Security Bulletin: Vulnerabilities in OpenSSL affect IBM MQ Advanced Message Security (CVE-2016-2177, CVE-2016-2178)

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM MQ Advanced Message Security on the IBM i platform only. IBM MQ Advanced Message Security has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2177...

Security Bulletin: IBM WebSphere MQ Advanced Message Security for IBM i へのOpenSSLの脆弱性 (CVE-2016-2106, CVE-2016-2109)

Summary 2016年5月3日にOpenSSL Projectによって、OpenSSLの脆弱性が開示されました。 OpenSSLは、IBM WebSphere MQ Advanced Message Security for IBM iプラットフォームで使用されています。 IBM WebSphere MQは掲題のCVEに対処しました。 最新の情報については下記の文書（英語）をご参照ください。 Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ CVE-2016-2106, CVE-2016-210...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ (CVE-2016-2106, CVE-2016-2109)

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM WebSphere MQ. IBM WebSphere MQ has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2106 DESCRIPTION: OpenSSL is vulnerable to a heap-based buffer overflow, caused by...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ Advanced Message Security for IBM i, IBM WebSphere MQ Client for HP-NSS

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM WebSphere MQ Advanced Message Security for the IBM i platform, IBM WebSphere MQ HP-NSS and IBM WebSphere MQ Paho MQTT clients. IBM WebSphere MQ Advanced Message Security for the IBM i...

Security Bulletin: Vulnerability in OpenSSL affects IBM WebSphere MQ Advanced Message Security for IBM i platform (CVE-2014-3508)

Summary There is a vulnerability in OpenSSL that is used by IBM WebSphere MQ - Advanced Message Security. This issue was disclosed on August 6, 2014 by the OpenSSL project. Vulnerability Details CVE-ID: CVE-2014-3508 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...

Keeping your business and personal instant messages secure

Most people want to know their instant messages are securely wrapped up—whether that's for personal privacy or making sure online scammers can't grab the message content. If you're sending text on a sensitive topic, or perhaps some photo attachments intended for one person only, you definitely...

CVE-2017-1000054

Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages...

IBM MQ 8.x < 8.0.0.3 Multiple Information Disclosure (credentialed check)

The version of IBM MQ formerly IBM WebSphere MQ 8.x installed on the remote Windows host is missing fix pack 8.0.0.3 or later. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the Advanced Message Security policy when a JMS client application sends a message to the...

Atmail Webmail 7.2 - Multiple Vulnerabilities

Atmail Webmail 7.2 - Multiple Vulnerabilities Title: Atmail Webmail =7.2 - Multiple XSS & FPD Date: 01.27.2014 Vendor: atmail.com Version: =7.2 Latest ATM, tested also on 7.1.1 Authors: Smash & Brag / smashatdevilteam.pl PoC: poczta.pl / demo.atmail.com 1. Cross Site Scripting a GET -...

Gnome Evolution 2.x GnuPG Arbitrary Content Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22760/info Evolution is prone to a vulnerability that may allow an attacker to add arbitrary content into a message without the end user knowing. An attacker may be able to exploit this issue to add arbitrary content into...

miSecureMessages 4.0.1 - Session Management / Authentication Bypass

Affected Product ================================== miSecureMessages from Amtelco - Tested on version: Client=4.0.1 Server=6.2.4552.30017 iOS: https://itunes.apple.com/us/app/misecuremessages/id423957478?mt=8 android: https://play.google.com/store/apps/details?id=com.amtelco.secure website:...

CVE-2011-4601

familyfeedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service application crash via a crafted 1 AIM or 2 ICQ message associated with buddy-list addition...

Source Code of Crypo.com Available to Download !

Source Code of Crypo.com Available to Download ! The Source Code of Crypo.com , One of the Famous Free Online Encryption Service is now available to download form a File sharing website. This Script will encrypt your messages using a strong encryption algorithm, and then your information will be...

MVSA-10-001 - Google Message Security SaaS - SQL Injection vulnerabilities

Security Advisory: MVSA-10-001 Vendor: Google Service: Google Message Security SaaS powered by Postini - Message Center II Vulnerabilities: SQL Injection Risk: High Attack Vector: From Remote Authentication: Required Reference: http://www.ventuneac.net/security-advisories/MVSA-10-001...

MVSA-10-002 - Google Message Security SaaS - Multiple XSS vulnerabilities

Security Advisory: MVSA-10-002 Vendor: Google Service: Google Message Security SaaS powered by Postini - Security Console Admin Console - Message Center Classic - Message Center II Vulnerabilities: Multiple Cross-Site Scripting XSS Risk: High Attack Vector: From Remote Authentication: Required...

Google Message Security SaaS multiple security vulnerabilities

Crossite scripting, SQL injection...

Google Message Security SaaS Cross Site Scripting

Security Advisory: MVSA-10-002 Vendor: Google Service: Google Message Security SaaS powered by Postini - Security Console Admin Console - Message Center Classic - Message Center II Vulnerabilities: Multiple Cross-Site Scripting XSS Risk: High Attack Vector: From Remote Authentication: Required...

cups-lpr -- lppasswd multiple vulnerabilities

D. J. Bernstein reports that Bartlomiej Sieka has discovered several security vulnerabilities in lppasswd, which is part of CUPS. In the following excerpt from Bernstein's email, CVE names have been added for each issue: First, lppasswd blithely ignores write errors in fputsline,outfile at lines...

CVE-2004-1075

Cross-site scripting XSS vulnerability in standarderrormessage.dtml for Zwiki after 0.10.0rc1 to 0.36.2 allows remote attackers to inject arbitrary HTML and web script via a malformed URL, which is not properly cleansed when generating an error message...

CVE-2002-1307

Cross-site scripting vulnerability XSS in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name...