Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server that is shipped with IBM Rational ClearQuest (CVE-2016-3092)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Rational ClearQuest. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Simplejobscript.com SJS controllers/page_apply.php script upload vulnerability

Simplejobscript.com SJS is a WEB based recruitment application service program. A security vulnerability exists in Simplejobscript.com SJS controllers/pageapply.php at the upload of resumes, which can be exploited by remote attackers to submit a special PHP script request to upload and execute...

git-diff-apply OS Command Injection Vulnerability

git-diff-apply is a package for getting git diff files and applying them to local branches. An operating system command injection vulnerability exists in the index.js file in versions of git-diff-apply prior to 0.22.2. The vulnerability stems from a network system or product not properly filterin...

apply-intern.dbmi.pitt.edu Improper Access Control vulnerability

Security Researcher devl00p Helped patch 2581 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting apply-intern.dbmi.pitt.edu website and its users...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Illustrator CC and Experience Manager. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

Microsoft Releases January 2020 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

OS Command Injection

git-diff-apply is vulnerable to OS command injection. Lack of validation and sanitization of the remoteUrl parameter allows an attacker to inject arbitrary OS command via the affected parameter that is subsequently used in utils.run as a git command...

CVE-2019-10776

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

CVE-2019-10776

CVE-2019-10776 affects the package git-diff-apply prior to v0.22.2. The vulnerability stems from unvalidated input in index.js where a run() command is constructed from a user-controlled remoteUrl, enabling OS command injection. Impact could include remote code execution if untrusted input is sup...

CVE-2019-10776

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

@gulpjs/update-template (>=0.1.0 <=0.2.1), @lblod/ember-rdfa-editor-stemming-module-plugin (>=0.1.0 <=0.1.3) +11 more potentially affected by CVE-2019-10776 via git-diff-apply (>=0.0.5 <=0.22.10)

git-diff-apply NPM version =0.0.5, =0.1.0, =0.1.0, =0.8.0, =0.1.9, =0.0.1, =0.9.0, =0.2.2, =0.14.0, =3.0.0 Source cves: CVE-2019-10776 Source advisory: SNYK:JS-GITDIFFAPPLY-540774...

Command Injection

Overview git-diff-apply is a package that can be used to reach an unrelated remote repository to apply a git diff. Affected versions of this package are vulnerable to Command Injection. In "index.js" file, line 240, the run command executes the git command with an user controlled variable called...

PT-2019-6188 · Struktur Ag +4 · Libde265 +4

Name of the Vulnerable Software and Affected Versions: libde265 version 1.0.4 Description: The issue is related to a segmentation fault in the apply sao internal function, which can be exploited via a crafted file, potentially allowing a remote attacker to cause a denial of service. The...

Microsoft Releases November 2019 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...

PT-2019-3578 · Oracle · Oracle Solaris +1

Name of the Vulnerable Software and Affected Versions: Oracle Solaris version 11 Description: The issue is related to a component called XScreenSaver in the Oracle Solaris operating system, which has inadequate access control. This can be exploited by an attacker to gain full control over the...

PT-2019-3753 · Oracle · Adf +2

Name of the Vulnerable Software and Affected Versions: Oracle JDeveloper and ADF versions 11.1.1.9.0 through 12.2.1.3.0 Description: The issue is related to insufficient access control in the OAM component of Oracle JDeveloper and ADF, allowing a remote attacker to gain unauthorized access to...

Cisco Releases Security Advisories

Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

Microsoft Releases September 2019 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

Microsoft Releases August 2019 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...