EUVD-2019-11282

Malware in sbrugna...

Security Bulletin: CVE-2015-7450 affects the desktop IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Summary The following vulnerability in Apache commons that affects the desktop IBM Process Designer has been addressed. Vulnerability Details CVEID:CVE-2015-7450 DESCRIPTION: Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and...

CVE-2019-20743

NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS...

CVE-2019-20743

CVE-2019-20743 affects NETGEAR WAC510 devices running firmware before 8.0.1.3, where a stored XSS flaw exists in the WEB management interface. Multiple sources (NVD, Red Hat, CNVD) corroborate a cross-site scripting vulnerability that can lead to client-side code execution under certain condition...

LiveZilla Live Chat Elevation of Privilege Vulnerability

LiveZilla Live Chat is a free online customer service system from the German company LiveZilla. The system provides real-time monitoring of visitors, offline messages, GeoTracking map tracking, access statistics, online chat and other features. A security vulnerability exists in the 'name' functi...

CVE-2020-9758

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...

Design/Logic Flaw

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...

CVE-2020-9758

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...

CVE-2019-5253

E5572-855 with versions earlier than 8.0.1.3H335SP1C233 has an improper authentication vulnerability. The device does not perform a sufficient authentication when doing certain operations, successful exploit could allow an attacker to cause the device to reboot after launch a man in the middle...

CVE-2019-5253

Huawei E5572-855 devices with firmware versions earlier than 8.0.1.3 (H335SP1C233) have an improper authentication vulnerability. The device does not perform sufficient authentication for certain operations, and a successful exploit could cause a reboot after a man-in-the-middle attack. Connected...

CVE-2019-5253

E5572-855 with versions earlier than 8.0.1.3H335SP1C233 has an improper authentication vulnerability. The device does not perform a sufficient authentication when doing certain operations, successful exploit could allow an attacker to cause the device to reboot after launch a man in the middle...

Huawei E5572-855 Authorization Issues Vulnerability

The Huawei E5572-855 is a portable wireless router device from Huawei China. An authorization issue vulnerability exists in Huawei E5572-855 prior to version 8.0.1.3 H335SP1C233, which can be exploited by an attacker to cause a device reboot by performing a man-in-the-middle attack...

Security Bulletin: A libxml vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-1819)

Summary IBM Security Access Manager for Mobile is affected by a denial of service vulnerability in libxml2. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error in the xmlreader when processing XM...

Security Bulletin: IBM Security Access Manager for Mobile is affected by Network Security Services (NSS) vulnerabilities (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)

Summary Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. IBM Security Access Manager for...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition WLE 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL th...

IBM RBD Web Services Information Disclosure Vulnerability (Windows)

This host is installed with IBM Rational Business Developer and is prone information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbibmrationalbusideveloperinfodiscvulnwin.nasl 5366 2017-02-20 13:55:38Z cfi $ IBM RBD Web Services Information Disclosure Vulnerability Windows Authors:...