211 matches found
SAP Focused Run 安全漏洞
Designed for organizations that require extensive system and application monitoring, alerting and analysis, SAP Focused Run supports hosting all customers in a scalable, secure and automated environment. An improper authorization vulnerability exists in SAP Focused RUN versions 200 and 300. The...
Threat matrix for storage services
The move to cloud is happening faster than ever before and organizations are increasing their dependency on cloud storage services. In fact, Microsoft Azure Storage services are one of the most popular services in the cloud. Companies need effective threat protection and mitigation strategies and...
Threat matrix for storage services
The move to cloud is happening faster than ever before and organizations are increasing their dependency on cloud storage services. In fact, Microsoft Azure Storage services are one of the most popular services in the cloud. Companies need effective threat protection and mitigation strategies and...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authentication Bypass
Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...
traveldataservice.de Cross Site Scripting vulnerability OBB-1367697
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
The vulnerability of the Windows Spatial Data Service in Windows operating systems allows attackers to exploit their privileges.
The vulnerability of the Windows Spatial Data Service for Windows operating systems exists due to errors in object processing in memory. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...
Microsoft Windows Spatial Data Service Spatial Data Service Privilege Elevation Vulnerability
Microsoft Windows is a set of operating systems for personal devices from Microsoft.Spatial Data Service is one of the spatial data service components. A security vulnerability exists in Spatial Data Service in Microsoft Windows 10 version 1903 that stems from a program not properly handling...
Windows Spatial Data Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Spatial Data Service improperly handles objects in memory. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation. To exploit this vulnerability, an attacker would first...
Adobe ColdFusion RDS Authentication Bypass Vulnerability
Adobe ColdFusion is a dynamic Web server with CFML ColdFusion Markup Language, a programming language. An authentication bypass vulnerability exists in Adobe ColdFusion RDS, which arises from a lack of authentication measures or insufficient authentication strength in a networked system or produc...
The Rise of “Bulletproof” Residential Networks
Cybercrooks increasingly are anonymizing their malicious traffic by routing it through residential broadband and wireless data connections. Traditionally, those connections have been mainly hacked computers, mobile phones, or home routers. But this story is about so-called "bulletproof residentia...
Valve: WG call injection in /economy/contextcommand
The vulnerability involved insufficient parameter validation in context-specific commands to a web-facing gateway. This allowed some economy queries to be executed outside the actual requesters' capability by confusing the type system. Bypasses for initial fixes were also provided...
The vulnerability of the userprefs component in the software platform for collaborative development of SAP NetWeaver Development Infrastructure Cockpit allows a attacker to execute arbitrary code.
The vulnerability of the userprefs component /nwdicockpit/srv/data/ of the software development platform for SAP NetWeaver Development Infrastructure Cockpit is related to the lack of protective measures for the web page structure. Exploiting this vulnerability allows a malicious actor to execute...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - April 2018 - Includes Oracle April 2018 CPU affects IBM InfoSphere Master Data Management
Summary IBM Initiate Master Data Service is vulnerable to Oracle Java SE and Java SE Embedded issues and could allow remote attackers to affect the confidentiality, integrity, and availability. Vulnerability Details CVEID: CVE-2018-2814 DESCRIPTION: An unspecified vulnerability related to the Jav...
The vulnerability of the Wireless Data Service module of the Qualcomm Data Services component in the Android operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Wireless Data Service module of the Qualcomm Data Services operating system in Android is caused by a buffer overflow in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected informatio...
Security Bulletin: IBM Tealeaf Customer Experience internal connections not encrypted (CVE-2015-4961)
Summary Internal connections between IBM Tealeaf Customer Experience servers use unencrypted HTTP. Vulnerability Details CVEID: CVE-2015-4961 DESCRIPTION: In an IBM Tealeaf environment with multiple servers, connections to the Tealeaf Data Service, Search Service, Replay Service, and Tracking...
Security Bulletin: Mulitiple security vulnerabilities in Apache CXF affects IBM InfoSphere Master Data Management (CVE-2016-6812 CVE-2016-8739 CVE-2017-5653 CVE-2017-5656 CVE-2017-3156)
Summary IBM Initiate Master Data Service is vulnerable to multiple Apache CXF issues and could allow remote attackers to steal a victim's cookie-based authentication credentials and read arbitrary files on the system. Vulnerability Details CVEID: CVE-2016-6812 DESCRIPTION: Apache CXF is vulnerabl...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Initiate Master Data Service (CVE-2016-3426, CVE- 2016-3427)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM Initiate Master Data Service. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details CVEID: CVE-2016-3427 DESCRIPTION: An unspecified...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM InfoSphere Master Data Management (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects OpenSSL. OpenSSL is used by IBM InfoSphere Master Data Management. IBM InfoSphere Master Data Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protoc...
Security Bulletin: Multiple Vulnerabilities in IBM Initiate Master Data Service (CVE-2014-4789, CVE-2014-4788, CVE-2014-4787, CVE-2014-4786, CVE-2014-4785, CVE-2014-4784, CVE-2014-4783)
Summary Multiple Vulnerabilities discovered in web UI components of IBM Initiate Master Data Service. Vulnerability Details CVE-ID: CVE-2014-4789 DESCRIPTION: IBM Initiate Master Data Service could allow a remote attacker to hijack a valid user's session, caused by the failure to update the sessi...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Initiate Master Data Service (CVE-2015-4872, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM Initiate Master Data Service. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. Vulnerabilit...