Atlassian Crucible Server 3.9.x < 3.9.2 Multiple Vulnerabilities

Binary data 9781.prm...

Splunk Enterprise Multiple Vulnerabilities (Nov 2016)

Splunk Enterprise is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:splunk:splunk"; if...

VMware vRealize Operations REST API Deserialization Vulnerability (VMSA-2016-0020)

VMware vRealize Operations is prone to a deserialization vulnerability in its REST API implementation. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

VMSA-2016-0020:vRealize Operations update addresses REST API deserialization vulnerability

VMSA-2016-0020 vRealize Operations update addresses REST API deserialization vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0020 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: vRealize Operations update addresses REST API...

Spring Data JPA Blind SQL Injection Vulnerability

PoC for blind SQL injection bug found in Solita Webhack 2016. Founders: Niklas Särökaari, Joona Immonen Analysis: Arto Santala, Niklas Särökaari, Joona Immonen, Antti Virtanen, Michael Holopainen PoC: Antti Ahola, Antti Virtanen CVE: https://pivotal.io/security/cve-2016-6652 This has been fixed i...

Atlassian JIRA 6.4.x < 6.4.10 CSRF / XSRF (Bar Mitzvah)

Binary data 9736.prm...

Atlassian JIRA 6.4.x < 6.4.9 Multiple Vulnerabilities

Binary data 9735.prm...

Censys Search

The module uses the Censys REST API to access the same data accessible through the web interface. The search endpoint allows queries using the Censys Search Language against the Hosts dataset. Setting the CERTIFICATES option will also retrieve the certificate details for each relevant service by...

Empty REST API result return for User without Browse Users permission

h3. Summary User A who do not have permission to Browse Users but have Administrator and/or System Administrator will have REST API result return empty. As an example of the json data return: code:borderStyle=dashed code h3. Steps to Reproduce Create User A Gives User A permission to Administrato...

RHEL 7 : org.ovirt.engine-root (RHSA-2016:1967)

An update for org.ovirt.engine-root is now available for RHEV Engine version 4.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: org.ovirt.engine-root security, bug fix, and enhancement update

An update for org.ovirt.engine-root is now available for RHEV Engine version 4.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 6 : Virtualization Manager (RHSA-2016:1929)

An update for org.ovirt.engine-root is now available for RHEV Manager version 3.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: Red Hat Virtualization Manager (RHV) bug fix 3.6.9

An update for org.ovirt.engine-root is now available for RHEV Manager version 3.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

WooCommerce <= 2.6.3 - Stored Cross Site Scripting (XSS) via REST API

The WooCommerce WordPress plugin was affected by a Stored Cross Site Scripting XSS via REST API security vulnerability...

IBM WebSphere Portal Information Disclosure Vulnerability

IBM WebSphere Portal is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF19 PI51395 and PI53426 Multiple Vulnerabilities

The version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF19 with interim fixes PI51395 and PI53426. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Portal AccessControl REST API that allows an...

JSON export doesn't differentiate public from internal comments

h4. +Summary+ Currently, when exporting a SD request to JSON format, it's not possible to tell which comment is internal or public from the JSON file. h4. +Steps to reproduce+ Go to Manage add-ons - All add-ons - jira-importers-plugin - Enable JSON export Create an SD request and add one internal...

JSON export doesn't differentiate public from internal comments

h4. +Summary+ Currently, when exporting a SD request to JSON format, it's not possible to tell which comment is internal or public from the JSON file. h4. +Steps to reproduce+ Go to Manage add-ons - All add-ons - jira-importers-plugin - Enable JSON export Create an SD request and add one internal...

Docker Engine Detection (HTTP REST API)

HTTP REST API based detection of Docker Engine. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

CVE-2016-2923

IBM WebSphere Application Server WAS 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script acces...