CVE-2023-30615

CVE-2023-30615 (iris-web) is a stored XSS vulnerability affecting iris-web before version 2.2.1. The issue allows an authenticated attacker to inject malicious scripts that run when users visit affected locations, with potential for unauthorized access and data theft. The patch is available in ir...

MediaWiki: Multiple Vulnerabilities

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Product Security: Harnessing the Collective Experience and Collaborative Tools in DevSecOps

In the fast-paced cybersecurity landscape, product security takes center stage. DevSecOps swoops in, seamlessly merging security practices into DevOps, empowering teams to tackle challenges. Let's dive into DevSecOps and explore how collaboration can give your team the edge to fight cyber villain...

SUSE CVE-2017-1651

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

The vulnerability of the mobile application for collaborative work with documents, IBM Navigator Mobile for Android operating systems, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the IBM Navigator Mobile mobile application for collaborative document work on Android operating systems is related to authentication errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

JCDC Announces 2023 Planning Agenda

Today, the Joint Cyber Defense Collaborative JCDC announced its 2023 Planning Agenda. This release marks a major milestone in the continued evolution and maturation of the collaborative’s planning efforts. JCDC’s Planning Agenda brings together government and private sector partners to develop an...

CVE-2023-21858

Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite component: Installation. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Collaborative...

CVE-2023-21858

Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite component: Installation. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Collaborative...

Design/Logic Flaw

Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite component: Installation. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Collaborative...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle E-Business...

CVE-2023-21858

The CVE-2023-21858 vulnerability affects Oracle E-Business Suite — Oracle Collaborative Planning, Installation component, in versions 12.2.3 through 12.2.12. The issue enables an unauthenticated attacker with network access via HTTP to compromise Oracle Collaborative Planning, potentially causing...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM® SDK, Java™ Technology Edition are affected by multiple vulnerabilities (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)

Summary This covers all applicable Java SE CVEs published by Oracle as part of their October 2022 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Lifecycle...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products are vulnerable to CVE-2021-28167

Summary A flaw in Eclipse OpenJ9 allows malicious code to access static methods and fields in classes before those classes have been initialized. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server Liberty are vulnerable to denial of service due to Google protobuf-java

Summary There is a vulnerability in the Google protobuf-java library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulleti...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection (CVE-2022-34165)

Summary IBM WebSphere Application Server Liberty is vulnerable to HTTP header injection when processing web requests. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Global Configuration Management, IBM Engineering...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure (CVE-2022-22393)

Summary IBM WebSphere Application Server Liberty is vulnerable to an information disclosure with the adminCenter-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin. Global Configuration Management GC...

Apache Zeppelin input validation error vulnerability

Apache Zeppelin is a Web-based open source notebook application from the Apache Foundation that supports interactive data analysis and collaborative documentation. Apache Zeppelin is vulnerable to an input validation error that results from improper input validation in its Move folder to Trash...

Huatian Power OA suffers from XML Entity Injection Vulnerability

Huatian Power OA belongs to Dalian Huatian Software Co., Ltd. and is collaborative office software OA. An XML entity injection vulnerability exists in Huatian Power OA, which can be exploited by attackers to obtain sensitive information...

Attachments that are added to drafts while collaborative editing is off are searchable when collaborative editing is turned on

h3. Issue Summary This is reproducible on Data Center: yes h3. Steps to Reproduce Turn OFF collaborative editing Create a page Add attachment to the page Do not publish the page Try searching for the draft or attachment Enable Collaborative Editing Perform Reindexing Try searching for the draft o...

6 Best Ways to Make a Collaborative PowerPoint Presentation

By Owais Sultan Among the several online presentation-making platforms, Microsoft PowerPoint is the first choice of professionals. The platform allows you… This is a post from HackRead.com Read the original post: 6 Best Ways to Make a Collaborative PowerPoint Presentation...