Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2016 CPU (CVE-2016-3485)

Summary There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in July 2016. These may affect some configurations of IBM WebSphere Application Server Full Profile,...

Security Bulletin: Multiple Vulnerabilities in IBM SDK Java Technology Edition, Version 8.0 affect IBM Development Package for Apache Spark

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is used by IBM Development Package for Apache Spark. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details The IBM Development Package for Apache Spark ...

Security Bulletin: IBM MQIPT is affected by multiple vulnerabilities in IBM SDK, Java™ Technology Edition, Version 7 (CVE-2015-0488, CVE-2015-0478. CVE-2015-2808, CVE-2015-1916, CVE-2015-0204, CVE-2015-2613, CVE-2015-2601, CVE-2015-1931, CVE-2015-2625)

Summary Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of IBM WebSphere MQ Internet Pass-Thru MQIPT. Patches for these are available in IBM SDK, Java™ Technology Edition, Version 7 Service Refresh 9 Fix Pack 10 7.0.9.10 Vulnerability Details CVEID:...

Design/Logic Flaw

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability...

CVE-2018-10509

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability...

CVE-2018-10509

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability...

CVE-2018-10509

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability...

CVE-2018-10509

Trend Micro OfficeScan 11.0 SP1 and XG are affected by CVE-2018-10509 via a Browser Refresh attack. An AD-logged-on attacker can exploit the vulnerability. Root cause described in CNVD as improper validation of user-supplied data length before buffer initialization (possible kernel privileges esc...

Monero: Misreporting of received amount by show_transfers

Summary: A sender may cause showtransfers to report a higher amount that was actually sent on the recipient's showtransfers output. Description: Due to a flaw in processnewtransaction in wallet2.cpp, if the tx pubkey is present multiple times, it will decode outputs correctly as many times, and a...

Design/Logic Flaw

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara...

MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting

Exploit Title: MyBB ChangUonDyU Advanced Statistics Plugin v1.0.2 - Cross-Site Scripting Date: 5/25/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1125 Version: 1.0.2 Tested on: Ubuntu 18.04 CVE: CVE-2018-11532 1...

OPENSUSE-SU-2018:1329-1 Security update for enigmail

This update for enigmail to version 2.0.4 fixes multiple issues. Security issues fixed: - CVE-2017-17688: CFB gadget attacks allowed to exfiltrate plaintext out of encrypted emails. enigmail now fails on GnuPG integrity check warnings for old Algorithms bsc1093151 - CVE-2017-17689: CBC gadget...

OPENSUSE-SU-2018:1330-1 Security update for enigmail

This update for enigmail to version 2.0.4 fixes multiple issues. Security issues fixed: - CVE-2017-17688: CFB gadget attacks allowed to exfiltrate plaintext out of encrypted emails. enigmail now fails on GnuPG integrity check warnings for old Algorithms bsc1093151 - CVE-2017-17689: CBC gadget...

FAQ: Citrix Secure Mail APNS for IT Admins

This article provides answers to frequently asked questions onCitrix Secure Mail APNS forIT Admins.For more information on Push Notifications for Secure Mail, refer to Citrix Documentation - Rich Push Notifications for Secure Mail for iOS. General Overview Q1: Why does Secure Mail for iOS require...

Cloud Controller, cf-deployment and cf-release authentication vulnerabilities

Cloud Foundry is an open source Platform-as-a-Service PaaS cloud computing platform from the Cloud Foundry Foundation in the United States, which provides container scheduling, continuous delivery, and automated service deployment, among other features. cf-release is a release version of CF...

CVE-2018-1195

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...

Improper access control

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...

CVE-2018-1195

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...

CVE-2018-5983

SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request...

Semrush: [oauth token leak] at oauth.semrush.com

Domain, site, application --- oauth.semrush.com Steps to reproduce --- 1 Create following html at attacker.com/postmessage.html function listenerevent alertJSON.stringifyevent.data; var dest =...