Security Bulletin: IBM Atlas eDiscovery Process Management vulnerable to SQL injection.

Summary Atlas eDiscovery Process Management has addressed vulnerablility due to SQL injection, where a remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. Vulnerability Details CVEID:...

Security Bulletin: IBM Atlas eDiscovery Process Management vulnerable to unsafe third-party links.

Summary Atlas eDiscovery Process Management has addressed the following vulnerability: An authenticated attacker could obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. The third-party links with target="blank" attribute and no rel="noopener noreferrer"...

Security Bulletin: OpenSource Apache Taglibs Vulnerability affects Atlas Policy Suite (CVE-2015-0254)

Summary Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection XXE error when processing XML data. Vulnerability Details CVEID: CVE-2015-0254 DESCRIPTION: Apache Standard Taglibs could allow a remote attacker to...

Multitor - A Tool That Lets You Create Multiple TOR Instances With A Load-Balancing

A tool that lets you create multiple TOR instances with a load-balancing traffic between them by HAProxy. It's provides one single endpoint for clients. In addition, you can view previously running TOR processes and create a new identity for all or selected processes. The multitor has been...

[SECURITY] Fedora 28 Update: procps-ng-3.3.12-2.fc28

The procps package contains a set of system utilities that provide system information. Procps includes ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch and pwdx. The ps command displays a snapshot of running processes. The top command provides a repetitive update of the...

Stack overflow

A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro ProConOS v.4.01.280 firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted packets on Port 20547...

CVE-2018-5452

A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro ProConOS v.4.01.280 firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted packets on Port 20547...

CVE-2018-5452

The CVE-2018-5452 vulnerability affects Emerson ControlWave Micro Process Automation Controller (ProConOS v.4.01.280; firmware CWM v.05.78.00 and earlier). It is a stack-based buffer overflow triggered by crafting packets to port 20547, which can cause the PLC to halt. Impact described includes p...

CVE-2018-5452

A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro ProConOS v.4.01.280 firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted packets on Port 20547...

IBM Atlas eDiscovery Process Management Cross-Site Scripting Vulnerability

IBM Atlas eDiscovery Process Management helps attorneys, paralegals, and evidence supervisors rigorously and logically manage legal evidence retention workflows. A cross-site scripting vulnerability exists in IBM Atlas eDiscovery Process Management 6.0.3. The vulnerability can be exploited to emb...

CVE-2017-1354

IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

CVE-2017-1356

IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683...

Information disclosure

IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680...

CVE-2017-1354

The CVE-2017-1354 entry concerns IBM Atlas eDiscovery Process Management. A cross-site scripting (XSS) vulnerability affects Atlas eDiscovery Process Management 6.0.3 (specifically 6.0.3.0 to 6.0.3.5). The underlying issue allows an attacker to inject arbitrary JavaScript into the Web UI, potenti...

CVE-2017-1355

IBM Atlas eDiscovery Process Management stores sensitive information in URL parameters, enabling potential information disclosure via server logs, referrers, or browser history. Affected: 6.0.3 through 6.0.3.5. CVSS v3 base 3.7. Remediation: upgrade to 6.0.3 Fix Pack 6 (6.0.3 FP6).

CVE-2017-1356

Affected product: IBM Atlas eDiscovery Process Management. Vulnerability: SQL injection in versions 6.0.3 – 6.0.3.5 due to insufficient input filtering, enabling a remote attacker to view, add, modify, or delete data in the backend database. Root cause (as stated): vulnerability to SQL injection....

CVE-2017-1353

IBM Atlas eDiscovery Process Management 6.0.3–6.0.3.5 is vulnerable to an information-disclosure issue where an authenticated attacker could obtain sensitive data when a user clicks unsafe third-party links. The root cause is that links with target="_blank" and no rel="noopener noreferrer" grant ...

IBM Atlas eDiscovery Process Management SQL Injection Vulnerability

IBM Atlas eDiscovery Process Management is a product within the Information Lifecycle Governance solution from IBM USA that is used to help attorneys, paralegals, and evidence supervisors rigorously and logically manage legal evidence retention workflows. A SQL injection vulnerability exists in I...

IBM Atlas eDiscovery Process Management Information Disclosure Vulnerability

IBM Atlas eDiscovery Process Management is a product within the Information Lifecycle Governance solution from IBM USA that is used to help attorneys, paralegals, and evidence supervisors rigorously and logically manage legal evidence retention workflows. An information disclosure vulnerability...

Supervisor Remote Command Execution Vulnerability

Supervisor is a client/server system developed in Python that manages and monitors processes on UNIX-like operating systems. It can start and shut down multiple processes at the same time. A remote command execution vulnerability exists in Supervisor. It allows a remote user to execute arbitrary...