Lucene search
K

4195 matches found

OSV
OSV
added 2019/01/08 10:29 a.m.2 views

CVE-2019-5720

includes/db/class.reflinesdb.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the voidtransaction.php filterType parameter...

9.8CVSS7.4AI score0.01537EPSS
Exploits1References1
Trellix
Trellix
added 2019/01/08 12:0 a.m.10 views

Digging Up the Past: Windows Registry Forensics Revisited

ARCHIVED STORY Digging Up the Past: Windows Registry Forensics Revisited By David Via · Jan 08, 2019 Introduction FireEye consultants frequently utilize Windows registry data when performing forensic analysis of computer networks as part of incident response and compromise assessment missions. Th...

6.9AI score
Exploits0
CERT
CERT
added 2019/01/04 12:0 a.m.76 views

Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition

Overview The Microsoft Windows Kernel Transaction Manager KTM is vulnerable to a race condition because it fails to properly handle objects in memory, which can result in local privilege escalation. Description CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization 'Rac...

7.8CVSS8.6AI score0.04161EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/14 12:40 p.m.16 views

Security Bulletin: Financial Transaction Manager for Corporate Payment Services v2.1.1 is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871)

Summary IBM Financial Transaction Manager for Corporate Payment Services FTM CPS for Multi-Platform v2.1.1 has addressed the following vulnerability. A potential cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali...

5.4CVSS1.2AI score0.00968EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/14 12:40 p.m.14 views

Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by vulnerabilities in IBM Java Runtime

Summary Financial Transaction Manager for Corporate Payment Services for Multi-Platform FTM CPS v2.1.1 has addressed the following vulnerability. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 that has addressed the applicable CVEs. Vulnerability Details CVEID:...

6.8CVSS2.2AI score0.03392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/12 6:45 p.m.26 views

Security Bulletin: Financial Transaction Manager for ACH Services for Multi-Platform is affected by vulnerabilities in IBM Java Runtime

Summary Financial Transaction Manager for ACH Services for Multi-Platform has addressed the following vulnerability. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 or Version 8 that has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-3180...

6.8CVSS2.7AI score0.03392EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2018/12/12 8:48 a.m.173 views

Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack

Microsoft today, on its year-end December Patch Tuesday, released security updates to patch a total 39 vulnerabilities its Windows operating systems and applications—10 of which are rated as critical and other important in severity. One of the security vulnerabilities patched by the tech giant th...

7.8CVSS9.5AI score0.0583EPSS
Exploits0
Securelist
Securelist
added 2018/12/12 8:0 a.m.574 views

Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)

Executive summary In October 2018, our AEP Automatic Exploit Prevention systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis led us to uncover a zero-day vulnerability in ntoskrnl.exe. We reported it to Microsoft on October 29, 2018. T...

7.2CVSS0.2AI score0.69833EPSS
Exploits9
NVD
NVD
added 2018/12/06 2:29 p.m.17 views

CVE-2018-1871

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

5.4CVSS5.2AI score0.00968EPSS
Exploits0References3
OSV
OSV
added 2018/12/06 2:29 p.m.3 views

CVE-2018-1871

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

5.4CVSS5.4AI score0.00968EPSS
Exploits0References3
Prion
Prion
added 2018/12/06 2:29 p.m.12 views

Cross site scripting

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

3.5CVSS5.2AI score0.00968EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/12/06 2:0 p.m.47 views

CVE-2018-1871

CVE-2018-1871 is an XSS vulnerability in IBM Financial Transaction Manager family (Multi-Platform) affecting several 3.x line components. Affected are IBM FTM for Digital Payments on Multi-Platform versions 3.0.0.0, 3.0.2, and 3.0.5, with potential to embed arbitrary JavaScript in the Web UI and ...

5.4CVSS5.2AI score0.00968EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/12/06 2:0 p.m.16 views

CVE-2018-1871

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

5.4CVSS5.2AI score0.00968EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/29 11:35 a.m.29 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by Financial Transaction Manager for Corporate Payment Services. Financial Transaction Manager for Corporate Payment Services FTM CPS has addressed the applicable CVEs. Vulnerability Details CVEID:...

7.8CVSS0.8AI score0.15934EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/11/29 12:0 a.m.39 views

Xen Project HLE Transaction 'XACQUIRE' DoS (XSA-282)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a guest-to-host denial of service vulnerability. Only Intel based x86 systems are affected. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did...

6.5CVSS7.1AI score0.00454EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/26 10:30 a.m.44 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with this...

8.3CVSS0.5AI score0.04676EPSS
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2018/11/21 12:0 a.m.259 views

Governikus Autent SDK 3.8.1 Signature Bypass

An additional blog post has been published on this topic as well: English version: https://r.sec-consult.com/governikus German version: https://r.sec-consult.com/gov SEC Consult Vulnerability Lab Security Advisory ======================================================================= title:...

0.4AI score
Exploits0
Prion
Prion
added 2018/11/13 8:29 p.m.15 views

Code injection

In some SAP standard roles, in SAPABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality...

6.5CVSS7AI score0.01457EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/11/13 8:29 p.m.15 views

CVE-2018-2481

In some SAP standard roles, in SAPABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality...

7.2CVSS7AI score0.01457EPSS
Exploits0References3
OSV
OSV
added 2018/11/13 8:29 p.m.3 views

CVE-2018-2481

In some SAP standard roles, in SAPABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality...

7.2CVSS5.8AI score0.01457EPSS
Exploits0References3
Rows per page
Query Builder