5523 matches found
CVE-2014-3041
IBM Emptoris Contract Management is affected by CVE-2014-3041, a SQL injection vulnerability in 9.5.x before 9.5.0.6 iFix 10; 10.0.0.x before 10.0.0.1 iFix 10; 10.0.1.x before 10.0.1.4; and 10.0.2.x before 10.0.2.2 iFix 2. Remote authenticated users can execute arbitrary SQL commands via unspecif...
CVE-2014-3034
The CVE-2014-3034 entry describes a cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management. It affects IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2. The flaw all...
CVE-2014-3041
SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-3040
Cross-site request forgery CSRF vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x...
Dell PacketTrap PSA 7.1 - Multiple XSS Vulnerabilities
No description provided by source. Title: ====== Dell PacketTrap PSA 7.1 - Multiple Persistent Vulnerabilities Date: ===== 2013-07-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=790 VL-ID: ===== 790 Common Vulnerability Scoring System:...
Threat Outbreak Alert: Fake Contract Delivery Notice Email Messages on May 21, 2014
Medium Alert ID: 34319 First Published: 2014 May 21 14:49 GMT Version: 1 Summary Cisco Security has detected significant activity related to French-language spam email messages that claim to contain a contract notification for the recipient. The text in the email message attempts to convince the...
Threat Outbreak Alert: Fake Product Contract Notification Email Messages on February 28, 2014
Medium Alert ID: 33116 First Published: 2014 February 28 19:38 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a product contract notification for the recipient. The text in the email message attempts to convince the...
Potential backdoors discovered in US-based components used by French Satellites
United Arab Emirates UAE may terminate a $930 Million USD contract with France based companies for the supply of two two military Imaging satellites due to the discovery of several US produced components in them. Now the deal is in danger because the UAE claims it has discovered backdoors in the...
Preparing for Managed Security Services
Wade Woolwine Presents at MIRcon® 2013 As a complement to my MIRcon® 2013 presentation titled "Getting the Best Bang for the Buck with Managed Security Providers" and to address some questions I received from the audience, I have prepared a quick summary of my presentation. Many businesses consid...
Threat Outbreak Alert: Fake Contract Notification Email Messages on November 29, 2013
Medium Alert ID: 31944 First Published: 2013 December 2 17:09 GMT Version: 1 Summary Cisco Security has detected significant activity related to Italian-language spam email messages that claim to contain a contract proposal for the recipient. The text in the e-mail message attempts to convince th...
Threat Outbreak Alert: Fake Contract Document Delivery Email Messages on November 25, 2013
Medium Alert ID: 31903 First Published: 2013 November 26 20:47 GMT Version: 1 Summary Cisco Security has detected significant activity related to Portuguese-language spam email messages that claim to contain a contract document for the recipient. The text in the email message attempts to convince...
Threat Outbreak Alert: Fake Contract Document Delivery Email Messages on October 3, 2013
Severity Alert ID: 31124 First Published: 2013 October 4 13:39 GMT Version: 1 Threat Outbreak Threat Outbreak Summary Cisco Security has detected significant activity on October 3, 2013. Revision History Initial ReleaseShow Less Legal Disclaimer THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND...
Dell PacketTrap PSA 7.1 Cross Site Scripting
Title: ====== Dell PacketTrap PSA 7.1 - Multiple Persistent Vulnerabilities Date: ===== 2013-07-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=790 VL-ID: ===== 790 Common Vulnerability Scoring System: ==================================== 5.6 Introduction:...
Dell PacketTrap PSA 7.1 - Multiple Web Vulnerabilities
Document Title: =============== Dell PacketTrap PSA 7.1 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=790 Release Date: ============= 2013-07-17 Vulnerability Laboratory ID VL-ID: ==================================== 790...
Threat Outbreak Alert: Fake Contract Information Email Messages on June 22, 2013
Medium Alert ID: 29752 First Published: 2013 June 24 12:46 GMT Version: 1 Summary Cisco Security has detected significant activity related to German-language spam email messages that claim to contain contract information for the recipient. The text in the email message attempts to persuade the...
Threat Outbreak Alert: Fake Contract Information Email Messages on June 20, 2013
Medium Alert ID: 29736 First Published: 2013 June 20 18:53 GMT Version: 1 Summary Cisco Security has detected significant activity related to German-language spam email messages that claim to contain contract information for the recipient. The text in the email message attempts to persuade the...
LinkedIn Data Breach Lawsuit Dismissed
The professional networking site LinkedIn won a class-action lawsuit before it even went to trial after a judge this week dismissed claims from two premium users who maintained the company failed to provide the level of data security outlined in its privacy policy. Northern California U.S. Distri...
New Linux Rootkit Attacks Internet Users
Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of...
Layton Helpbox 4.4.0 Password Disclosure
Layton Helpbox 4.4.0 Password Disclosure Vulnerability by Joseph Sheridan Summary Layton Technologies Helpbox product version 4.4.0 is vulnerable to a password disclosure vulnerability in an error page. CVE number: CVE-2012-4976 Impact: High Vendor homepage: http://www.laytontechnology.com Vendor...