4195 matches found
CVE-2019-5720
includes/db/class.reflinesdb.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the voidtransaction.php filterType parameter...
Digging Up the Past: Windows Registry Forensics Revisited
ARCHIVED STORY Digging Up the Past: Windows Registry Forensics Revisited By David Via · Jan 08, 2019 Introduction FireEye consultants frequently utilize Windows registry data when performing forensic analysis of computer networks as part of incident response and compromise assessment missions. Th...
Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition
Overview The Microsoft Windows Kernel Transaction Manager KTM is vulnerable to a race condition because it fails to properly handle objects in memory, which can result in local privilege escalation. Description CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization 'Rac...
Security Bulletin: Financial Transaction Manager for Corporate Payment Services v2.1.1 is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871)
Summary IBM Financial Transaction Manager for Corporate Payment Services FTM CPS for Multi-Platform v2.1.1 has addressed the following vulnerability. A potential cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali...
Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by vulnerabilities in IBM Java Runtime
Summary Financial Transaction Manager for Corporate Payment Services for Multi-Platform FTM CPS v2.1.1 has addressed the following vulnerability. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 that has addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: Financial Transaction Manager for ACH Services for Multi-Platform is affected by vulnerabilities in IBM Java Runtime
Summary Financial Transaction Manager for ACH Services for Multi-Platform has addressed the following vulnerability. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 or Version 8 that has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-3180...
Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack
Microsoft today, on its year-end December Patch Tuesday, released security updates to patch a total 39 vulnerabilities its Windows operating systems and applications—10 of which are rated as critical and other important in severity. One of the security vulnerabilities patched by the tech giant th...
Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)
Executive summary In October 2018, our AEP Automatic Exploit Prevention systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis led us to uncover a zero-day vulnerability in ntoskrnl.exe. We reported it to Microsoft on October 29, 2018. T...
CVE-2018-1871
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
CVE-2018-1871
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
Cross site scripting
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
CVE-2018-1871
CVE-2018-1871 is an XSS vulnerability in IBM Financial Transaction Manager family (Multi-Platform) affecting several 3.x line components. Affected are IBM FTM for Digital Payments on Multi-Platform versions 3.0.0.0, 3.0.2, and 3.0.5, with potential to embed arbitrary JavaScript in the Web UI and ...
CVE-2018-1871
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by Financial Transaction Manager for Corporate Payment Services. Financial Transaction Manager for Corporate Payment Services FTM CPS has addressed the applicable CVEs. Vulnerability Details CVEID:...
Xen Project HLE Transaction 'XACQUIRE' DoS (XSA-282)
According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a guest-to-host denial of service vulnerability. Only Intel based x86 systems are affected. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with this...
Governikus Autent SDK 3.8.1 Signature Bypass
An additional blog post has been published on this topic as well: English version: https://r.sec-consult.com/governikus German version: https://r.sec-consult.com/gov SEC Consult Vulnerability Lab Security Advisory ======================================================================= title:...
Code injection
In some SAP standard roles, in SAPABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality...
CVE-2018-2481
In some SAP standard roles, in SAPABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality...
CVE-2018-2481
In some SAP standard roles, in SAPABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality...