Security Bulletin: Vulnerability in Apache Commons affects IBM Content Navigator (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Content Navigator. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by...

Security Bulletin: Vulnerabilities in OpenSSL affect Rational Insight

Summary OpenSSL vulnerabilities were disclosed on January 26, 2017 by the OpenSSL Project. OpenSSL is used by Rational Insight. Rational Insight has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-3730 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NUL...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2016 CPU (CVE-2016-3485)

Summary There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in July 2016. These may affect some configurations of IBM WebSphere Application Server Full Profile,...

IBM WebSphere Cast Iron Security Bulletin: Security vulnerability in IBM JRE 6 and IBM JRE 7

Abstract Security vulnerability exist in the IBM Java Runtime Environment component of WebSphere Cast Iron in IBM JRE 6.0 SR15 FP1 and earlier and IBM JRE 7.0 SR6 FP1 and earlier Content VULNERABILITY DETAILS There is a security vulnerability in the IBM Java Runtime Environment used in WebSphere...

Microsoft Releases June 2018 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft's June 2018 Security Update Summary and Deployment...

MODX Revolution CMS <= 2.6.3 Stored XSS Vulnerability

MODX CMS is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apple Releases Security Updates

Apple has released a security update for macOS High Sierra and supplemental updates for Sierra and El Capitan to address multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the...

Windows Defender Firewall: Public Profile: Apply local connection security rules

The policy determines whether the local connection rules are merged with GP settings when connected to a public network. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Windows Defender Firewall: Public Profile: Apply local firewall rules

The policy determines whether the local firewall rules are merged with GP settings when connected to a public network. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Microsoft Releases May 2018 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft's May 2018 Security Update Summary and Deployment...

Microsoft Releases Security Update

Microsoft has released a security update to address a vulnerability in the Windows Host Compute Service Shim hcsshim library. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Microsoft Security Adviso...

phpLiteAdmin Authentication Bypass Vulnerability

phpLiteAdmin is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

HackerOne: CSRF at [Apply to this program] that lead to submit your request automatic with out any validations

Hi , the behavior found in some of programs that need to Apply to this program like @hackthedts this program need to your submit Application before start found/send bug to them . this button have no any validations/check protect for CSRF bug , that can lead to auto apply to program by used this...

Citrix Releases Security Updates

Citrix has released security updates to address vulnerabilities in its XenServer. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Citrix Security Bulletin CTX232655 and apply the...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Connect, and Dreamweaver. A remote attacker could exploit these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-0...

Mozilla Releases Security Updates for Firefox

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisories for Firefox 59 an...

foreman: Information leak through organizations and locations feature

foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned no organizations/locations, they are able to view all resources instead of none mirroring an administrator's view. The user's actions are still limited by their...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address vulnerabilities in Flash Player. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-03 and apply the necessary...

studymalaysia.com XSS vulnerability

Open Bug Bounty ID: OBB-550239 Description| Value ---|--- Affected Website:| studymalaysia.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure...

Tracking changes in CERT bulletins and Nessus plugins using Vulners Time Machine

If you use Vulners.com vulnerability search engine, you probably know that it has a real "Time Machine". Each time Vulners sees some changes on a source page it creates a new version of security object. And you can see the full history of changes in a nice GUI: In most cases, the vendor just...