVE-2018-1704) affects IBM Platform Symphony, IBM Spectrum Symphony

Summary Arbitrary URL Redirection CVE-2018-1704 affects IBM Platform Symphony, IBM Spectrum Symphony Vulnerability Details CVEID: CVE-2018-1704 DESCRIPTION: IBM Platform Symphony could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to...

CVE-2018-1595

IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622...

Security Bulletin: Vertical authorization bypass vulnerability (CVE-2018-1613) affects IBM Platform Symphony, IBM Spectrum Symphony

Summary The vertical authorization bypass vulnerability affects the Symping utility in IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1, and IBM Spectrum Symphony 7.1.2 and 7.2.0.2. Vulnerability Details CVEID: CVE-2018-1613 DESCRIPTION: IBM Platform Symphony and IBM Spectrum Symphony could allow a...

AIX 6.1 / 7.1 / 7.2.0.2 lsmcode Local Root

!/usr/bin/sh AIX lsmcode local root exploit. Affected: AIX 6.1/7.1/7.2.0.2 Blog post URL: https://rhinosecuritylabs.com/2016/11/03/unix-nostalgia-hunting-zeroday-vulnerabilities-ibm-aix/ lqueryroot.sh by @hxmonsegur 2016 //RSL ROOTSHELL=/tmp/shell-$od -N4 -tu /dev/random | awk 'NR==1 print $2 ' i...