forums.smallbusinesscomputing.com XSS vulnerability

Vulnerable URL: http://forums.smallbusinesscomputing.com/showthread.php/'-alert'OPENBUGBOUNTY'-' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website...

U.S. Dept Of Defense: Insecure Direct Object Reference on in-scope .mil website

Summary: A web form in a .mil website doesn't implement restriction against multiple failed attempts to place an ID in order to obtain users information or cancel an ongoing process. Description: Websites https://█████████/appointment/lookup.aspx?a=f and...

[SECURITY] Fedora 25 Update: libtirpc-1.0.1-4.rc3.fc25

This package contains SunLib's implementation of transport-independent RPC TI-RPC documentation. This library forms a piece of the base of Open Network Computing ONC, and is derived directly from the Solaris 2.3 source. TI-RPC is an enhanced version of TS-RPC that requires the UNIX System V...

IBM Platform LSF and IBM Spectrum LSF Local Elevation of Privilege Vulnerability

IBM Platform LSF and IBM Spectrum LSF are both a set of workload management platforms for distributed HPC environments from IBM USA. A local elevation of privilege vulnerability exists in IBM Platform LSF and IBM Spectrum LSF. A local attacker could use this vulnerability to elevate privileges an...

Qemu: VNC: memory corruption due to unchecked resolution limit

An out-of-bounds memory access issue was found in Quick Emulator QEMU in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vncrefreshserversurface'. A user inside a guest could use this flaw to crash the QEMU process...

Qemu: VNC: memory corruption due to unchecked resolution limit

An out-of-bounds memory access issue was found in Quick Emulator QEMU in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vncrefreshserversurface'. A user inside a guest could use this flaw to crash the QEMU process...

The Unified Cloud

Throughout the history of cloud computing, 2006 was a momentous year. In 2006 Amazon Web Services released S3, the first pay per GB storage service. By August, they released EC2, allowing you to spin up a server and pay by the hour in the cloud. In the decade that has followed, AWS has emerged as...

Get a Single View of WAF Events with the Imperva AppSecurity View App for Splunk Enterprise

Enterprises are adopting a hybrid infrastructure model to take advantage of rapid deployment of cloud-based services and higher computing power. A compilation of analyst predictions by SecureWorks, shows that the cloud continues to gain momentum as organizations embrace and benefit from new ways ...

Qemu: cirrus: heap buffer overflow via vnc connection

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash...

CLI Command Injection Vulnerability in Multiple Cisco Products

Cisco Unified Computing System UCS Manager provides unified and embedded management of all software and hardware components in Cisco UCS. the Cisco Firepower 4100 Series is a next-generation firewall. the Cisco Firepower 9300 is a scalable carrier-grade platform. A command injection vulnerability...

DEBIAN-CVE-2015-8504

Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service arithmetic exception and application crash via crafted SetPixelFormat messages from a client...

[SECURITY] Fedora 26 Update: tigervnc-1.7.1-4.fc26

Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you ...

Local Command Execution Vulnerability in Multiple Cisco Products

Cisco Unified Computing System Manager is a set of embedded device management software.Cisco Firepower 9300 Security Appliance are Cisco security appliances.Cisco Firepower 9000 is an operating system running on the 9000 series firewall appliances from Cisco. Cisco Firepower 9000 is a Cisco...

IT Asset Inventory Systems and CMDBs: A Marriage Made in InfoSec Heaven

A key capability of an IT asset inventory system is being able to exchange data with CMDBs Configuration Management Databases. In fact, a common misconception is that organizations with CMDBs don’t need an IT asset inventory system because their functions overlap. While they have similar roles,...

CVE-2015-6028

Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter...

CVE-2015-6027

Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP...

Sql injection

Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter...

Code injection

Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP...

CVE-2015-6028

Castle Rock Computing SNMPc is affected by CVE-2015-6028 due to a SQL injection in the sc parameter prior to 2015-12-17. The CNVD record CNVD-2017-05437 confirms the vulnerability in Castle Rock SNMPc Network Manager, noting the ability for a remote attacker to extract data from the database via ...

CVE-2015-6027

Castle Rock Computing SNMPc is vulnerable to Cross-Site Scripting via SNMP in versions prior to 2015-12-17. Affected component is SNMPc; root cause is a XSS vulnerability exploitable through SNMP. Public impact details are limited to what is stated in the sources (XSS; potential for modification ...