Lucene search
K

7666 matches found

CVE
CVE
added 2017/06/07 5:0 p.m.52 views

CVE-2017-1125

CVE-2017-1125 affects IBM Cognos Analytics 10.1 and 10.2, allowing a local user to craft a URL that confirms existence of and excerpts from a file on the server (information disclosure). Root cause is a URL-based confirmation/exposure mechanism for local files. Impact is partial confidentiality l...

3.3CVSS5.4AI score0.00347EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2017/06/06 2:44 p.m.21 views

HackerOne: Invitation tokens leak to Google Analytics

Hi, While testing i have noticed that , the hackerone invitation token gets exposed to google-anaytics.com How? Here look at the photo- ████████ We can see that the request payload is exposing the invitation token and its not filtered like this one- ███████ And this is what google does with their...

0.8AI score
Exploits0
CNVD
CNVD
added 2017/06/06 12:0 a.m.3 views

IBM Cognos Business Intelligence Server Cognos Analytics Information Disclosure Vulnerability

IBM Cognos Business Intelligence Server is a suite of business intelligence and performance management solutions from IBM in the United States. The solution reports, analyzes, monitors and evaluates business data.Cognos Analytics is one of the data mining and analysis components. An information...

3.3CVSS5.8AI score0.00347EPSS
Exploits0References1
The Coalfire Blog
The Coalfire Blog
added 2017/05/31 9:3 p.m.12 views

A Growing Symphony of Security Analytics Tools Needs Careful Orchestration

Security analytics tools available to companies are increasing rapidly. However, cyber incident and vulnerability prevention, detection, response, and recovery times remain significant challenges as the types of attacks and attack vectors increase. Newer cyber analytics using machine learning are...

0.9AI score
Exploits0
Symantec
Symantec
added 2017/05/25 8:0 a.m.41 views

SA150: NSS Vulnerability April 2017

SUMMARY Symantec Network Protection products using affected versions of NSS are susceptible to a security vulnerability. A remote attacker can send crafted Base64-encoded data and execute arbitrary code or cause denial of service through an application crash. AFFECTED PRODUCTS The following...

7.5CVSS1.4AI score0.04741EPSS
Exploits0Affected Software11
CNVD
CNVD
added 2017/05/24 12:0 a.m.2 views

Multiple SAP Products 'DBISQL' Information Disclosure Vulnerability

SAP SQL Anywhere is a product of SAP, Germany.SQL Anywhere is an out-of-the-box database solution with enterprise-class features.SAP IQ is an analytics server designed for analytics, data warehousing, and business intelligence environments.SAP ASE is a database management platform. An information...

6.7AI score
Exploits0References1
The Hacker News
The Hacker News
added 2017/05/21 9:23 p.m.23 views

Netgear Now Collects Router 'Analytics Data' — Here’s How to Disable It

Is your router collects data on your network? Netgear last week pushed out a firmware update for its wireless router model NightHawk R7000 with a remote data collection feature that collects router's analytics data and sends it to the company's server. For now, the company has rolled out the...

6.9AI score
Exploits0
CNVD
CNVD
added 2017/05/16 12:0 a.m.5 views

IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2017-10389)

IBM Cognos Analytics formerly known as Cognos BI is a suite of business intelligence software from the American company IBM. The software includes reports, dashboards and scorecards, and can assist companies in adjusting their decisions by analyzing key factors and key stakeholders. A cross-site...

5.4CVSS6.4AI score0.00511EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/15 12:0 a.m.1 views

TIBCO Spotfire Server and Spotfire Analytics Platform for AWS Marketplace SQL Injection Vulnerabilities

TIBCO Spotfire Server and Spotfire Analytics Platform for AWS Marketplace are both products of the US-based TIBCO Software. The former is a set of TIBCO Spotfire data analysis and mining tools based on TIBCO Spotfire for enterprises to provide integration, operation and management of the platform...

6.5CVSS8AI score0.00921EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2017/05/10 2:29 p.m.2 views

CVE-2016-3032

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516...

5.4CVSS5.1AI score0.00511EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/05/10 2:29 p.m.4 views

CVE-2016-3032

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516...

5.4CVSS5.4AI score0.00511EPSS
Exploits0References1
Prion
Prion
added 2017/05/10 2:29 p.m.18 views

Cross site scripting

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516...

3.5CVSS6.2AI score0.00511EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/05/10 2:29 p.m.25 views

CVE-2016-3032

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516...

5.4CVSS5.2AI score0.00511EPSS
Exploits0References1
CVE
CVE
added 2017/05/10 2:0 p.m.53 views

CVE-2016-3032

CVE-2016-3032 affects IBM Cognos Analytics 11.0.0.0 and later. The vulnerability is a cross-site scripting (XSS) flaw allowing an attacker to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The IBM bulletin indicates no remediation...

5.4CVSS5.2AI score0.00511EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/05/10 2:0 p.m.29 views

CVE-2016-3032

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516...

5.2AI score0.00511EPSS
Exploits0References1
NVD
NVD
added 2017/05/09 8:29 p.m.12 views

CVE-2017-5527

TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks...

6.5CVSS6AI score0.00921EPSS
Exploits0References2
OSV
OSV
added 2017/05/09 8:29 p.m.1 views

CVE-2017-5527

TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks...

6.5CVSS5.8AI score0.00921EPSS
Exploits0References2
Prion
Prion
added 2017/05/09 8:29 p.m.10 views

Sql injection

TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks...

4CVSS7.1AI score0.00921EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2017/05/09 8:0 p.m.61 views

CVE-2017-5527

The provided data confirms a SQL injection issue affecting TIBCO Spotfire products. Affected: Spotfire Server versions 7.0.x before 7.0.2; 7.5.x before 7.5.1; 7.6.x before 7.6.1; 7.7.x before 7.7.1; 7.8.x before 7.8.1; Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier. Description...

6.5CVSS6.3AI score0.00921EPSS
Exploits0References2Affected Software2
rapid7community
rapid7community
added 2017/05/09 4:38 p.m.52 views

SIEM Security Tools: Four Expensive Misconceptions

Why modern SIEM security solutions can save you from data and cost headaches. If you want to reliably detect attacks across your organization, you need to see all of the activity thats happening on your network. More importantly, that activity needs to be filtered and prioritized by risk -- acros...

6.6AI score
Exploits0
Rows per page
Query Builder