Security Bulletin: A vulnerability in Struts affects the IBM FlashSystem model V9000 (CVE-2015-5209)

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ V9000 is susceptible. An exploit of this vulnerability could allow a remote attacker to gain unauthorized access to the system. Vulnerability Details CVEID: CVE-2015-5209 DESCRIPTION: Apache Struts could allow a remo...

Security Bulletin: Vulnerabilities in Java affect the IBM FlashSystem V840 (CVE-2015-1931, CVE-2015-2601, CVE-2015-2613, and CVE-2015-2625)

Summary There are unspecified vulnerabilities revealed in the July 2015 Java Critical Patch Update CPU which the IBM® FlashSystem™ V840 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to obtain sensitive information and which could allow a local attacker to obta...

Security Bulletin: Vulnerabilities in Java affect the IBM FlashSystem V9000 (CVE-2015-1931, CVE-2015-2601, CVE-2015-2613, and CVE-2015-2625)

Summary There are unspecified vulnerabilities revealed in the July 2015 Java Critical Patch Update CPU which the IBM® FlashSystem™ V9000 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to obtain sensitive information and which could allow a local attacker to...

Security Bulletin: Vulnerability in RC4 stream cipher affects the IBM FlashSystem V840 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects the IBM® FlashSystem™ V840. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit th...

Security Bulletin: A vulnerability in Open Source Struts affects the IBM FlashSystem V9000 (CVE 2015-1831)

Summary There is a vulnerability in the Open Source Struts used by the IBM FlashSystem V9000. An exploit of this vulnerability could result in an attacker gaining control of internal states which affect the FlashSystem V9000. Vulnerability Details CVEID: CVE-2015-1831 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem V9000, (CVE-2014-6593 and CVE-2015-0410)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 1.6.0 that is used by the IBM FlashSystem V9000. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details CVEID: CVE-2015-0410 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerabilities in SSL and TLS protocols affect the IBM FlashSystem V840 (CVE-2011-3389)

Summary SSL and TLS vulnerabilities were disclosed in September 2011. This vulnerability has been referred to as the “BEAST” attack. SSL protocol is used by the IBM FlashSystem V840. Vulnerability Details CVE-ID: CVE-2011-3389 DESCRIPTION: Multiple products could allow a remote attacker to obtain...

Security Bulletin:Vulnerabilities in Network Security Services (NSS) affect the IBM FlashSystem V840,(CVE-2014-3566)

Summary Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. NSS is used by the IBM FlashSystem V840. FlashSystem V840 has addressed the applicable CVE. Vulnerability Details CVE-ID: CVE-2014-356...

Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem V840, (CVE-2014-6593 and CVE-2015-0410))

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 1.6.0 that is used by the IBM FlashSystem V840. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details CVEID: CVE-2015-0410 DESCRIPTION: An unspecified...

Security Bulletin: The IBM FlashSystem V840 product model numbers AC0 and AC1 nodes are affected by vulnerabilities in Apache’s Struts library (CVE-2014-7809)

Summary Apache Struts could potentially allow a remote attacker to bypass security restrictions, caused by predictable tokens. Vulnerability Details CVEID: CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By...

Security Bulletin: The IBM FlashSystem V840 product model numbers AC0 and AC1 nodes are affected by vulnerabilities in Apache’s Struts library

Summary Security vulnerabilities have been discovered in Apache’s Struts library Vulnerability Details CVE-ID: CVE-2014-0112, CVE-2014-0094, & CVE-2014-0050 DESCRIPTION: FlashSystem V840 model number -AC0, and –AC1 nodes use the Apache Struts library. Struts is used only by the Service Assist GUI...

Security Bulletin: The IBM V840 product model number AE1 node is affected by a vulnerability in Java

Summary Security vulnerabilities have been discovered in Java Vulnerability Details CVE-ID: CVE-2014-0411 DESCRIPTION: FlashSystem V840-AE1 uses an affected version of Oracle Java: CVE-2014-0411 Unspecified Oracle Java vulnerability In Oracle’s January 2014 Critical Patch Update CPU they disclose...

WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access

There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::ManageFrameVp9 fetches the GofInfo based on a picidx parsed from the incoming packet header. If the incoming frame is of...

EC-CUBE vulnerable to session fixation

Overview EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a session fixation vulnerability CWE-384. LOCKON CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LOCKON CO.,LTD...

dancetrippin.tv XSS vulnerability

Open Bug Bounty ID: OBB-530970 Description| Value ---|--- Affected Website:| dancetrippin.tv Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure bas...

Keybase: Universal Cross-Site Scripting in Keybase Chrome extension

Description The Keybase Chrome extension makes heavy use of the insecure innerHTML DOM API, resulting in Universal Cross-Site Scripting on all Keybase-supported social networking websites. Steps to reproduce the issue 1. Install the Keybase Chrome extension 2. Navigate to the following URL addres...

Git 版本<=2.7.1 远程代码执行漏洞

参考来源： http://seclists.org/oss-sec/2016/q1/645 Hello, original report describing the overflow is here http://pastebin.com/UX2P2jjg On 11/02/2016 16:50, Jeff King wrote this on the git security mailing list: On Thu, Feb 11, 2016 at 02:31:49PM +0100, 'Laël Cellier' via Git Security wrote: Ok the bug...

TinyShop修复不当再次注入（全版本）

简要描述： 在修复http://www.wooyun.org/bugs/wooyun-2014-068153漏洞时候，处理不当，治标不治本。 详细说明： public static function getIP if isset$SERVER"HTTPXFORWARDEDFOR"$ip = $SERVER"HTTPXFORWARDEDFOR"; elseif isset$SERVER"HTTPCLIENTIP" $ip = $SERVER"HTTPCLIENTIP"; elseif isset$SERVER"REMOTEADDR" $ip = $SERVER"REMOTEADDR";...

RedHat Update for tomcat6 RHSA-2014:0865-01

The remote host is missing an update for the Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

MyBB Extended Useradmininfo Plugin 1.2.1 - Cross Site Scripting

No description provided by source. Exploit Title: Extended Useradmininfo MyBB Plugin 1.2.1 - Cross Site Scripting Google Dork: N/A Date: 09.02.2014 Exploit Author: Fikri Fadzil - [email protected] Vendor Homepage: http://forum.mybboard.de/user-9022.html Software Link:...