Security Bulletin: IBM License Metric Tool v7.2.2 and v7.5 and IBM Tivoli Asset Discovery for Distributed v7.2.2 and v7.5 are vulnerable to Padding Oracle On Downgraded Legacy Encryption (POODLE) attack on TLS connections (CVE-2014-8730)

Summary TLS protocol support used in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed is vulnerable to POODLE TLS attack CVE-2014-8730. This attack enables a man-in-the-middle attacker to decrypt and intercept communications, including user-server and agent-server messages...

Security Bulletin: A vulnerability in Apache Tomcat affects the IBM FlashSystem models 840 and 900

Summary A vulnerability in Apache Tomcat CVE-2020-13935 affects the IBM FlashSystem models 840 and 900. Vulnerability Details CVEID: CVE-2020-13935 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper validation of the payload length in a WebSocket frame. By sending...

Security Bulletin: A vulnerability in Apache Tomcat affects the IBM FlashSystem V840 and V9000

Summary A vulnerability exists in Apache Tomcat to which the IBM FlashSystem™ V840 and FlashSystem V9000 are susceptible CVE-2018-11784. An exploit of this vulnerability could allow a remote attacker to redirect a user to arbitrary websites. Vulnerability Details CVEID: CVE-2018-11784 DESCRIPTION...

SUSE-SU-2019:0080-1 Security update for LibVNCServer

This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension bsc1120114 - CVE-2018-6307: Fixed use-after-free in file transfer extension server code bsc1120115 - CVE-2018-20020: Fixed heap out-of-bound write insi...

Security Bulletin: Vulnerabilities in Apache Tomcat affects the IBM FlashSystem model V840

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability CVE-2017-5647 could make the system susceptible to an attack which could allow an attacker to obtain sensitive information. Vulnerability Details CVEID:...

Security Bulletin: Vulnerability in Mozilla Network Security Services (NSS) affects the IBM FlashSystem model V840

Summary There is a vulnerability in Mozilla NSS to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability CVE-2016-9074 could make the system susceptible to timing side-channel attacks which could be leveraged to allow launch of further attacks on the system Vulnerabili...

Security Bulletin: Vulnerability in Mozilla Network Security Services (NSS) affects the IBM FlashSystem models 840 and 900

Summary There is a vulnerability in Mozilla NSS to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of this vulnerability CVE-2016-9074 could make the system susceptible to timing side-channel attacks which could be leveraged to allow launch of further attacks on t...

Security Bulletin: Vulnerability in Apache Struts affects the IBM FlashSystem model V840

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability CVE-2016-4461 could allow an attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2016-4461 DESCRIPTION: Apache Struts could allow a...

Security Bulletin: Vulnerability in Mozilla NSS affects the IBM FlashSystem model V840

Summary There is a vulnerability in Mozilla Network Security Services NSS to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability CVE-2017-7502 could to cause a denial of service. Vulnerability Details CVEID: CVE-2017-7502 DESCRIPTION: Mozilla Network Security Service...

Security Bulletin: Vulnerabilities in Mozilla NSS affect the IBM FlashSystem model V840

Summary There are vulnerabilities in Mozilla Network Security Services NSS to which the IBM® FlashSystem™ V840 is susceptible. An exploit of these vulnerabilities CVE-2016-2834, CVE-2016-5285, and CVE-2016-8635 could allow a remote attacker to execute arbitrary code, to recover private keys, to...

Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem model V840

Summary There are vulnerabilities in OpenSSH to which the IBM® FlashSystem™ V840 is susceptible. An exploit of these vulnerabilities CVE-2015-6563 and CVE-2015-6564 could allow a remote attacker to bypass security restrictions to gain elevated privileges or conduct an impersonation attack...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM FlashSystem model V840 (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM® FlashSystem™ V840. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message...

Security Bulletin: : A cross-site request forgery vulnerability affects the IBM FlashSystem model V840 (CVE-2015-7446)

Summary There is a cross-site request forgery vulnerability to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability could allow cross-site scripting attacks, Web cache poisoning, and other malicious activities. Vulnerability Details CVEID: CVE-2015-7446 DESCRIPTION: I...

Security Bulletin: A vulnerability in the Linux Pluggable Authentication Module (PAM) affects the IBM FlashSystem model V9000 (CVE-2015-3238)

Summary There is a vulnerability in Linux Pluggable Authentication Module PAM to which the IBM® FlashSystem™ V9000 is susceptible. An exploit of this vulnerability could allow a remote attacker to expose sensitive information and/or cause a denial of service. Vulnerability Details CVEID:...

Security Bulletin: A vulnerability in the Linux Pluggable Authentication Module (PAM) affects the IBM FlashSystem model V840 (CVE-2015-3238)

Summary There is a vulnerability in the Linux Pluggable Authentication Module PAM to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability could allow a remote attacker to expose sensitive information and/or cause a denial of service. Vulnerability Details CVEID:...

Security Bulletin: A vulnerability in Network Security Services (NSS) affects the IBM FlashSystem model V9000 (CVE-2015-2730)

Summary There is a vulnerability in Network Security Services NSS to which the IBM® FlashSystem™ V9000 is susceptible. An exploit of this vulnerability could allow a remote attacker to gain unauthorized access to forge signatures. Vulnerability Details CVEID: CVE-2015-2730 DESCRIPTION: Mozilla...

Ani-Shell v1.1 - Back-Connect and Bind-Shell Features by lionaneesh

Ani-Shell v1.1 - Back-Connect and Bind-Shell Features by lionaneesh New Features in this version 0x01A Bind Shell 0x01B Back Connect 0x01C Fixed Some Coding errors! 0x01D Rename Files 0x01E Encoded Title Download or Read More...

[MORNINGSTAR-2009-01] Multiple security issues in Open Auto Classifieds version <= 1.5.9

MorningStar Security - Advisory http://www.morningstarsecurity.com/ Multiple security issues in Open Auto Classifieds 1. Advisory Information ---------------------------------------------------------------------------------------------- Title: Multiple security issues in Open Auto Classifieds...

Open Auto Classifieds 1.5.9 SQL Injection

MorningStar Security - Advisory http://www.morningstarsecurity.com/ Multiple security issues in Open Auto Classifieds 1. Advisory Information ---------------------------------------------------------------------------------------------- Title: Multiple security issues in Open Auto Classifieds...

[SECURITY] New version of ssh may fix buffer overflows

There has been a lot of confusion over ssh lately: some people think their systems have been hacked through ssh, although nobody has been able to produce an exploit. To avoid any possible problems we have patched ssh to fix any possible buffer overruns. We think this will stop any attack that mig...