Input validation

A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper input and validation checks for certain file...

Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability

A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper input and validation checks for certain file...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. These issues were disclosed as part of the IBM...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. These issues were disclosed as part of the IBM...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for Email, IBM Content Collector for File Systems, IBM Content Collector for SharePoint and IBM Content Collector for IBM Connections

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by IBM Content Collector for Email, IBM Content Collector for File Systems, IBM Content Collector for SharePoint and IBM Content Collector for IBM Connections. These...

Security Bulletin: IBM Content Collector for Emails,IBM Content Collector for File Systems, IBM Content Collector for SharePoint and IBM Content Collector for IBM Connections affected by vulnerabilities in International Components for Unicode library

Summary IBM Content Collector for Emails,IBM Content Collector for File Systems,IBM Content Collector for SharePoint and Content Collector for IBM Connections is affected by following vulnerabilities present in the International Components for Unicode ICU library. ICU is vulnerable to a stack-bas...

Security Bulletin: OpenSource Apache Struts vulnerability in IBM Content Collector for File Systems

Summary Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system...

Security Bulletin: OpenSource Apache Struts vulnerabilities in IBM Content Collector for File Systems

Summary Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code...

Security Bulletin: GSKit Sweet32: Birthday attacks in IBM Content Collector for File Systems

Summary OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2016 - Includes Oracle Oct 2016 CPU affect IBM Content Collector for File Systems

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by Content Collector for File Systems Vulnerability Details CVEID: CVE-2016-5582 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE Embedded relat...

Input validation

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System UCS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation...

Information Exposure on Case Insensitive File Systems

Overview Versions of serve before 7.0.0 are vulnerable to information exposure, bypassing the ignore security control, but only on case insensitive file systems. Recommendation Update to version 7.0.0 or later. References - HackerOne Report - GitHub Advisory...

DLINK DCS-5020L wireless cloud camera remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

This article is mainly to demonstrate, how to find IOT device vulnerability. Look for the following commands of the injection process can be divided into 3 steps, somewhat similar to the 100 point CTF challenge: download the binary file, run the string, the tracking system calls to the origin of...

May 8, 2018—KB4103715 (Security-only update)

May 8, 2018—KB4103715 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that may cause an error when connecting to a Remote Desktop server. F...

spring-framework: Directory traversal vulnerability with static resources on Windows filesystems

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. When static resources are served from a file system on Windows as opposed to the classpath, or...

February 13, 2018—KB4074589 (Security-only update)

February 13, 2018—KB4074589 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Security updates to Windows Graphics, Windows Kernel, Common Log File System drive...

February 13, 2018—KB4074587 (Security-only update)

February 13, 2018—KB4074587 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Security updates to Windows Graphics, Windows Kernel, Common Log File System drive...

[SECURITY] Fedora 25 Update: fedora-arm-installer-2.1-1.fc25

Allows one to first select a source image local or remote. The image must be a binary file containing: MBR + Partitions + File Systems + Data. A destination block device should then be selected for final installation...

[SECURITY] Fedora 26 Update: fedora-arm-installer-2.1-1.fc26

Allows one to first select a source image local or remote. The image must be a binary file containing: MBR + Partitions + File Systems + Data. A destination block device should then be selected for final installation...

Joyent SmartOS Hyprlofs FS IOCTL Native File System path Buffer Overflow Privilege Escalation Vulnerability(CVE-2016-9033)

Summary An exploitable buffer overflow exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer...