Design/Logic Flaw

EMC RSA Security Analytics SA 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent...

CVE-2013-6180

EMC RSA Security Analytics SA 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent...

CVE-2013-6180

The CVE-2013-6180 issue affects EMC RSA Security Analytics (SA) 10.x prior to 10.3 and RSA NetWitness NextGen 9.8, where SA Core does not verify that requests originate from the SA REST UI, allowing untrusted user agents (e.g., web browsers) to bypass access restrictions. This could enable core-a...

CVE-2013-5912

VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action...

CVE-2013-5912

Vuln CVE-2013-5912 affects Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995. The VhttpdMgr importFile function accepts a fileName parameter in a URL to trigger remote code execution of arbitrary code with system privileges. Exploitation remotely via crafted importFile URL ...

Thomson Reuters Velocity Analytics - Remote Code Injection

Thomson Reuters Velocity Analytics - Remote Code Injection source: https://www.securityfocus.com/bid/63880/info Thomson Reuters Velocity Analytics is prone to a vulnerability that lets attackers inject and execute arbitrary code. Successfully exploiting this issue may allow an attacker to upload...

Thomson Reuters Velocity Analytics - Remote Code Injection

source: https://www.securityfocus.com/bid/63880/info Thomson Reuters Velocity Analytics is prone to a vulnerability that lets attackers inject and execute arbitrary code. Successfully exploiting this issue may allow an attacker to upload and execute arbitrary code with SYSTEM privileges. Thomson...

Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.9.4 build 2995 contains a code injection vulnerability

Overview Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.94 build 2995 and possibly earlier versions contain a code injection vulnerability CWE-94. Description CWE-94:Improper Control of Generation of Code 'Code Injection' Thomson Reuters Velocity Analytics Vhayu Analytic Serve...

CVE-2013-6016

The Traffic Management Microkernel TMM in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through...

CVE-2013-5815

Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 4.1 and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 4.1 and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security...

CVE-2013-5815

Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 4.1 and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security...

CVE-2013-5815

CVE-2013-5815 affects the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 4.1 and 5.0. The vulnerability is described as unspecified with impact on confidentiality, integrity, and availability and is exploitable via unknown v...

Cisco Video Surveillance 4000 Series IP Camera Default Credential Vulnerability

A vulnerability in the analytics page of the Cisco Video Surveillance 4000 Series IP Camera could allow an unauthenticated, remote attacker to gain access to the analytics pages of a Cisco Video Surveillance 4000 Series IP Camera. The vulnerability is due to an undocumented user account with a...

Oracle Java SE CVE-2013-5838 Remote Security Vulnerability

Description Oracle Java SE is prone to a remote security vulnerability. The vulnerability can be exploited over multiple protocols. This issue affects the 'Libraries' sub-component. This vulnerability affects the following supported versions: Java SE 7u25, Java SE Embedded 7u25 Technologies...

WordPress Woopra Analytics Plugin - Arbitrary PHP Code Execution

Woopra Analytics plugin's "ofcuploadimage.php" is prone to an arbitrary PHP code execution vulnerability. It allows an attacker to execute arbitrary PHP code within the context of the web server. Solution Update the plugin...

WordPress Plugin Woopra Analytics - ofc_upload_image.php Arbitrary PHP Code Execution

WordPress Plugin Woopra Analytics - ofcuploadimage.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/62876/info The Woopra Analytics Plugin for WordPress is prone to an arbitrary PHP code-execution vulnerability because it fails to properly validate user-supplied input. A...

WordPress Plugin Woopra Analytics - 'ofc_upload_image.php' Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/62876/info The Woopra Analytics Plugin for WordPress is prone to an arbitrary PHP code-execution vulnerability because it fails to properly validate user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context o...

Mijo Analytics, Joomla 2.5.x,

Mijo Analytics, Joomla 2.5.x, SQL Injection...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Social Media Analytics 1.2 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...