Security Bulletin: Two vulnerabilities in WAS Liberty affect IBM Transformation Extender Advanced and IBM Standards Processing Engine (CVE-2016-0378 and CVE-2016-5986)

Summary Two vulnerabilities have been found in WAS Liberty, which is shipped in IBM Transforation Extender Advanced and IBM Standards Processing Engine. IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by improper handling of exceptions...

Ellucian Banner Student Arbitrary Password Reset Vulnerability

Ellucian formerly known as SunGard Banner Student is a set of student information management system of the American Ellucian Company. The system has functions such as grade release, student attendance and student information statistics. A security vulnerability exists in Ellucian Banner Student...

Ellucian Banner Student Cross-Site Scripting Vulnerability

Ellucian formerly known as SunGard Banner Student is a set of student information management system of the American Ellucian Company. The system has functions such as grade release, student attendance and student information statistics. A cross-site scripting vulnerability exists in Ellucian Bann...

Ellucian Banner Student User Enumeration Vulnerability

Ellucian formerly known as SunGard Banner Student is a set of student information management system of the American Ellucian Company. The system has functions such as grade release, student attendance and student information statistics. A security vulnerability exists in Ellucian Banner Student...

CVE-2015-5054

Open redirect vulnerability in Ellucian formerly SunGard Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter...

CVE-2015-4687

CVE-2015-4687 corresponds to a Cross-Site Scripting (XSS) vulnerability in Ellucian Banner Student (formerly SunGard) version 8.5.1.2. The linked sources confirm an XSS flaw that could allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. The available records do ...

Information disclosure

IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service daemon crash by accepting a meeting invitation with an iNotes client and then accepting this meeting invitation with an iPhone client...

CVE-2010-4546

CVE-2010-4546 affects IBM Lotus Notes Traveler prior to 8.5.1.2. The issue arises when handling an attachment download request for an e-mail message with a Prevent Copy attribute, where the system does not reject the request. This allows remote authenticated users to bypass intended access restri...

CVE-2010-4551

IBM Lotus Notes Traveler prior to 8.5.1.2 is affected: vulnerability arises when the Internet ID field in a person document is omitted, enabling remote authenticated users to trigger a NULL pointer dereference that crashes the Traveler daemon via Apple-device invitation acceptance/decline. Affect...