Security Bulletin: IBM® IBM Common Licensing using WebSphere Application Server and WebSphere Application Server Liberty are affected by SMTP injection due to Jakarta Mail (CVE-2025-7962)

Summary Vulnerability in javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 features affects IBM WebSphere Application Server Liberty 17.0.0.3 - 25.0.0.11 with specific features enabled. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, and addressed in this...

Security Bulletin: IBM Common Licensing is vulnerable to stored cross-site scripting in IBM LKS Administration Reporting Tool and its Agent.

Summary IBM LKS Administration Reporting Tool and its Agent are vulnerable to stored cross-site scripting. This has been addressed in the remediation section Vulnerability Details CVEID:CVE-2024-41774 DESCRIPTION: IBM Common Licensing is vulnerable to stored cross-site scripting. This vulnerabili...

CVE-2022-36955

In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1...

Command injection

In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1...

Void Aural Rec Monitor Information Disclosure Vulnerability

Void Aural Rec Monitor is an application from the Spanish company Void. Void Aural Rec Monitor in version 9.0.0.1 suffers from an information disclosure vulnerability that originates from the svc-login.php password being stored in an unencrypted source code text file, which can be exploited to ga...

Code injection

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server...

CVE-2021-25899

Void Aural Rec Monitor 9.0.0.1 contains a SQL injection in svc-login.php (param1) exploitable via blind time-based requests. An unauthenticated attacker can trigger the vulnerability to potentially read data, modify data, and perform unauthorized administrative actions. No exploit details are pro...

Void Aural Rec Monitor 信任管理问题漏洞

Void Aural Rec Monitor is an application from the Spanish company Void. Void Aural Rec Monitor in version 9.0.0.1 suffers from an information disclosure vulnerability that originates from the svc-login.php password being stored in an unencrypted source code text file, which can be exploited to ga...

Void Aural Rec Monitor SQL注入漏洞

Void Aural Rec Monitor is an application from the Spanish company Void. Aural Rec Monitor version 9.0.0.1 suffers from a SQL injection vulnerability, which originates in svc-login.php, where an unauthenticated attacker sends a crafted HTTP request to perform a blind time-based SQL injection...

CVE-2020-24669

The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About...

CVE-2020-24669

The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About...

IBM WebSphere MQ Denial of Service (CVE-2017-1117)

According to its self-reported version, the IBM WebSphere MQ server installed on the remote Windows host is version 7.5.0.x prior to 7.5.0.8, 8.0.0.x prior to 8.0.0.6, 9.0.x prior to 9.0.2 or 9.0.0.x prior to 9.0.0.1. It is, therefore, affected by a denial of service vulnerability. An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2015-7575, CVE-2016-0475)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 & 8 that is used by Rational Performance Tester. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. Vulnerability...

Security Bulletin: IBM Security Access Manager for Mobile is affected by Network Security Services (NSS) vulnerabilities (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)

Summary Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. IBM Security Access Manager for...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM MQ Advanced Message Security (CVE-2016-2177, CVE-2016-2178)

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM MQ Advanced Message Security on the IBM i platform only. IBM MQ Advanced Message Security has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2177...

Rhino Software Serv-U 'SITE SET' Command Denial Of Service vulnerability

This host is installed with Rhino Software Serv-U and is prone to Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: gbrhinosoftserv-usitesetdosvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ Rhino Software Serv-U 'SITE SET' Command Denial Of Service vulnerability Authors: Sharath S...

Serv-U < 9.0.0.1

The installed version of Serv-U is earlier than 9.0.0.1 and as such is reportedly affected by following issues : - Provided 'SITE SET' command is enabled, an authorized user may be able to crash the remote FTP server by sending a specially crafted 'SITE SET TRANSFERPROGRESS ON' command. - An...