SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated)

Exploit Title: SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution Unauthenticated Exploit Author: Darren Martyn Vendor Homepage: https://www.home-assistant.io/ Version: SMA 8.0.0.4 Blog post: https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/...

IBM MQ 8.0 <= 8.0.0.4 (281073)

The version of IBM MQ Server running on the remote host is affected by a vulnerability. IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program...

Security Bulletin: Vulnerabilities in GSKit affect IBM Rational ClearCase (CVE-2015-0159 and CVE-2014-6221)

Summary GSKit is an IBM component that is used by IBM Rational ClearCase. The GSKit that is shipped with IBM Rational ClearCase contains multiple security vulnerabilities. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2014-6221 DESCRIPTION: Random Data...

Security Bulletin: Various IBM WebSphere MQ Installers are susceptible to DLL-planting vulnerabilities (CVE-2016-2542 & CVE-2016-4560)

Summary Various IBM WebSphere MQ graphical user interface installers are susceptible to a DLL-planting vulnerability where a malicious DLL, that is present in the Windows search path, could be loaded by the operating system in place of the genuine file. The vulnerability affects Windows executabl...

Security Bulletin: Apache Commons FileUpload vulnerability affects IBM WebSphere MQ Managed File Transfer (CVE-2013-0248)

Summary A vulnerability in Apache Commons FileUpload component potentially affects IBM WebSphere MQ Managed File Transfer. Vulnerability Details CVEID: CVE-2013-0248 DESCRIPTION: Apache Commons FileUpload could allow a local attacker to launch a symlink attack. Temporary files are created...

Security Bulletin: Vulnerability in OpenSSL affects IBM WebSphere MQ (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM WebSphere MQ uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processing...

Security Bulletin: IBM MQ Appliance potentially vulnerable to remote servlet spoof attack (CVE-2015-4938)

Summary A potential remote servlet spoof attack vulnerability was addressed by IBM MQ Appliance. Vulnerability Details CVEID: CVE-2015-4938 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to spoof a servlet. An attacker could exploit this vulnerability to persuade the...

Security Bulletin: Vulnerability in OpenSSL affects IBM MQ Appliance (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM MQ Appliance uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processing...

Security Bulletin: Vulnerabilities in GSKit affect IBM MQ Appliance (CVE-2015-7421, CVE-2015-7420)

Summary Vulnerabilities in GSKit affect IBM MQ Appliance. IBM MQ Appliance has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-7421 DESCRIPTION: An unspecified vulnerability in GSKit could allow a remote attacker to obtain sensitive information. CVSS Base Score: 3.7 CVSS...

EMC Isilon OneFS Privilege Escalation Vulnerability

EMC Isilon OneFS is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2015-7462

IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program...

CVE-2015-7462

IBM WebSphere MQ for IBM i 8.0.0.4 is affected. An administrator can run mqcertck from MQ trace output to reveal cleartext certificate-keystore passwords, exploiting local access to decrypt other MQ administrator passwords. The issue stems from the mqcertck tool introduced in MQ 8.0.0.4, enabling...

IBM MQ M2000 Appliance Information Disclosure Vulnerability

The IBM MQ M2000 Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware from IBM USA. A security vulnerability exists in queue manager in IBM MQ M2000 Appliance versions prior to 8.0.0.4. A local attacker can exploit this vulnerability by leveraging the...

CVE-2015-7420

Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421...