RedHat JBoss BRMS and BPM Suite Cross-Site Scripting Vulnerability

RedHat JBoss BRMS is a comprehensive business process automation platform that integrates business rules management, business process management BPM and complex event processing CEP into a single open source solution. A cross-site scripting vulnerability exists in RedHat JBoss BRMS and BPM Suite...

RedHat JBoss BRMS and BPM Suite HTML Injection Vulnerability

Red Hat JBoss BRMS is a comprehensive business process automation platform that integrates business rules management, business process management BPM and complex event processing CEP into a single open source solution. An HTML injection vulnerability exists in Red Hat JBoss BRMS and BPM Suite due...

CVE-2016-5401

Cross-site request forgery CSRF vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page...

util-linux: Sending SIGKILL to other processes with root privileges via su

A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions...

CentOS 6 : coreutils (CESA-2017:0654)

An update for coreutils is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Red Hat JBoss BPMS Cross-Site Scripting Vulnerability

Red Hat JBoss BPM Suite is a business process management platform from Red Hat, Inc. that brings together all the features of JBoss BRMS. The platform provides additional support for modeling, automation, simulation and business process monitoring. A cross-site scripting vulnerability exists in R...

util-linux: Sending SIGKILL to other processes with root privileges via su

A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions...

SUSE-SU-2017:0553-1 Security update for util-linux

This update for util-linux fixes a number of bugs and two security issues. The following security bugs were fixed: - CVE-2016-5011: Infinite loop DoS in libblkid while parsing DOS partition bsc988361 - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to select...

CVE-2017-2616

A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions...

Stored XSS in business process editor

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before...

Multiple HTML Injection Vulnerabilities in Red Hat JBoss BPMS

Red Hat JBoss BPMS is a business process management platform from Red Hat that combines all the features of JBoss BRMS. The platform provides additional support for modeling, automation, simulation, and business process monitoring. Red Hat JBoss BPMS has multiple HTML injection vulnerabilities th...

Red Hat JBoss BPMS Information Disclosure Vulnerability

Red Hat JBoss BPMS is a business process management platform from Red Hat that combines all the features of JBoss BRMS. The platform provides additional support for modeling, automation, simulation, and business process monitoring. A remote information disclosure vulnerability exists in Red Hat...

CVE-2016-0349

IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call...

Certec EDV atvise SCADA Server 2.5.9 - Local Privilege Escalation

Certec EDV atvise SCADA server 2.5.9 Privilege Escalation Vulnerability Vendor: Certec EDV GmbH Product web page: http://www.atvise.com Affected version: 2.5.9 Summary: atvise scada is based on newest technologies and standards: The visualization in pure web technology as well as a consistent...

kingdee EAS系统 V7.5 /plt_iservice/service/findFavList.action 远程命令执行漏洞

0x01 框架介绍 全球第一款融合TOGAF标准SOA架构的企业管理软件，金蝶EAS面向亟待跨越 成长鸿沟的大中型企业，以"创造无边界信息流"为产品设计理念， 支持云计算、SOA 和动态流程管理的整合技术平台，全面覆盖企业战略管理、风险管理、集团财务管 理、战略人力资源管理、跨组织供应链、多工厂制造和外部产业链等管理领域，突破 流程制造、项目制造、供应商协作、客户协作等复杂制造和产业链协同应用，实现业 务的全面管理，支持管理创新与发展，帮助企业敏捷应对日益复杂的商业环境变化， 提升整体运作效率，实现效益最大化。 官方主页：www.kingdee.com 0x02 漏洞细节...

B374K - PHP Webshell with handy features

This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel, connecting using ssh, ftp etc. All actions take place within a web browser. Features : File manager view, edit, rename, delete, upload, download, archiver, etc Search file, file content,...

Command injection

The process-management implementation in Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272...

Cisco TelePresence VCS Expressway Process Management Elevation of Privilege Vulnerability

Cisco TelePresence VCS Expressway is a video conferencing application. A security vulnerability in the Cisco TelePresence VCS Expressway process management code allows local users to exploit the vulnerability to execute arbitrary commands with ROOT privileges...

Cisco TelePresence Video Communication Server (VCS) Expressway Privilege Escalation Vulnerability

A vulnerability in the process management code of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to run arbitrary programs with elevated privileges. The vulnerability is due to the failure to protect a supervised process. An attacker...

[SECURITY] Fedora 22 Update: uwsgi-2.0.11.1-1.fc22

uWSGI is a fast pure C, self-healing, developer/sysadmin-friendly application container server. Born as a WSGI-only server, over time it has evolved in a complete stack for networked/clustered web applications, implementing message/object passing, caching, RPC and process management. It uses the...