[SECURITY] Fedora 20 Update: subversion-1.8.11-1.fc20

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

CVE-2014-8898

Cross-site scripting XSS vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1...

CVE-2014-8897

Cross-site scripting XSS vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1...

Design/Logic Flaw

The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modi...

Bypass of shared files password protection in "documents" application - ownCloud

The "documents" application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents. Due to missing access control within the API of this application, the password-protection of shared files can be bypassed. Affecte...

Server: Bypass of shared files password protection in "documents" application

The "documents" application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents. Due to missing access control within the API of this application, the password-protection of shared files can be bypassed. For mor...

[SECURITY] [DSA 3046-1] mediawiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3046-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 05, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3046-1 (mediawiki - security update)

It was reported that MediaWiki, a website engine for collaborative work, allowed to load user-created CSS on pages where user-created JavaScript is not allowed. A wiki user could be tricked into performing actions by manipulating the interface from CSS, or JavaScript code being executed from CSS,...

CVE-2014-3092

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...

Session fixation

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...

CVE-2014-3092

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...

CVE-2014-3092

CVE-2014-3092 affects IBM Jazz Team Server-based products (e.g., Rational CLM suite, RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) where the session cookie is not marked Secure in HTTPS, enabling potential cookie leakage over HTTP. The root cause is the cookie’s missing Secure flag during SSL s...

Gary McGraw on the IEEE Center for Secure Design

Dennis Fisher talks with Gary McGraw of Cigital about the IEEE’s new Center for Secure Design program, the difficulty of defeating large classes of bugs and the collaborative effort it will take to solve the software security problem. Music by Chris Gonsalves Download: digitalunderground164.mp3...

LiveWorld Multiple Products - Cross Site Scripting

LiveWorld Multiple Products - Cross Site Scripting LiveWorld Cross Site Scripting Vendor: LiveWorld, Inc Product: LiveWorld Version: Multiple Products Website: http://www.liveworld.com CVE: CVE-2004-2566 OSVDB: 9180 PACKETSTORM: 34143 Description: LiveWorld provides collaborative services for...

CVE-2014-4775

IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1-FP15 and 10.x and 11.x before 11.3-IF2 do not properly protect credentials, which allows remo...

Sql injection

SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote...

Design/Logic Flaw

IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1-FP15 and 10.x and 11.x before 11.3-IF2 allow local users to obtain administrator privileges v...

CVE-2014-0966

IBM InfoSphere Master Data Management - Collaborative Edition (GDS component) and the related Server for Product Information Management are affected by CVE-2014-0966. The vulnerability is an SQL injection (blind) that could allow a remote authenticated attacker to view, add, modify, or delete dat...

CVE-2014-3063

IBM InfoSphere Master Data Management - Collaborative Edition (CDE) versions 10.x before 10.1-FP11 and 11.x before 11.0-FP5, and InfoSphere MDM Server for Product Information Management (PIM) 9.x before 9.1-FP15, 10.x, and 11.x before 11.3-IF2 are affected by a local privilege escalation that cou...