CVE-2016-8534

A remote privilege elevation vulnerability in HPE Matrix Operating Environment version 7.6 was found...

CVE-2016-8533

CVE-2016-8533 describes a remote privilege-escalation in HPE Matrix Operating Environment 7.6 (and SIM 7.6 per CNVD) that can be exploited over the network to raise privileges. CVSSv3 score is 8.8 HIGH (network, low privileges required, no user interaction). The root cause is not explicitly detai...

CVE-2016-8534

CVE-2016-8534 corresponds to a remote privilege-elevation vulnerability in HPE Matrix Operating Environment (MOE) 7.6; CNVD-2018-05101 also states SIM (Systems Insight Manager) 7.6 is affected. The vulnerability allows an attacker to elevate privileges on affected MOE/SIM installations. Documente...

CVE-2017-8972

A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found...

CVE-2017-5784

A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found...

CVE-2016-8531

A remote information disclosure vulnerability in HPE Matrix Operating Environment version 7.6 was found...

CVE-2016-8532

Affected products: HPE Matrix Operating Environment Software (v7.6) and Systems Insight Manager (SIM) Software (v7.6). Vulnerability: Cross-site scripting in the web interface. Root cause / exploitability: XSS vulnerability that could allow a remote attacker to inject arbitrary Web script or HTML...

CVE-2017-5783

CVE-2017-5783 describes a remote clickjacking vulnerability affecting HPE Matrix Operating Environment (MEO) v7.6 (and SIM 7.6 per CNVD). The root cause involves a clickjacking weakness that could allow a remote attacker to hijack click-to-operate sessions. Exploit specifics, affected subcomponen...

CVE-2017-5784

CVE-2017-5784 : A missing HSTS header vulnerability affects Hewlett Packard Enterprise’s Matrix Operating Environment (MOE) version 7.6. The CVE entry notes HSTS misconfiguration as the underlying issue, with CVSS metrics indicating a Medium severity (CVSSv2 base 5.8, CVSSv3 base 6.5). Connected ...

CVE-2017-8970

CVE-2017-8970 affects HPE Matrix Operating Environment 7.6 LR1. The linked NVD entry documents a remote, unauthenticated information-disclosure vulnerability (network attack, low complexity) with partial confidentiality impact and no integrity/availability impact per CVSS metrics. No additional e...

CVE-2017-8973

An improper input validation vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found...

CVE-2017-8971

A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found...

EZSA-2018-001 Several vulnerabilities in Forgot password, Information collector, XML text, and Matrix field type features

More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-001-several-vulnerabilities-in-forgot-password-information-collector-xml-text-and-matrix-field-type-features...

DEBIAN-CVE-2017-18027

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file...

Partner Perspectives: Red Canary ATT&CKs (Part 1): Why We’re Using ATT&CK Across Red Canary

Editor's Note: This blog originally appeared on RedCanary.com Information security is grounded in risk management. And, because what gets measured gets managed, we rely on a variety of frameworks and key performance indicators to tell us whether we’re moving in the right direction. Frameworks lik...

PHP Scripts Mall MLM Forced Matrix SQL Injection Vulnerability

PHP Scripts Mall MLM Forced Matrix is a set of PHP based online marketing website scripts by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall MLM Forced Matrix version 2.0.9. A remote attacker can exploit the vulnerability by sending the 'newid' parameter to the...

CVE-2017-17636

MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter...

CVE-2017-17636

MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter...

Sql injection

MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter...

CVE-2017-17636

MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter...