CVE-2018-11542

A Remote Command Execution RCE vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the execution of arbitrary commands via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It...

CloudBees Jenkins URLTrigger Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task . URLTrigger Plugin is...

AT&T Bizcircle - Persistent Profile Cross Site Vulnerability

Document Title: =============== AT&T Bizcircle - Persistent Profile Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2108 AT&T Reference ID: 1502971499862 Vulnerability Magazine:...

AT&T Bizcircle - Persistent Profile Cross Site Vulnerability

Document Title: =============== AT&T Bizcircle - Persistent Profile Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2108 AT&T Reference ID: 1502971499862 Vulnerability Magazine:...

1000 Guess has an unspecified vulnerability

1000 Guess is an ethereum-based random number guessing game. A security vulnerability in the 'addguess' function of the implementation of the simplelottery smart contract in 1000 Guess stems from the program's use of publicly readable variables to generate random values. An attacker could exploit...

Design/Logic Flaw

An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the wFilemanager.php and index.php files of the /grid5/scripts/ modules. The injection point is located in the Project Title and the execution point occurs in the Inhaltsprojekt...

CVE-2018-13002

An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the wFilemanager.php and index.php files of the /grid5/scripts/ modules. The injection point is located in the Project Title and the execution point occurs in the Inhaltsprojekt...

CVE-2018-13002

The CVE-2018-13002 entry concerns Weblication CMS Core & Grid v12.6.24. A cross-site scripting (XSS) flaw exists in the wFilemanager.php and index.php files within the /grid5/scripts/ module. The vulnerability targets the Project Title field in the Inhaltsprojekte listing, allowing remote attacke...

What You Need To Know - Summer 2018 State of the Internet / Security: Web Attack Report

It's that time of year - the Summer 2018 State of the Internet / Security: Web Attack report is now live. This new naming schema is just one of the many changes you'll notice if you're a returning reader of quarterly report, and there are more changes coming as we work to bring you insights and...

Mozilla Firefox Security Advisories (MFSA2018-15, MFSA2018-17) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

UBUNTU-CVE-2018-12698

demangletemplate in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption aka OOM during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump...

CVE-2018-0359

A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because the affected...

CVE-2018-0364

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CS...

Google Developer Discovers a Critical Bug in Modern Web Browsers

Google researcher has discovered a severe vulnerability in modern web browsers that could have allowed websites you visit to steal the sensitive content of your online accounts from other websites that you have logged-in the same browser. Discovered by Jake Archibald, developer advocate for Googl...

Security Bulletin: Vulnerability in netcf affects PowerKVM (CVE-2014-8119)

Summary PowerKVM is affected by a vulnerability in netcf. This vulnerability is now fixed. Vulnerability Details CVEID: CVE-2014-8119 DESCRIPTION: The netcfg package in Linux is vulnerable to a denial of service, caused by the improper processing of XPath expressions by the findifcfgpath function...

Security Bulletin: IBM SmartCloud Orchestrator - Multiple security vulnerabilities exist in the IBM SDK, Java™ Technology Edition ( CVE-2014-4263, CVE-2014-4244)

Summary Multiple security vulnerabilities exist in the IBM SDK, Java™ Technology Edition, which is shipped with IBM SmartCloud Orchestrator. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit that is related to the Security component...

Security Bulletin: ClassLoader manipulation with Apache Struts affecting Tivoli Integrated Portal (CVE-2014-0114)

Summary There is a ClassLoader manipulation vulnerability in Apache Struts that is used by Tivoli Integrated Portal TIP & embedded Websphere Application Server eWAS Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts 1.X could allow a remote attacker to execute arbitrary code on...

Security Bulletin: IBM QRadar SIEM is vulnerable to incorrect permission assignment. (CVE-2017-1624)

Summary The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. Vulnerability Details CVEID: CVE-2017-1624 DESCRIPTION: IBM QRadar specifies permissions for a security-critical resource in a way that allow...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM InfoSphere Discovery (CVE-2015-7575)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM InfoSphere Discovery. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION...

Security Bulletin: A vulnerability in IBM Liberty affects IBM Algo One Core CVE-2017-1681

Summary A vulnerability in IBM Liberty affects IBM Algo One Core CVE-2017-1681 Vulnerability Details CVEID: CVE-2017-1681 DESCRIPTION: IBM WebSphere Application Server IBM Liberty for Java for Bluemix 3.15 could allow a local attacker to obtain sensitive information, caused by improper handling o...