Beijing Jiusi Collaborative Software Office System SQL注入漏洞

Beijing Jiusi Collaborative Software Office System Beijing Jiusi Collaborative Software Office System is an OA office system from Beijing Jiusi Collaborative Software Beijing Jiusi Collaborative Software, China. Beijing Jiusi Collaborative Software Office System OA suffers from a SQL injection...

Security Bulletin: Cross-Site Scripting vulnerability exists in IBM InfoSphere Master Data Management - Collaborative Edition (CVE-2013-4036)

Abstract IBM InfoSphere Master Data Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious scripts into a web page which would be executed in a victim's web browser within the...

Vulnerability Fixed in Azure Synapse Spark

Summary Summary Microsoft takes a proactive approach to continually probe our defenses, hunt for vulnerabilities, and seek new, innovative ways to protect our customers. Security researchers are an important part of this effort, and our collaborative partnership is critical in a world where...

DoS via Collaborative Document

Description An attacker can send an enormous payload via the WebSockets collaborative document feature, without any proper size restriction, leading to the unresponsiveness of every user browser that visits the target document, and even worse, if the payload is bigger enough, in the demonstration...

Collaboration Drives Secure Cloud Innovation: Insights From AWS re:Inforce

This year's AWS re:Inforce conference brought together a wide range of organizations that are shaping the future of the cloud. Last week in Boston, cloud service providers CSPs, security vendors, and other leading organizations gathered to discuss how we can go about building cloud environments...

Arbitrary File Download Vulnerability in Panmicro E-Weaver of Shanghai Panmicro Network Technology Co.

E-Weaver is the Pan-Micro collaboration management platform. Ltd. Panmicro E-Weaver suffers from an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive information...

Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability

A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint CE and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials...

Cervantes - Collaborative Platform For Pentesters Or Red Teams Who Want To Save Time To Manage Their Projects, Clients, Vulnerabilities And Reports In One Place

Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects, clients, vulnerabilities and reports in one place. Features OpenSource Multiplatform Multilanguage Team Collaboration BuiltIn dashbaords and analytics Manage your clients...

The vulnerability of the User Interface sub-component of the Oracle Collaborative Planning component of the Oracle E-Business Suite allows a perpetrator to access and modify data.

The vulnerability of the User Interface sub-component of the Oracle Collaborative Planning product, a business automation system within the Oracle E-Business Suite, exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to...

Microsoft collaborates with Tenable to support federal cybersecurity efforts

On May 12, 2021, the White House issued Presidential Executive Order EO 14028 to establish cybersecurity as a national priority.1 As part of this effort, the White House has called for greater public and private sector collaboration to address the evolving threats facing federal agencies. In the...

Hacktivists Expanding DDoS Attacks as Part of International Cyber Warfare Strategy

In April 2022 it was reported that pro-Russian hacktivist group, KILLNET, carried out a series of Distributed Denial of Service DDoS attacks against a number of websites including the United Nations UN, The Organization for Security and Cooperation OSCE an organization founded in Finland, and oth...

Security Bulletin: GDS component of IBM InfoSphere Master Data Management Collaborative Edition affected by various security vulnerabilities (CVE-2015-4960, CVE-2015-4958, CVE-2015-7414)

Summary GDS component of IBM InfoSphere Master Data Management - Collaborative Edition is vulnerable to Cross-Site Scripting, Caching of HTTP response and Click-Jacking vulnerabilities. Vulnerability Details CVEID: CVE-2015-4960 DESCRIPTION: IBM InfoSphere Master Data Management - Collaborative...

Security Bulletin: IBM InfoSphere Master Data Management Collaborative Edition affected by various security vulnerabilities (CVE-2015-1984, CVE-2015-1968, CVE-2015-1982, CVE-2015-1980)

Summary IBM InfoSphere Master Data Management - Collaborative Edition is vulnerable to Privilege Escalation, Cross-Site Scripting, Server Path Disclosure and Click-Jacking vulnerabilities. Vulnerability Details CVEID: CVE-2015-1984 DESCRIPTION: IBM InfoSphere Master Data Management - Collaborativ...

Security Bulletin: IBM InfoSphere Master Data Management Collaborative Edition affected by Privilege Escalation security vulnerabilities (CVE-2015-7424)

Summary IBM InfoSphere Master Data Management - Collaborative Edition is vulnerable to Privilege Escalation. Vulnerability Details CVEID: CVE-2014-7424 DESCRIPTION: Provide sufficient details for someone to tell if they have the problem, but not enough detail that someone with malicious intent...

Design/Logic Flaw

HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...

Security Bulletin: Vulnerabilities (CVE-2021-39038, CVE-2021-23450) in IBM WebSphere Application Server may impact IBM Engineering Lifecycle Management (ELM) products based on IBM Jazz technology

Summary IBM Engineering Lifecycle Management ELM products based on IBM Jazz technology may integrate with IBM WebSphere Application Server WAS. Please review the following WAS Bulletins CVE-2021-39038, CVE-2021-23450 and take corrective actions. Vulnerability Details Refer to the security bulleti...

Microsoft CRSP shares the ways human behavior affects compromise recovery

The Microsoft Compromise Recover Security Practice CRSP is a worldwide team of cybersecurity experts operating in most countries, across all organizations public and private, with deep expertise to secure an environment post-security breach and to help you prevent a breach in the first place. As ...

CISA Adds 95 Known Exploited Vulnerabilities to Catalog

CISA has added 95 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added...

Broadcom Software Discloses APT Actors Deploying Daxin Malware in Global Espionage Campaign

Broadcom Software—an industry member of CISA’s Joint Cyber Defense Collaborative JCDC—uncovers an advanced persistent threat APT campaign against select governments and other critical infrastructure targets in a publication titled Daxin: Stealthy Backdoor Designed for Attacks Against Hardened...

Zepl Notebook 安全漏洞

Zepl Notebook is the United States Zepl company provides interactive data analysis and Web-based notebook. Zepl Notebook is a web-based notebook that provides interactive data analysis and is used to make beautiful documents that are data-driven, interactive and collaborative. Zepl Notebook has a...