312 matches found
CVE-2023-30859 Spigot Command Exploit in Triton
Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to...
End the compliance management blues
Coalfire teamed up with one of the worlds leading security technology engineering firms, anecdotes, to expand Compliance Essentials capabilities - automating compliance workflows and risks, evidence collection, and audit execution. All within one platform...
Introducing Microservices Patterns with Spring Integration
Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today I’d like to share with a project I’m working on since holidays, where the mentioned...
This Week in Spring - SpringOne Essentials 2023 edition - January 24th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! Today is a very day for you see, today we kick off SpringOne Essentials, the online incarnation of SpringOne, online. Well see you live, on stream, in just a few hours!. SpringOne Essentials is going to be amazing, but before...
This Week in Spring - SpringOne Essentials 2023 edition - January 24th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! Today is a very day for you see, today we kick off SpringOne Essentials, the online incarnation of SpringOne, online. We'll see you live, on stream, in just a few hours!. SpringOne Essentials is going to be amazing, but befor...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to security bypass due to Spring Security (CVE-2022-31692)
Summary IBM Sterling Partner Engagement Manager has addressed a vulnerablity in Spring Security. Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to multiple issues due to IBM® SDK, Java™ Technology Edition ( CVE-2022-21541, CVE-2022-21540 )
Summary IBM Sterling Partner Engagement Manager has addressed all applicable Java SE CVEs published by Oracle as part of their July 2022 Critical Patch Update. Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to SQL injection attack (CVE-2022-40615)
Summary IBM Sterling Partner Engagement Manager has addressed a SQL injection vulnerability. Vulnerability Details CVEID:CVE-2022-40615 DESCRIPTION: IBM Sterling Partner Engagement Manager is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to sshd-core (CVE-2021-30129)
Summary IBM Sterling Partner Engagement Manager has addressed a vulnerablity in sshd-core. Vulnerability Details CVEID:CVE-2021-30129 DESCRIPTION: Apache Mina SSHD is vulnerable to a denial of service, caused by an OutOfMemory flaw in the SFTP and port forwarding features in sshd-core. By sending...
PT-2022-18936 · Tenable · Nessus Essentials +2
Name of the Vulnerable Software and Affected Versions: Nessus Essentials and Professional affected versions not specified Description: The issue allows an authenticated user with debug privileges to retrieve stored Nessus policy credentials from the "nessusd" process in cleartext via process...
CVE-2022-28291
Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to a denial of service due to Vmware Tanzu Spring Framework (CVE-2022-22971)
Summary IBM Sterling Partner Engagement Manager uses Vmware Tanzu Spring Framework that is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. The issue has been addressed. Vulnerability Details CVEID:CVE-2022-22971 DESCRIPTION: Vmware Tanzu Spring Framework ...
Security Bulletin: Security Vulnerability in IBM WebSphere Application Server (CVE-2015-1920) affects Asset and Service Management
Summary A vulnerability in WebSphere Application Server could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions. The vulnerability affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo...
Security Bulletin: IBM Maximo Asset Management contains a vulnerability that could allow a remote authenticated user to view ticket worklog entries that they should not have access to (CVE-2015-5016)
Summary IBM Maximo Asset Management contains a vulnerability that could allow a remote authenticated user to view ticket worklog entries that they should not have access to. This vulnerability could allow a local attacker to obtain sensitive information. The vulnerability affects Maximo Asset...
Security Bulletin: Security Vulnerability in IBM WebSphere Application Server (CVE-2015-4000) Affects Asset and Service Management
Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 may affect some configurations of IBM WebSphere Application Server. The vulnerability affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo f...
Security Bulletin: Potential denial of service may affect IBM HTTP Server on Windows (CVE-2015-1829), impacting Asset and Service Management
Summary There is a potential denial of service that may affect IBM HTTP Server on Windows CVE-2015-1829. To exploit the attack requires local access to the server system. The attack affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2017-1504)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to LDAP injection (CVE-2022-22360)
Summary IBM Sterling Partner Engagement Manager is vulnerable to LDAP injection. The issue has been addressed. Vulnerability Details CVEID:CVE-2022-22360 DESCRIPTION: IBM Sterling Partner Engagement Manager could allow a remote authenticated attacker to conduct an LDAP injection. By using a...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to cross-site request forgery (CVE-2022-22359)
Summary IBM Sterling Partner Engagement Manager could allow a remote attacker to enable Cross-Site Request Forgery CSRF on the system, caused by a parameter from a user request. The issue has been addressed. Vulnerability Details CVEID:CVE-2022-22359 DESCRIPTION: IBM Sterling Partner Engagement...
Prototype Pollution
jsgui-lang-essentials is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the llset function in the jsgui-lang-essentials.js and modify attributes such as proto, constructor, and prototype...