Distributed Guessing Attack Reels in Payment Card Data

Academics at Newcastle University have proven that an attacker in possession of a minimal amount of existing information can, in an automated way, guess payment card data by exploiting weaknesses in online payment processes. The issue lies in the fact that the global payment system lacks a...

Threat Outbreak Alert RuleID26218: Email Messages Distributing Malicious Software on November 14, 2016

Medium Alert ID: 49704 First Published: 2016 November 15 15:44 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID26218 may contain the following files: Name |...

CVE-2016-6441

A vulnerability in the Transaction Language 1 TL1 code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. This vulnerability affects Cisco ASR 900 Series Aggregation Services Routers ASR902, ASR90...

Kernel: powerpc: tm: crash via exec system call on PPC

A vulnerability in the handling of Transactional Memory on powerpc systems was found. An unprivileged local user can crash the kernel by starting a transaction, suspending it, and then calling any of the exec class system calls...

Kernel: powerpc: kvm: Infinite loop via H_CEDE hypercall when running under hypervisor-mode

arch/powerpc/kvm/book3shvrmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIGKVMBOOK3S64HV is enabled, allows guest OS users to cause a denial of service host OS infinite loop by making a HCEDE hypercall during the existence of a suspended transaction...

Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability

The Cisco ASR 900 Series are modular aggregation services routers. The Cisco ASR 900 has a security vulnerability in the Transaction Language 1 TL1 code that could allow a remote attacker to cause a reload of the affected system and remotely execute arbitrary code...

CVE-2016-5920

Cross-site scripting XSS vulnerability in the Web UI in IBM Financial Transaction Manager FTM for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-5920

Cross-site scripting XSS vulnerability in the Web UI in IBM Financial Transaction Manager FTM for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-3060

Payments Director in IBM Financial Transaction Manager FTM for ACH Services, Check Services, and Corporate Payment Services CPS 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site...

CVE-2016-3060

Payments Director in IBM Financial Transaction Manager FTM for ACH Services, Check Services, and Corporate Payment Services CPS 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site...

Cross site scripting

Cross-site scripting XSS vulnerability in the Web UI in IBM Financial Transaction Manager FTM for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-3060

Payments Director in IBM Financial Transaction Manager FTM for ACH Services, Check Services, and Corporate Payment Services CPS 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site...

CVE-2016-3060

IBM Financial Transaction Manager (FTM) exposes CVE-2016-3060 across multiple components (ACH, Check, CPS). The vulnerability allows remote authenticated attackers to hijack user click actions via a crafted site (clickjacking). Affected versions include FTM CPS v2.1.1.0–v2.1.1.3 and FTM 3.0.0.x u...

CVE-2016-5920

CVE-2016-5920 is an XSS in the Web UI of IBM Financial Transaction Manager (FTM) for ACH Services. The vulnerability affects FTM for ACH 3.0.0.x (before fp0015) and 3.0.1.0 (before iFix0002), enabling remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM’s...

LocalTapiola: Lahitapiola´s customer names send to 3rd party

Issue The reporter found that a logged on customers real name but no further personal information could leak to a 3rd party site in certain transaction processes. Fix The issue was investigated and found to be valid. Reasoning The reported case was valid and although not a vulnerability as such, ...

CVE-2016-3341

The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Windows Transaction Manager Elevation of Privilege Vulnerability."...

Privilege escalation

The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Windows Transaction Manager Elevation of Privilege Vulnerability."...

Microsoft Transaction Manager Elevation of Privilege Vulnerability

Microsoft Windows is the popular computer operating system. An elevation of privilege vulnerability exists in Windows Transaction Manager fails to properly handle memory objects. It could allow an attacker to take control of an affected system via a constructed application...

MS16-123: Security Update for Windows Kernel-Mode Drivers (3192892)

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these, via a special...

Windows Transaction Manager Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability ...