Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Integrated Information Core (CVE-2015-0226)

Abstract IBM WebSphere Application Server v7.0 is shipped as a component of IBM Integrated Information Core. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Content Please consult the security bulletin Security...

Security Bulletin: IBM Sterling Order Management - Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Abstract Java API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...

WordPress plugin Download Manager 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

Security Bulletin: IBM Sterling Control Center Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Abstract Java API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Integrated Information Core

Abstract WebSphere Application Server is shipped as a component of IBM Integrated Information Core. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Content Vulnerability Details Please consult the security bulletin...

Security Bulletin: IBM Security SiteProtector System can be affected by a vulnerability in the IBM Eclipse Help System (IEHS) (CVE-2013-0467)

Abstract IBM Security SiteProtector System can be affected by a vulnerability in the IBM Eclipse Help System IEHS. This vulnerability could allow a remote attacker to obtain the source code of the Help System. Content VULNERABILITY DETAILS: CVEID: CVE-2013-0467 DESCRIPTION: IBM Security...

Security Bulletin: IBM Support Assistant Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Abstract Java™ API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...

Meet Prachi Shah, Senior Service Architect

Senior Service Architect Prachi Shah discusses how customer feedback plays a crucial role in product development at Akamai...

Malicious Package

Overview duckduckgo-privacy-extension is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

Friday Squid Blogging: Mayfly Squid

This is surprisingly funny. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

CVE-2021-41731

Cross Site Scripting XSS vulnerability exists in Sourcecodester News247 News Magazine CMS PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field...

CVE-2021-41731

Cross Site Scripting XSS vulnerability exists in Sourcecodester News247 News Magazine CMS PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field...

Cross site scripting

Cross Site Scripting XSS vulnerability exists in Sourcecodester News247 News Magazine CMS PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field...

CVE-2021-41731

Cross Site Scripting XSS vulnerability exists in Sourcecodester News247 News Magazine CMS PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field...

SuiteCRM authenticated SQL injection in export functionality

This module exploits an authenticated SQL injection in SuiteCRM in versions before 7.12.6. The vulnerability allows an authenticated attacker to send specially crafted requests to the export entry point of the application in order to retrieve all the usernames and their associated password from t...

Malicious Package

Overview vscode-regexp-languagedetection is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable i...

Malicious Package

Overview pages-plugins-example is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview medtimeline is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious Package

Overview middleware-bucket-endpoint is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

Malicious Package

Overview intergalactic-documentation is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if th...